Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FileOpenInstaller.exe

Overview

General Information

Sample Name:FileOpenInstaller.exe
Analysis ID:800687
MD5:599ebd4af31288db879786f49bf9487d
SHA1:ee40630abcb1fe05051c3f832c72c2ee99722c35
SHA256:f469734bc576a00e113bc43b1b1a13de3c74f5370c5b9db8b9289bd9cf8aac31
Infos:

Detection

Score:16
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Obfuscated command line found
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Contains functionality to delete services
Contains functionality to query network adapater information

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is a service DLL but no service has been registered
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64native
  • FileOpenInstaller.exe (PID: 3304 cmdline: C:\Users\user\Desktop\FileOpenInstaller.exe MD5: 599EBD4AF31288DB879786F49BF9487D)
    • FileOpenInstaller.tmp (PID: 6536 cmdline: "C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe" MD5: B7988AC379CEAA456BAA3EF19EB55263)
      • sc.exe (PID: 4948 cmdline: "C:\Windows\system32\sc.exe" create FileOpenManager binpath= "\"C:\Program Files\FileOpen\Services\FileOpenManager64.exe\"" start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 3296 cmdline: "C:\Windows\system32\sc.exe" description FileOpenManager "FileOpen Client Manager" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 4300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 2492 cmdline: "C:\Windows\system32\sc.exe" start FileOpenManager MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • FileOpenBroker64.exe (PID: 5748 cmdline: C:\Program Files\FileOpen\Services\FileOpenBroker64.exe MD5: DE1A88EBE38A4EB36E2C88B1A69A0251)
      • AcroRd32.exe (PID: 7032 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" installcomplete.pdf MD5: 6791EAE6124B58F201B32F1F6C3EC1B0)
  • FileOpenManager64.exe (PID: 5084 cmdline: C:\Program Files\FileOpen\Services\FileOpenManager64.exe MD5: 2ACE6BC0F8B1752879AD54D4EA1938D9)
  • FileOpenBroker64.exe (PID: 5344 cmdline: "C:\Program Files\FileOpen\Services\FileOpenBroker64.exe" MD5: DE1A88EBE38A4EB36E2C88B1A69A0251)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: FileOpenInstaller.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1Jump to behavior
Source: unknownHTTPS traffic detected: 72.3.136.136:443 -> 192.168.11.20:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 72.3.136.132:443 -> 192.168.11.20:49804 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpenJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\is-NSHSA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\is-9KV5A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\examplesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\examples\is-5NKPI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\ServicesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\Services\is-JKV7N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\Services\is-FC998.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-02-07 #001.txtJump to behavior
Source: FileOpenInstaller.exeStatic PE information: certificate valid
Source: FileOpenInstaller.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBrokerTrace64.pdbj source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\AcroClient-WinInstallers\FileOpenInstallerExe\UtilDll\Release\UtilDll.pdb source: UtilDll.dll.4.dr, is-9KV5A.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBroker64.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenManager64.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003E70000.00000004.00001000.00020000.00000000.sdmp, FileOpenManager64.exe, 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmp, FileOpenManager64.exe, 0000000C.00000000.2731798759.00007FF600B07000.00000002.00000001.01000000.00000009.sdmp, is-FC998.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-Win32-RelWithDebInfo\RelWithDebInfo\FileOpenPlugin32.B998.pdb source: is-GV932.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBrokerTrace64.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBroker64.pdbi source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-Win32-RelWithDebInfo\RelWithDebInfo\FileOpenBrokerTrace32.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\FileOpenClient-dev\build-Win32-RelWithDebInfo\RelWithDebInfo\FileOpenManager32.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003E70000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1440 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,12_2_00007FF600AF1440
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1440 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,12_2_00007FF600AF1440
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1BA0 FindFirstFileExW,12_2_00007FF600AF1BA0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF203C FindFirstFileExW,FindNextFileW,FindClose,12_2_00007FF600AF203C
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0BC20 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,13_2_00007FF668E0BC20
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0BD50 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,13_2_00007FF668E0BD50
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E03E90 FindFirstFileA,FindNextFileA,FindClose,13_2_00007FF668E03E90
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E01130 FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindClose,13_2_00007FF668E01130
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E01470 FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindClose,13_2_00007FF668E01470
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0B900 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,13_2_00007FF668E0B900
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E12880 FindFirstFileA,CreateFileA,GetFileTime,CloseHandle,CopyFileA,FindNextFileA,FindClose,CloseHandle,13_2_00007FF668E12880
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0BC20 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,16_2_00007FF668E0BC20
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0BD50 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,16_2_00007FF668E0BD50
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E03E90 FindFirstFileA,FindNextFileA,FindClose,16_2_00007FF668E03E90
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E011F3 FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindClose,16_2_00007FF668E011F3
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E016AB FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindClose,16_2_00007FF668E016AB
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0B900 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,16_2_00007FF668E0B900
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E12880 FindFirstFileA,CreateFileA,GetFileTime,CloseHandle,CopyFileA,FindNextFileA,FindClose,CloseHandle,16_2_00007FF668E12880
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815621930.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drString found in binary or memory: http://fileopen.com
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drString found in binary or memory: http://fileopen.com/updates
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0H
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DD40000.00000004.00000020.00020000.00000000.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2817935948.0000021445E97000.00000004.00000020.00020000.00000000.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drString found in binary or memory: http://plugin.fileopen.com/.
Source: FileOpenBroker64.exe, 00000010.00000002.2817935948.0000021445E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://plugin.fileopen.com/.n
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: FileOpenInstaller.exe, is-FC998.tmp.4.dr, is-JKV7N.tmp.4.dr, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: is-GV932.tmp.4.drString found in binary or memory: http://www.fileopen.com/%s
Source: is-GV932.tmp.4.drString found in binary or memory: http://www.fileopen.com/%sPlugin
Source: FileOpenInstaller.exe, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://www.fileopen.com/0
Source: FileOpenInstaller.exe, 00000000.00000003.2795690428.000000000243E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2788287916.00000000025E1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fileopen.com/request-tech-support/
Source: FileOpenInstaller.exe, 00000000.00000003.2795690428.000000000243E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fileopen.com/request-tech-support/0A
Source: FileOpenInstaller.exe, 00000000.00000003.2483235521.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2499714116.0000000003650000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fileopen.com/request-tech-support/Zhttp://www.fileopen.com/request-tech-support/
Source: FileOpenInstaller.tmp, 00000004.00000003.2788287916.00000000025E1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fileopen.com/request-tech-support/q
Source: FileOpenInstaller.exe, 00000000.00000003.2487120202.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.exe, 00000000.00000003.2484508219.0000000002820000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000000.2493227668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://www.innosetup.com/
Source: FileOpenInstaller.exe, 00000000.00000003.2487120202.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.exe, 00000000.00000003.2484508219.0000000002820000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000000.2493227668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
Source: FileOpenInstaller.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA30000.00000004.00000020.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plugin.fileopen.com/
Source: FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plugin.fileopen.com//&
Source: FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plugin.fileopen.com/installcomplete.ashx?Request=DocPerm&Stamp=1675795218&Mode=CNR&USR=10007
Source: FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plugin.fileopen.com/installcomplete.ashx?Request=Setting&Stamp=1675795217&Mode=CNR&USR=10007
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://usr.fileopen.com/
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://usr.fileopen.com/_
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://usr.fileopen.com/check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUX
Source: unknownHTTP traffic detected: POST /check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUX+9uW5qs0U4Ek= HTTP/1.1Content-type: application/jsonUser-Agent: FileOpen ClientHost: usr.fileopen.comContent-Length: 1043Connection: Keep-AliveCache-Control: no-cache
Source: unknownDNS traffic detected: queries for: usr.fileopen.com
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E11A20 InternetOpenA,InternetOpenUrlA,GetLastError,InternetCloseHandle,InternetQueryDataAvailable,GetLastError,InternetReadFile,InternetCloseHandle,InternetCloseHandle,13_2_00007FF668E11A20
Source: global trafficHTTP traffic detected: GET /installcomplete.ashx?Request=Setting&Stamp=1675795217&Mode=CNR&USR=10007&ServiceID=InstallComplete&DocumentID=D-700&Ident3ID=number3&Ident4ID=number4&DocStrFmt=ASCII&PageCount=0&AdobePermanentId=fe2312a4b89fd64a94044c8c74baef85&AdobeInstanceId=7653cfff47f8504296a48ee78cc73a7d&OSType=Windows&Language=ENU&LngLCID=ENU&LngRFC1766=en&LngISO4Char=en-us&HostAppClass=FileOpen%20Plug-in&HostAppFeatures=001fff7f337ff3ff&Build=998&ProdVer=4.4.0.32&EncrVer=3.9.2.5&Machine=JC8RXKWL&Disk=E8LEL4BB&Uuid=dc8a5f3e-a716-11ed-a50d-d05099db2398&PrevMach=&PrevDisk=&FormHFT=Yes&SelServer=Yes&AcroProduct=Reader&AcroVersion=21.1792&AcroReader=Yes&AcroCanEdit=Yes&AcroPrefIDib=Yes&InBrowser=No&IEProtectedMode=Unknown&HostAppName=&DocIsLocal=Yes&DocPathUrl=file%3A%2F%2F%2FC%7C%2FProgram%20Files%2FFileOpen%2Fexamples%2Finstallcomplete.pdf&VolName=&VolType=Fixed&VolSN=1160136908&FSName=NTFS&FowpKbd=Yes&ScreenHook=Yes&Broker=Yes&RejectedDlls=&OSName=WindowsWin8%2064bit&OSBuild=Build%209200&RequestSchema=Default HTTP/1.1User-Agent: "Acrobat Reader FileOpen Plug-in"Host: plugin.fileopen.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installcomplete.ashx?Request=DocPerm&Stamp=1675795218&Mode=CNR&USR=10007&ServiceID=InstallComplete&DocumentID=D-700&Ident3ID=number3&Ident4ID=number4&DocStrFmt=ASCII&PageCount=0&AdobePermanentId=fe2312a4b89fd64a94044c8c74baef85&AdobeInstanceId=7653cfff47f8504296a48ee78cc73a7d&OSType=Windows&Language=ENU&LngLCID=ENU&LngRFC1766=en&LngISO4Char=en-us&HostAppClass=FileOpen%20Plug-in&HostAppFeatures=001fff7f337ff3ff&Build=998&ProdVer=4.4.0.32&EncrVer=3.9.2.5&Machine=JC8RXKWL&Disk=E8LEL4BB&Uuid=dc8a5f3e-a716-11ed-a50d-d05099db2398&FormHFT=Yes&SelServer=Yes&AcroProduct=Reader&AcroVersion=21.1792&AcroReader=Yes&AcroCanEdit=Yes&AcroPrefIDib=Yes&InBrowser=No&IEProtectedMode=Unknown&HostAppName=&DocIsLocal=Yes&DocPathUrl=file%3A%2F%2F%2FC%7C%2FProgram%20Files%2FFileOpen%2Fexamples%2Finstallcomplete.pdf&VolName=&VolType=Fixed&VolSN=1160136908&FSName=NTFS&FowpKbd=Yes&ScreenHook=Yes&Broker=Yes&RejectedDlls=&OSName=WindowsWin8%2064bit&OSBuild=Build%209200&RequestSchema=Default HTTP/1.1User-Agent: "Acrobat Reader FileOpen Plug-in"Host: plugin.fileopen.comConnection: Keep-AliveCache-Control: no-cache
Source: unknownHTTPS traffic detected: 72.3.136.136:443 -> 192.168.11.20:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 72.3.136.132:443 -> 192.168.11.20:49804 version: TLS 1.2
Source: FileOpenInstaller.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A768B012_2_00007FF600A768B0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA118012_2_00007FF600AA1180
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A7751012_2_00007FF600A77510
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8764012_2_00007FF600A87640
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AAA22412_2_00007FF600AAA224
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC421C12_2_00007FF600AC421C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADA15C12_2_00007FF600ADA15C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AFA2DC12_2_00007FF600AFA2DC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8E32012_2_00007FF600A8E320
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF626C12_2_00007FF600AF626C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF44EC12_2_00007FF600AF44EC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC448412_2_00007FF600AC4484
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600B006CC12_2_00007FF600B006CC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AEA72012_2_00007FF600AEA720
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC470012_2_00007FF600AC4700
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF44EC12_2_00007FF600AF44EC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC496812_2_00007FF600AC4968
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A7C9A012_2_00007FF600A7C9A0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AE6A6812_2_00007FF600AE6A68
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADEBD812_2_00007FF600ADEBD8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADABC812_2_00007FF600ADABC8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADECF412_2_00007FF600ADECF4
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC4C4812_2_00007FF600AC4C48
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADEE1412_2_00007FF600ADEE14
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AD0E0412_2_00007FF600AD0E04
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADEF3012_2_00007FF600ADEF30
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8EFE012_2_00007FF600A8EFE0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC4F3C12_2_00007FF600AC4F3C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600B050CC12_2_00007FF600B050CC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADD11012_2_00007FF600ADD110
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC521C12_2_00007FF600AC521C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADB18C12_2_00007FF600ADB18C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AEB2C812_2_00007FF600AEB2C8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AE528C12_2_00007FF600AE528C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8F42F12_2_00007FF600A8F42F
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8540012_2_00007FF600A85400
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AFD38412_2_00007FF600AFD384
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC54E812_2_00007FF600AC54E8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF144012_2_00007FF600AF1440
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AFB56812_2_00007FF600AFB568
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF144012_2_00007FF600AF1440
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC57C812_2_00007FF600AC57C8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF5AAC12_2_00007FF600AF5AAC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC3A7812_2_00007FF600AC3A78
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF7C0412_2_00007FF600AF7C04
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADDB5012_2_00007FF600ADDB50
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8DB4012_2_00007FF600A8DB40
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1BA012_2_00007FF600AF1BA0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC3CFC12_2_00007FF600AC3CFC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ADE00012_2_00007FF600ADE000
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AC3F9812_2_00007FF600AC3F98
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A75F8012_2_00007FF600A75F80
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD8DE013_2_00007FF668DD8DE0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0ED9813_2_00007FF668F0ED98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0F02C13_2_00007FF668F0F02C
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD818013_2_00007FF668DD8180
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0F6A013_2_00007FF668E0F6A0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DE764013_2_00007FF668DE7640
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD785013_2_00007FF668DD7850
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD5A1013_2_00007FF668DD5A10
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668EF997413_2_00007FF668EF9974
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DEDB3013_2_00007FF668DEDB30
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F2A95C13_2_00007FF668F2A95C
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E08B1013_2_00007FF668E08B10
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E23B1013_2_00007FF668E23B10
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F299B413_2_00007FF668F299B4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E22A7C13_2_00007FF668E22A7C
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E07A7013_2_00007FF668E07A70
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0FC4013_2_00007FF668F0FC40
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668EEEBEC13_2_00007FF668EEEBEC
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0ECB413_2_00007FF668F0ECB4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E1EBA013_2_00007FF668E1EBA0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F1CB9813_2_00007FF668F1CB98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0AC0413_2_00007FF668F0AC04
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E20DF013_2_00007FF668E20DF0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E01D5013_2_00007FF668E01D50
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F3FD9813_2_00007FF668F3FD98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E47EC013_2_00007FF668E47EC0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F29DB413_2_00007FF668F29DB4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E03E9013_2_00007FF668E03E90
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E1F02413_2_00007FF668E1F024
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E8BFF013_2_00007FF668E8BFF0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DEEFD013_2_00007FF668DEEFD0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0113013_2_00007FF668E01130
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F1FF9813_2_00007FF668F1FF98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E1822013_2_00007FF668E18220
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0928013_2_00007FF668F09280
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E5F1C013_2_00007FF668E5F1C0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E1F2F613_2_00007FF668E1F2F6
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DEE31013_2_00007FF668DEE310
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DEF41F13_2_00007FF668DEF41F
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DE540013_2_00007FF668DE5400
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E074F013_2_00007FF668E074F0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E094D013_2_00007FF668E094D0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F333AC13_2_00007FF668F333AC
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0B54013_2_00007FF668E0B540
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F3D5A413_2_00007FF668F3D5A4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E4A82013_2_00007FF668E4A820
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0D7D013_2_00007FF668E0D7D0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F0ED9816_2_00007FF668F0ED98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F0F02C16_2_00007FF668F0F02C
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD818016_2_00007FF668DD8180
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0F6A016_2_00007FF668E0F6A0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DE764016_2_00007FF668DE7640
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD5A1016_2_00007FF668DD5A10
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668EF997416_2_00007FF668EF9974
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DEDB3016_2_00007FF668DEDB30
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E08B1016_2_00007FF668E08B10
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F299B416_2_00007FF668F299B4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E07A7016_2_00007FF668E07A70
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F0FC4016_2_00007FF668F0FC40
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668EEEBEC16_2_00007FF668EEEBEC
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F0ECB416_2_00007FF668F0ECB4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E1EBA016_2_00007FF668E1EBA0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F1CB9816_2_00007FF668F1CB98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F0AC0416_2_00007FF668F0AC04
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD8DE016_2_00007FF668DD8DE0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E20DF016_2_00007FF668E20DF0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E01D5016_2_00007FF668E01D50
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E47EC016_2_00007FF668E47EC0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E03E9016_2_00007FF668E03E90
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E1F02416_2_00007FF668E1F024
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E8BFF016_2_00007FF668E8BFF0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DEEFD016_2_00007FF668DEEFD0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F1FF9816_2_00007FF668F1FF98
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E1822016_2_00007FF668E18220
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E011F316_2_00007FF668E011F3
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E1F2F616_2_00007FF668E1F2F6
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DEE31016_2_00007FF668DEE310
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DEF41F16_2_00007FF668DEF41F
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DE540016_2_00007FF668DE5400
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E074F016_2_00007FF668E074F0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E094D016_2_00007FF668E094D0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0B54016_2_00007FF668E0B540
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0D7D016_2_00007FF668E0D7D0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E3986016_2_00007FF668E39860
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD785016_2_00007FF668DD7850
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: String function: 00007FF668DDF490 appears 44 times
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: String function: 00007FF668DD7FE0 appears 60 times
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: String function: 00007FF668E003A0 appears 61 times
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: String function: 00007FF668DDB970 appears 48 times
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: String function: 00007FF668E5D2E0 appears 40 times
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: String function: 00007FF668E50CE0 appears 34 times
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: String function: 00007FF600AEC918 appears 48 times
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A768B0 GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,SetLastError,FindCloseChangeNotification,EnterCriticalSection,LeaveCriticalSection,LocalAlloc,NtCreatePort,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrlenA,LocalAlloc,lstrcpyA,CreateSemaphoreW,InitializeCriticalSection,CreateThread,CreateThread,SetThreadPriority,SetThreadPriority,EnterCriticalSection,LeaveCriticalSection,12_2_00007FF600A768B0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A77510 LocalAlloc,NtReplyWaitReceivePortEx,NtReplyWaitReceivePort,FindCloseChangeNotification,NtAcceptConnectPort,LocalFree,GetCurrentProcessId,LocalAlloc,NtAcceptConnectPort,LocalAlloc,LocalFree,NtCompleteConnectPort,SetEvent,EnterCriticalSection,LeaveCriticalSection,ReleaseSemaphore,LocalFree,NtAcceptConnectPort,LocalFree,LocalFree,LocalFree,12_2_00007FF600A77510
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A77AF0 EnterCriticalSection,LeaveCriticalSection,ReleaseSemaphore,NtConnectPort,LocalFree,WaitForSingleObject,TerminateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,SetEvent,WaitForSingleObject,CloseHandle,SetEvent,WaitForSingleObject,EnterCriticalSection,TerminateThread,CloseHandle,CloseHandle,LocalFree,LocalFree,LeaveCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,LocalFree,LocalFree,12_2_00007FF600A77AF0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A75F80 GetLastError,GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,CreateFileMappingW,MapViewOfFile,UnmapViewOfFile,NtConnectPort,CloseHandle,LocalFree,CloseHandle,GetCurrentProcessId,OpenProcess,OpenProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcessId,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,CloseHandle,ReleaseMutex,CloseHandle,CloseHandle,SetLastError,12_2_00007FF600A75F80
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD8DE0 LocalAlloc,NtReplyWaitReceivePortEx,NtReplyWaitReceivePort,CloseHandle,NtAcceptConnectPort,LocalFree,GetCurrentProcessId,LocalAlloc,NtAcceptConnectPort,LocalAlloc,LocalFree,NtCompleteConnectPort,SetEvent,EnterCriticalSection,LeaveCriticalSection,ReleaseSemaphore,LocalFree,NtAcceptConnectPort,LocalFree,LocalFree,LocalFree,13_2_00007FF668DD8DE0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD8180 GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,SetLastError,FindCloseChangeNotification,EnterCriticalSection,LeaveCriticalSection,LocalAlloc,NtCreatePort,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrlenA,LocalAlloc,lstrcpyA,CreateSemaphoreW,InitializeCriticalSection,CreateThread,CreateThread,SetThreadPriority,SetThreadPriority,EnterCriticalSection,LeaveCriticalSection,13_2_00007FF668DD8180
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD7850 GetLastError,GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,CreateFileMappingW,MapViewOfFile,UnmapViewOfFile,NtConnectPort,CloseHandle,LocalFree,CloseHandle,GetCurrentProcessId,OpenProcess,OpenProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcessId,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,CloseHandle,ReleaseMutex,CloseHandle,CloseHandle,SetLastError,13_2_00007FF668DD7850
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD93C0 EnterCriticalSection,LeaveCriticalSection,ReleaseSemaphore,NtConnectPort,LocalFree,WaitForSingleObject,TerminateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,SetEvent,WaitForSingleObject,CloseHandle,SetEvent,WaitForSingleObject,EnterCriticalSection,TerminateThread,CloseHandle,CloseHandle,LocalFree,LocalFree,LeaveCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,LocalFree,LocalFree,13_2_00007FF668DD93C0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD8180 GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,SetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,LocalAlloc,NtCreatePort,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrlenA,LocalAlloc,lstrcpyA,CreateSemaphoreW,InitializeCriticalSection,CreateThread,CreateThread,SetThreadPriority,SetThreadPriority,EnterCriticalSection,LeaveCriticalSection,16_2_00007FF668DD8180
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD8DE0 LocalAlloc,NtReplyWaitReceivePortEx,NtReplyWaitReceivePort,CloseHandle,NtAcceptConnectPort,LocalFree,GetCurrentProcessId,LocalAlloc,NtAcceptConnectPort,LocalAlloc,LocalFree,NtCompleteConnectPort,SetEvent,EnterCriticalSection,LeaveCriticalSection,ReleaseSemaphore,LocalFree,NtAcceptConnectPort,LocalFree,LocalFree,LocalFree,16_2_00007FF668DD8DE0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD93C0 EnterCriticalSection,LeaveCriticalSection,ReleaseSemaphore,NtConnectPort,LocalFree,WaitForSingleObject,TerminateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,SetEvent,WaitForSingleObject,CloseHandle,SetEvent,WaitForSingleObject,EnterCriticalSection,TerminateThread,CloseHandle,CloseHandle,LocalFree,LocalFree,LeaveCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,LocalFree,LocalFree,16_2_00007FF668DD93C0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD7850 GetLastError,GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,CreateFileMappingW,MapViewOfFile,UnmapViewOfFile,NtConnectPort,CloseHandle,LocalFree,CloseHandle,GetCurrentProcessId,OpenProcess,OpenProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcessId,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,CloseHandle,ReleaseMutex,CloseHandle,CloseHandle,SetLastError,16_2_00007FF668DD7850
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A8E320: LocalAlloc,CreateFileW,CreateEventW,GetCurrentThreadId,DeviceIoControl,GetLastError,WaitForMultipleObjects,GetOverlappedResult,LocalAlloc,LocalAlloc,OpenProcess,CloseHandle,LocalFree,LocalFree,ResetEvent,CancelIo,CloseHandle,CloseHandle,LocalFree,CloseHandle,EnterCriticalSection,LeaveCriticalSection,LocalFree,LocalFree,SetEvent,12_2_00007FF600A8E320
Source: FileOpenInstaller.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-NSHSA.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-FC998.tmp.4.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 2K dictionary
Source: FileOpenInstaller.exe, 00000000.00000000.2482388575.0000000000541000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs FileOpenInstaller.exe
Source: FileOpenInstaller.exe, 00000000.00000003.2484508219.0000000002905000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs FileOpenInstaller.exe
Source: FileOpenInstaller.exe, 00000000.00000003.2795690428.0000000002448000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs FileOpenInstaller.exe
Source: FileOpenInstaller.exe, 00000000.00000003.2487120202.000000007FE31000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs FileOpenInstaller.exe
Source: FileOpenInstaller.exeBinary or memory string: OriginalFileName vs FileOpenInstaller.exe
Source: is-FC998.tmp.4.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 2K dictionary
Source: C:\Users\user\Desktop\FileOpenInstaller.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpSection loaded: edgegdi.dllJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A895C0 OpenSCManagerW,OpenServiceW,DeleteService,GetLastError,CloseServiceHandle,SetLastError,GetLastError,CloseServiceHandle,SetLastError,12_2_00007FF600A895C0
Source: C:\Users\user\Desktop\FileOpenInstaller.exeFile read: C:\Users\user\Desktop\FileOpenInstaller.exeJump to behavior
Source: C:\Users\user\Desktop\FileOpenInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\FileOpenInstaller.exe C:\Users\user\Desktop\FileOpenInstaller.exe
Source: C:\Users\user\Desktop\FileOpenInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe"
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create FileOpenManager binpath= "\"C:\Program Files\FileOpen\Services\FileOpenManager64.exe\"" start= auto
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" description FileOpenManager "FileOpen Client Manager"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start FileOpenManager
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files\FileOpen\Services\FileOpenManager64.exe C:\Program Files\FileOpen\Services\FileOpenManager64.exe
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Program Files\FileOpen\Services\FileOpenBroker64.exe C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" installcomplete.pdf
Source: unknownProcess created: C:\Program Files\FileOpen\Services\FileOpenBroker64.exe "C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"
Source: C:\Users\user\Desktop\FileOpenInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create FileOpenManager binpath= "\"C:\Program Files\FileOpen\Services\FileOpenManager64.exe\"" start= autoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" description FileOpenManager "FileOpen Client Manager" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start FileOpenManagerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Program Files\FileOpen\Services\FileOpenBroker64.exe C:\Program Files\FileOpen\Services\FileOpenBroker64.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" installcomplete.pdfJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A7A260 GetCurrentProcess,OpenProcessToken,GetTokenInformation,LocalAlloc,GetTokenInformation,LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,AdjustTokenPrivileges,LocalFree,FindCloseChangeNotification,12_2_00007FF600A7A260
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668DD6F80 GetCurrentProcess,OpenProcessToken,GetTokenInformation,LocalAlloc,GetTokenInformation,LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,AdjustTokenPrivileges,LocalFree,FindCloseChangeNotification,13_2_00007FF668DD6F80
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668DD6F80 GetCurrentProcess,OpenProcessToken,GetTokenInformation,LocalAlloc,GetTokenInformation,LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,AdjustTokenPrivileges,LocalFree,FindCloseChangeNotification,16_2_00007FF668DD6F80
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\FileOpenInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmpJump to behavior
Source: classification engineClassification label: clean16.winEXE@19/50@2/2
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: OpenSCManagerW,OpenServiceW,GetLastError,CloseServiceHandle,SetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,SetLastError,12_2_00007FF600A89310
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: OpenSCManagerA,GetLastError,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,12_2_00007FF600AA1A60
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: OpenSCManagerW,OpenServiceW,GetLastError,CloseServiceHandle,SetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,SetLastError,13_2_00007FF668DE9300
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: OpenSCManagerW,OpenServiceW,GetLastError,CloseServiceHandle,SetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,SetLastError,16_2_00007FF668DE9300
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: SELECT tbl_name FROM sqlite_master WHERE type='table' AND name='%s';
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET = WHERE %s = %d AND %s = '%s';fotkSqliteStorage.cpp:%d. SetLibSqliteDbGdpr - Can't sqlite3_step a '%s' row. Result code %d - Err message '%s'.
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: UPDATE %s SET %s = %u WHERE %s = %d AND %s = '%s';
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT * FROM %s WHERE pubId = %d AND url = '%s';fotkSqliteStorage.cpp:%d. GetLibSqliteDbGdpr - Can't sqlite3_prepare_v2 a '%s' statement. Result code %d - Err message '%s'.
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT idx FROM %s WHERE pubId = %d AND url = '%s';fotkSqliteStorage.cpp:%d. SetLibSqliteDbGdpr. query '%s'
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT sql FROM sqlite_master WHERE type='table' AND name = '%s';gdprGDPRfotkLibSqliteSchema.cpp.
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %s (,) VALUES ('datetime('now')%u);fotkSqliteStorage.cpp:%d. SetLibSqliteDbGdpr. The Gdpr database must be updated.
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: SELECT sql FROM sqlite_master WHERE type='table' AND name = '%s';
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: SELECT idx FROM %s WHERE pubId = %d AND url = '%s';
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: SELECT * FROM %s WHERE pubId = %d AND url = '%s';
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT %s FROM %s WHERE %s = %d AND %s = '%s';fotkSqliteStorage.cpp:%d. GetLibSqliteDbGdprState. query '%s'
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT * FROM sqlite_master;
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT tbl_name FROM sqlite_master WHERE type='table' AND name='%s';SqliteCookies.cpp:%d. GetSqliteDbCookieContent - SQL '%s' returns error '%s'.
Source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %s SET %s = %u WHERE %s = %d AND %s = '%s';fotkSqliteStorage.cpp:%d. SetLibSqliteDbGdprState. query '%s'
Source: FileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drBinary or memory string: SELECT %s FROM %s WHERE %s = %d AND %s = '%s';
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA1390 WTSGetActiveConsoleSessionId,lstrcmpiA,StartServiceCtrlDispatcherA,12_2_00007FF600AA1390
Source: C:\Users\user\Desktop\FileOpenInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\FileOpenInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA1390 WTSGetActiveConsoleSessionId,lstrcmpiA,StartServiceCtrlDispatcherA,12_2_00007FF600AA1390
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA0EE0 CreateToolhelp32Snapshot,CloseHandle,CloseHandle,12_2_00007FF600AA0EE0
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeMutant created: \Sessions\1\BaseNamedObjects\Ipc2Cnt$1674Mutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3300:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3300:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3208:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4300:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4300:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3208:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpenJump to behavior
Source: FileOpenInstaller.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1Jump to behavior
Source: FileOpenInstaller.exeStatic file information: File size 6831336 > 1048576
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpenJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\is-NSHSA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\is-9KV5A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\examplesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\examples\is-5NKPI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\ServicesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\Services\is-JKV7N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\Services\is-FC998.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDirectory created: C:\Program Files\FileOpen\unins000.msgJump to behavior
Source: FileOpenInstaller.exeStatic PE information: certificate valid
Source: FileOpenInstaller.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBrokerTrace64.pdbj source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\AcroClient-WinInstallers\FileOpenInstallerExe\UtilDll\Release\UtilDll.pdb source: UtilDll.dll.4.dr, is-9KV5A.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBroker64.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenManager64.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003E70000.00000004.00001000.00020000.00000000.sdmp, FileOpenManager64.exe, 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmp, FileOpenManager64.exe, 0000000C.00000000.2731798759.00007FF600B07000.00000002.00000001.01000000.00000009.sdmp, is-FC998.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-Win32-RelWithDebInfo\RelWithDebInfo\FileOpenPlugin32.B998.pdb source: is-GV932.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBrokerTrace64.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\FileOpenClient-dev\build-x64-RelWithDebInfo\RelWithDebInfo\FileOpenBroker64.pdbi source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr
Source: Binary string: C:\dev\FileOpenClient-dev\build-Win32-RelWithDebInfo\RelWithDebInfo\FileOpenBrokerTrace32.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\dev\FileOpenClient-dev\build-Win32-RelWithDebInfo\RelWithDebInfo\FileOpenManager32.pdb source: FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003E70000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Obfuscated command line found
Source: C:\Users\user\Desktop\FileOpenInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe"
Source: C:\Users\user\Desktop\FileOpenInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe" Jump to behavior
Source: FileOpenInstaller.exeStatic PE information: section name: .didata
Source: FileOpenInstaller.tmp.0.drStatic PE information: section name: .didata
Source: is-NSHSA.tmp.4.drStatic PE information: section name: .didata
Source: is-JKV7N.tmp.4.drStatic PE information: section name: _RDATA
Source: is-FC998.tmp.4.drStatic PE information: section name: _RDATA
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A75A00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,AllocateAndInitializeSid,LocalFree,FreeSid,FreeSid,LocalFree,FreeLibrary,12_2_00007FF600A75A00
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\Services\is-FC998.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\Services\is-JKV7N.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\is-NSHSA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\is-9KV5A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\UtilDll.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\UtilDll.dllJump to dropped file
Source: C:\Users\user\Desktop\FileOpenInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\is-GV932.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\FileOpen.api (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Program Files\FileOpen\Services\FileOpenManager64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2023-02-07 #001.txtJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA1390 WTSGetActiveConsoleSessionId,lstrcmpiA,StartServiceCtrlDispatcherA,12_2_00007FF600AA1390
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FileOpenBrokerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FileOpenBrokerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create FileOpenManager binpath= "\"C:\Program Files\FileOpen\Services\FileOpenManager64.exe\"" start= auto
Source: C:\Users\user\Desktop\FileOpenInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDropped PE file which has not been started: C:\Program Files\FileOpen\is-9KV5A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\is-GV932.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_13-46735
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-55662
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeAPI coverage: 6.5 %
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeAPI coverage: 7.7 %
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeAPI coverage: 3.5 %
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,GetAdaptersInfo,FreeLibrary,FreeLibrary,FreeLibrary,13_2_00007FF668E963D0
Source: C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA0FD0 GetSystemInfo,12_2_00007FF600AA0FD0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1440 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,12_2_00007FF600AF1440
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1440 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,12_2_00007FF600AF1440
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF1BA0 FindFirstFileExW,12_2_00007FF600AF1BA0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AF203C FindFirstFileExW,FindNextFileW,FindClose,12_2_00007FF600AF203C
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0BC20 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,13_2_00007FF668E0BC20
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0BD50 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,13_2_00007FF668E0BD50
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E03E90 FindFirstFileA,FindNextFileA,FindClose,13_2_00007FF668E03E90
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E01130 FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindClose,13_2_00007FF668E01130
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E01470 FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindClose,13_2_00007FF668E01470
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E0B900 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,13_2_00007FF668E0B900
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E12880 FindFirstFileA,CreateFileA,GetFileTime,CloseHandle,CopyFileA,FindNextFileA,FindClose,CloseHandle,13_2_00007FF668E12880
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0BC20 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,16_2_00007FF668E0BC20
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0BD50 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,16_2_00007FF668E0BD50
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E03E90 FindFirstFileA,FindNextFileA,FindClose,16_2_00007FF668E03E90
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E011F3 FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindNextFileA,GetLastError,FindClose,FindClose,16_2_00007FF668E011F3
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E016AB FindNextFileA,GetLastError,FindClose,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindFirstFileA,GetLastError,FindClose,16_2_00007FF668E016AB
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E0B900 FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,16_2_00007FF668E0B900
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E12880 FindFirstFileA,CreateFileA,GetFileTime,CloseHandle,CopyFileA,FindNextFileA,FindClose,CloseHandle,16_2_00007FF668E12880
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DD8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DD8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWI
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA66D8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF600AA66D8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A75A00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,AllocateAndInitializeSid,LocalFree,FreeSid,FreeSid,LocalFree,FreeLibrary,12_2_00007FF600A75A00
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A7E1D0 GetProcessHeap,HeapAlloc,12_2_00007FF600A7E1D0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA618C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF600AA618C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA66D8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF600AA66D8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA68C0 SetUnhandledExceptionFilter,12_2_00007FF600AA68C0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600ACDEE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF600ACDEE4
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668E9D990 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF668E9D990
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F14010 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF668F14010
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668E9D990 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00007FF668E9D990
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 16_2_00007FF668F14010 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00007FF668F14010
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A87640 GetModuleHandleA,GetProcAddress,AllocateAndInitializeSid,AllocateAndInitializeSid,GetCurrentProcess,AllocateAndInitializeSid,SetEntriesInAclA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,FreeSid,FreeSid,FreeSid,LocalFree,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,12_2_00007FF600A87640
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A87640 GetModuleHandleA,GetProcAddress,AllocateAndInitializeSid,AllocateAndInitializeSid,GetCurrentProcess,AllocateAndInitializeSid,SetEntriesInAclA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,FreeSid,FreeSid,FreeSid,LocalFree,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,12_2_00007FF600A87640
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkLsts.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkLngs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkCnfs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkDrs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkPrs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkRds.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkNis.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkBus.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_de.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_fr.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_zh.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_ja.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkLsts.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkLngs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkCnfs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkDrs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkPrs.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkRds.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkNis.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\Lists\fotkBus.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_de.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_fr.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_zh.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeQueries volume information: C:\ProgramData\FileOpen\Updates\L10n\fotk_ja.lcd VolumeInformationJump to behavior
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,12_2_00007FF600AEC1C8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,12_2_00007FF600AF8220
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,12_2_00007FF600AEC2EC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,12_2_00007FF600AEC368
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,12_2_00007FF600AF85F0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,12_2_00007FF600AF856C
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,12_2_00007FF600AF86C0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,12_2_00007FF600AF8780
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: GetLocaleInfoW,12_2_00007FF600AF89CC
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_00007FF600AF8B24
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: GetLocaleInfoW,12_2_00007FF600AF8BF8
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_00007FF600AF8D24
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: GetLocaleInfoW,12_2_00007FF600AED2B4
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600B046C0 cpuid 12_2_00007FF600B046C0
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600AA6538 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_00007FF600AA6538
Source: C:\Program Files\FileOpen\Services\FileOpenBroker64.exeCode function: 13_2_00007FF668F0ED98 GetTimeZoneInformation,13_2_00007FF668F0ED98
Source: C:\Program Files\FileOpen\Services\FileOpenManager64.exeCode function: 12_2_00007FF600A7A230 GetVersion,12_2_00007FF600A7A230

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts12
Command and Scripting Interpreter		16
Windows Service		1
Access Token Manipulation		3
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts13
Service Execution		1
Registry Run Keys / Startup Folder		16
Windows Service		1
Access Token Manipulation		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts2
Native API		1
DLL Side-Loading		1
Process Injection		1
Process Injection		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)1
Registry Run Keys / Startup Folder		11
Deobfuscate/Decode Files or Information		NTDS2
System Owner/User Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer4
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon Script1
DLL Side-Loading		1
Obfuscated Files or Information		LSA Secrets1
System Network Configuration Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
DLL Side-Loading		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync34
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 800687 Sample: FileOpenInstaller.exe Startdate: 07/02/2023 Architecture: WINDOWS Score: 16 44 usr.fileopen.com 2->44 46 plugin.fileopen.com 2->46 8 FileOpenInstaller.exe 2 2->8         started        12 FileOpenBroker64.exe 2->12         started        14 FileOpenManager64.exe 2->14         started        process3 file4 42 C:\Users\user\...\FileOpenInstaller.tmp, PE32 8->42 dropped 52 Obfuscated command line found 8->52 16 FileOpenInstaller.tmp 26 41 8->16         started        signatures5 process6 file7 34 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 16->34 dropped 36 C:\Users\user\AppData\Local\...\UtilDll.dll, PE32 16->36 dropped 38 C:\Program Files\...\unins000.exe (copy), PE32 16->38 dropped 40 9 other files (none is malicious) 16->40 dropped 19 FileOpenBroker64.exe 2 19 16->19         started        22 sc.exe 1 16->22         started        24 sc.exe 1 16->24         started        26 2 other processes 16->26 process8 dnsIp9 48 plugin.fileopen.com 72.3.136.132, 443, 49804, 49805 RMH-14US United States 19->48 50 usr.fileopen.com 72.3.136.136, 443, 49803 RMH-14US United States 19->50 28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        32 conhost.exe 26->32         started        process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
FileOpenInstaller.exe0%VirustotalBrowse
FileOpenInstaller.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\FileOpen.api (copy)2%ReversingLabs
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\FileOpen.api (copy)0%VirustotalBrowse
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\is-GV932.tmp2%ReversingLabs
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\is-GV932.tmp0%VirustotalBrowse
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (copy)0%ReversingLabs
C:\Program Files\FileOpen\Services\FileOpenManager64.exe (copy)0%ReversingLabs
C:\Program Files\FileOpen\Services\is-FC998.tmp0%ReversingLabs
C:\Program Files\FileOpen\Services\is-JKV7N.tmp0%ReversingLabs
C:\Program Files\FileOpen\UtilDll.dll (copy)0%ReversingLabs
C:\Program Files\FileOpen\is-9KV5A.tmp0%ReversingLabs
C:\Program Files\FileOpen\is-NSHSA.tmp0%ReversingLabs
C:\Program Files\FileOpen\unins000.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\UtilDll.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.remobjects.com/ps0%Avira URL Cloudsafe
http://www.innosetup.com/0%Avira URL Cloudsafe
http://www.innosetup.com/3%VirustotalBrowse
http://www.remobjects.com/ps1%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
usr.fileopen.com
72.3.136.136
truefalse
    		high
    plugin.fileopen.com
    		72.3.136.132
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://usr.fileopen.com/check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUX+9uW5qs0U4Ek=false
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.innosetup.com/FileOpenInstaller.exe, 00000000.00000003.2487120202.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.exe, 00000000.00000003.2484508219.0000000002820000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000000.2493227668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drfalse
        • 3%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://fileopen.com/updatesFileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drfalse
          		high
          https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUFileOpenInstaller.exefalse
            		high
            http://www.fileopen.com/request-tech-support/FileOpenInstaller.exe, 00000000.00000003.2795690428.000000000243E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2788287916.00000000025E1000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://usr.fileopen.com/check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUXFileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.fileopen.com/request-tech-support/Zhttp://www.fileopen.com/request-tech-support/FileOpenInstaller.exe, 00000000.00000003.2483235521.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2499714116.0000000003650000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://fileopen.comFileOpenBroker64.exe, FileOpenBroker64.exe, 00000010.00000000.2815621930.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drfalse
                    		high
                    http://www.fileopen.com/request-tech-support/qFileOpenInstaller.tmp, 00000004.00000003.2788287916.00000000025E1000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      http://plugin.fileopen.com/.FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003C5E000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003AB5000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000003.2775176990.0000000003A30000.00000004.00001000.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000000.2735368706.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DD40000.00000004.00000020.00020000.00000000.sdmp, FileOpenBroker64.exe, 00000010.00000000.2815055164.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, FileOpenBroker64.exe, 00000010.00000002.2817935948.0000021445E97000.00000004.00000020.00020000.00000000.sdmp, FileOpenBroker64.exe, 00000010.00000002.2820538293.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmp, is-JKV7N.tmp.4.dr, is-GV932.tmp.4.drfalse
                        		high
                        http://www.fileopen.com/%sPluginis-GV932.tmp.4.drfalse
                          		high
                          http://www.fileopen.com/0FileOpenInstaller.exe, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drfalse
                            		high
                            http://www.fileopen.com/request-tech-support/0AFileOpenInstaller.exe, 00000000.00000003.2795690428.000000000243E000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://plugin.fileopen.com/installcomplete.ashx?Request=DocPerm&Stamp=1675795218&Mode=CNR&USR=10007FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.remobjects.com/psFileOpenInstaller.exe, 00000000.00000003.2487120202.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.exe, 00000000.00000003.2484508219.0000000002820000.00000004.00001000.00020000.00000000.sdmp, FileOpenInstaller.tmp, 00000004.00000000.2493227668.0000000000401000.00000020.00000001.01000000.00000005.sdmp, is-NSHSA.tmp.4.dr, FileOpenInstaller.tmp.0.drfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://plugin.fileopen.com/installcomplete.ashx?Request=Setting&Stamp=1675795217&Mode=CNR&USR=10007FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://usr.fileopen.com/_FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://usr.fileopen.com/FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fileopen.com/%sis-GV932.tmp.4.drfalse
                                        		high
                                        http://plugin.fileopen.com/.nFileOpenBroker64.exe, 00000010.00000002.2817935948.0000021445E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://plugin.fileopen.com/FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA30000.00000004.00000020.00020000.00000000.sdmp, FileOpenBroker64.exe, 0000000D.00000002.3718619772.000002253DDD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://plugin.fileopen.com//&FileOpenBroker64.exe, 0000000D.00000002.3720780457.000002253FA30000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              72.3.136.136
                                              		usr.fileopen.comUnited States
                                              		33070RMH-14USfalse
                                              72.3.136.132
                                              		plugin.fileopen.comUnited States
                                              		33070RMH-14USfalse

                                              General Information

                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                              Analysis ID:800687
                                              Start date and time:2023-02-07 18:37:52 +01:00
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 9m 18s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                              Run name:Potential for more IOCs and behavior
                                              Number of analysed new started processes analysed:19
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample file name:FileOpenInstaller.exe
                                              Detection:CLEAN
                                              Classification:clean16.winEXE@19/50@2/2
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HDC Information:
                                              • Successful, ratio: 99.2% (good quality ratio 85%)
                                              • Quality average: 65.4%
                                              • Quality standard deviation: 35.9%
                                              HCA Information:
                                              • Successful, ratio: 64%
                                              • Number of executed functions: 54
                                              • Number of non-executed functions: 239
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, UsoClient.exe
                                              • Excluded IPs from analysis (whitelisted): 2.19.126.92, 2.19.126.76, 2.21.22.155, 2.21.22.179
                                              • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, wdcp.microsoft.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              18:40:11AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run FileOpenBroker "C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              RMH-14UShttps://track.hcgmedia.com/tracking/display-ad-click/?daguid=1657052201812CUFZCR&dsid=74320226278278607&pubid=329&dt=p&adtype=3&uid=165705220181221&redirect=http%253a%252f%252fF6VCI4-37e1142889e487dc0de83de47141ede4.zihanxhmed.com/?c2hhd24uc2NoaW1wYUBlbWJlcnJ2LmNvbQ==Get hashmaliciousBrowse
                                              • 66.216.81.1
                                              https://track.hcgmedia.com/tracking/display-ad-click/?daguid=1657052201812CUFZCR&dsid=74320226278278607&pubid=329&dt=p&adtype=3&uid=165705220181221&redirect=http%253a%252f%252fF6VCI4-37e1142889e487dc0de83de47141ede4.zihanxhmed.com/?c2hhd24uc2NoaW1wYUBlbWJlcnJ2LmNvbQ==Get hashmaliciousBrowse
                                              • 66.216.81.1
                                              tnUHVfFpH6.elfGet hashmaliciousBrowse
                                              • 98.129.21.84
                                              bJbRdb7neW.elfGet hashmaliciousBrowse
                                              • 65.61.168.131
                                              message_zdm.htmlGet hashmaliciousBrowse
                                              • 72.32.12.81
                                              wi86ITwOSn.elfGet hashmaliciousBrowse
                                              • 108.171.188.243
                                              E3PqGaDcku.elfGet hashmaliciousBrowse
                                              • 98.129.69.11
                                              Remittance Advice.htmlGet hashmaliciousBrowse
                                              • 72.32.12.81
                                              oTXggqxPjP.elfGet hashmaliciousBrowse
                                              • 98.129.69.12
                                              aLgtAkS6Jw.elfGet hashmaliciousBrowse
                                              • 72.32.27.136
                                              wQLQ5hiItP.elfGet hashmaliciousBrowse
                                              • 166.78.33.49
                                              VJ9GeNmU5U.elfGet hashmaliciousBrowse
                                              • 98.129.190.127
                                              gL5vZH3AvK.elfGet hashmaliciousBrowse
                                              • 72.232.133.220
                                              https://survey.us.confirmit.com/wix/p3083813725.aspx?__sid__=HjEn4YmRtcswIiiAf5YafF7VkUaszOHJEog9MoIorEYYvt0pZ_4EHHdPVTZlaZV2Q_8F7BvA2zlXOsmZ3Mo4hw2Get hashmaliciousBrowse
                                              • 72.3.137.178
                                              ZG11Q8WGTS.elfGet hashmaliciousBrowse
                                              • 166.78.145.11
                                              7DFa9S1kbA.elfGet hashmaliciousBrowse
                                              • 72.32.217.93
                                              4zmosWMwgE.elfGet hashmaliciousBrowse
                                              • 198.101.197.63
                                              Mddos.x86.elfGet hashmaliciousBrowse
                                              • 23.253.246.23
                                              T4IyxAskuY.elfGet hashmaliciousBrowse
                                              • 72.233.46.29
                                              SecuriteInfo.com.Linux.Siggen.9999.7635.14049.elfGet hashmaliciousBrowse
                                              • 72.32.230.61

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              37f463bf4616ecd445d4a1937da06e19Benefit_Enrollment.htmlGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              https://sites.google.com/view/southeasternchestercountyrefus/homeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              notes.oneGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              ACH_Electronic_Deposit.shtmlGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              A7l7B2E3Ek.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              Application_debloated.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              https://app.box.com/s/e25h4kyxp2a0bapw0cw6hszdjtzocatpGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              http://www.derp7.cf/Get hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              200333852-042536-sanlccjavap0004-4332.pdf.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              file.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              elementrv Remittance.htmlGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              AR_STATEMENT_13740_ARIHANT ELECTRI_02JEN06_115700.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              https://www.googleadservices.com/pagead/aclk?sa=L&ai=CkwvK0P_hY8HmHqzkn88PyfuFuAWgo7fvbs6fqp-VEZGs05XEOBABIIHZ_iFgyQagAZOftLAoyAEJqQLjAdLjEvh5PqgDAcgDywSqBNcBT9DF_iX400IybEW3Pr6wAP-unvMjI3QSAapE6PY1e4nW5NWKB41op30pMboy0XCoPrXu7CNTcCMGeey1XtmKUgKbua3PEd7d8iSVBezN1_nZqT0JcBzMecORTxu_F8eCphEg6iih3KhpzzdErNKbKHo4QV0ywpPFvMuZ3jo2yS4wpXHFiWkk5VTaH9WZi4OenRX7ZqzE2P8_pKVLM30PUS0k-HTbrJJ-9SAoN4qZ0SoufwzHZ2CbVg2_WHfzg3cj_ZXuCwBLBhnHmi0ale5VhZw_d81os6TABPq-rLGbBKAGLoAHnKTY_QOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggPCIBhEAEYHzICigI6AoBAsQkBrnSxVCnjCIAKAZgLAcgLAYAMAbgMAdgTDNAVAfgWAYAXAQ&ae=1&num=1&cid=CAQSOwDUE5ymZxT0dLU_6yG71JZyq7bVZF3KxZaaSOrqGKatE9XZNh61FPPUu9DHSG-OenQe7WgVmA55if6mGAE&sig=AOD64_1lTBUid_DTEGtbwCI40J1FZksITw&client=ca-pub-9816945270938969&rf=1&nb=9&adurl=http://nu.fekru.rlntlss.net%3A%2F%2F%23aHR0cHM6Ly9teWZhbWlseWFjdS5jb20vbmV3L2F1dGgvQ29uZGVuYXN0L2tlZWxleS5rbm93bGVzQGNvbmRlbmFzdC5jby51aw==Get hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              JUSTIFICANTE DE TRANSFERENCIA.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              https://googleweblight.com/i?u=https%3a%2f%2feu2concur.web.app%2fjr9s0h3rbF4z5kQ5kQa51r9sF4zn5kQF4zrs5kQa5kQF4zbankd07r9s0h3nW1&c=212221Get hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              95543.htmlGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              Please DocuSign - Documents Pending eSignature.htmlGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              ePaQLI5RyP.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              z3tYlqYItl.exeGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132
                                              file.vbsGet hashmaliciousBrowse
                                              • 72.3.136.136
                                              • 72.3.136.132

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\FileOpen.api (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):2241536
                                              Entropy (8bit):6.648410638768628
                                              Encrypted:false
                                              SSDEEP:49152:BusBOEuaRuJCN0900HR88Pix+oiDMpyQmdVqyWy9vSL6TzjolA:BuswEuaRzN090MRnP/fqyWyBS
                                              MD5:319DDB9C9900DD2BDFE2AF7009BF3A83
                                              SHA1:B5F8BB5055F944DFBC38720BC30C2747F2989116
                                              SHA-256:491673ED8FB7AFCF76204DD82079B365F4CD03EBC31452A40D45AA0F952038A5
                                              SHA-512:DFBBFCF35F39195C326AE7CA2B36224C460B4231AFA042562CE0DA0664316A5068A3BD7544937B53C6167412041DF7D0DB14612FFD11540D097998B52F060E1A
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 2%
                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............................................................................1....................}.......}.......}.......}.y.............}.......Rich....................PE..L......b...........!.........r................................................*.......................................................).......................).0.......T...............................@...............|............................text............................... ..`.rdata..............................@..@.data............L..................@....rsrc.........)...... !.............@..@.reloc..0.....)......2!.............@..B................................................................................................................................................................................................................................................................

                                              C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\is-GV932.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):2241536
                                              Entropy (8bit):6.648410638768628
                                              Encrypted:false
                                              SSDEEP:49152:BusBOEuaRuJCN0900HR88Pix+oiDMpyQmdVqyWy9vSL6TzjolA:BuswEuaRzN090MRnP/fqyWyBS
                                              MD5:319DDB9C9900DD2BDFE2AF7009BF3A83
                                              SHA1:B5F8BB5055F944DFBC38720BC30C2747F2989116
                                              SHA-256:491673ED8FB7AFCF76204DD82079B365F4CD03EBC31452A40D45AA0F952038A5
                                              SHA-512:DFBBFCF35F39195C326AE7CA2B36224C460B4231AFA042562CE0DA0664316A5068A3BD7544937B53C6167412041DF7D0DB14612FFD11540D097998B52F060E1A
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 2%
                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............................................................................1....................}.......}.......}.......}.y.............}.......Rich....................PE..L......b...........!.........r................................................*.......................................................).......................).0.......T...............................@...............|............................text............................... ..`.rdata..............................@..@.data............L..................@....rsrc.........)...... !.............@..@.reloc..0.....)......2!.............@..B................................................................................................................................................................................................................................................................

                                              C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):2089968
                                              Entropy (8bit):6.41503010887335
                                              Encrypted:false
                                              SSDEEP:24576:R+hVl0FSQ2s1dPpvaTRNiNkedM/oyJv0AIOa9IOeBvAUaY0BAARMh8eh+YE7+D:wSFSQ2q9pCeKfv0AhRBvAUYWh8ea7+D
                                              MD5:DE1A88EBE38A4EB36E2C88B1A69A0251
                                              SHA1:4C81B58FB221AAC3B36C86A2376A42051F5FB160
                                              SHA-256:8741A8BB6FBFED7119C1BDECF8EF5C4E5FAEED79208CA1DD78675AC95492B135
                                              SHA-512:251D051FFEA15C050E61AE4E63F2FCBD50AAAFB92700756D850089D885C203D05AC9B75ABAAB62C767A7A948413D4EB616597BD893C06C557718E731EE52E336
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........g..........................L.............................t.....g.................9......9......9......9...........9......Rich............PE..d......b.........."..........D.................@............................. !.....R. ...`..........................................c.......c........ ..........F...,.......!.....xP..T............................P..8...............x............................text............................... ..`.rdata..............................@..@.data............6...t..............@....pdata...F.......H..................@..@_RDATA........ .....................@..@.rsrc......... .....................@..@.reloc........!.. ..................@..B................................................................................................................................................................

                                              C:\Program Files\FileOpen\Services\FileOpenManager64.exe (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):846816
                                              Entropy (8bit):6.226678050362994
                                              Encrypted:false
                                              SSDEEP:12288:If7ehSp060uzFgjlo85lpywqZdLxCT79mXD4b:If72Sp0FuzFA6wqZdLxCTJM4b
                                              MD5:2ACE6BC0F8B1752879AD54D4EA1938D9
                                              SHA1:C08CAA63D122C0B1DCD6A0855FDD3907905370D8
                                              SHA-256:D9F13C6BC2F459DAD399BA4E300B054A2205E0D6EFF4353BA7A095F0388258C3
                                              SHA-512:2B6B4064A66F6482B639E9BC06A6179E649B0F55E57D1CC73647DD5A48010ED3C25E98C25EE4BDB9487DF28B268BDC9EA58455EB924A78B4342296034C884CF7
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........%..pK..pK..pK...O..pK...H..pK...N.2pK...O..pK...H..pK...M..pK...N..pK...J..pK..pJ.rpK...6..pK...%..pK...N..pK......pK..p...pK...I..pK.Rich.pK.................PE..d....b.........."......Z...~.......\.........@............................. .......D....`.................................................dJ..x....... ....p...t...z...q......t...h...T...............................8............p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data........p.......P..............@....pdata...t...p...v..................@..@_RDATA...............b..............@..@.rsrc... ............d..............@..@.reloc..t............l..............@..B........................................................................................................................................................................

                                              C:\Program Files\FileOpen\Services\is-FC998.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):846816
                                              Entropy (8bit):6.226678050362994
                                              Encrypted:false
                                              SSDEEP:12288:If7ehSp060uzFgjlo85lpywqZdLxCT79mXD4b:If72Sp0FuzFA6wqZdLxCTJM4b
                                              MD5:2ACE6BC0F8B1752879AD54D4EA1938D9
                                              SHA1:C08CAA63D122C0B1DCD6A0855FDD3907905370D8
                                              SHA-256:D9F13C6BC2F459DAD399BA4E300B054A2205E0D6EFF4353BA7A095F0388258C3
                                              SHA-512:2B6B4064A66F6482B639E9BC06A6179E649B0F55E57D1CC73647DD5A48010ED3C25E98C25EE4BDB9487DF28B268BDC9EA58455EB924A78B4342296034C884CF7
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........%..pK..pK..pK...O..pK...H..pK...N.2pK...O..pK...H..pK...M..pK...N..pK...J..pK..pJ.rpK...6..pK...%..pK...N..pK......pK..p...pK...I..pK.Rich.pK.................PE..d....b.........."......Z...~.......\.........@............................. .......D....`.................................................dJ..x....... ....p...t...z...q......t...h...T...............................8............p...............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data........p.......P..............@....pdata...t...p...v..................@..@_RDATA...............b..............@..@.rsrc... ............d..............@..@.reloc..t............l..............@..B........................................................................................................................................................................

                                              C:\Program Files\FileOpen\Services\is-JKV7N.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):2089968
                                              Entropy (8bit):6.41503010887335
                                              Encrypted:false
                                              SSDEEP:24576:R+hVl0FSQ2s1dPpvaTRNiNkedM/oyJv0AIOa9IOeBvAUaY0BAARMh8eh+YE7+D:wSFSQ2q9pCeKfv0AhRBvAUYWh8ea7+D
                                              MD5:DE1A88EBE38A4EB36E2C88B1A69A0251
                                              SHA1:4C81B58FB221AAC3B36C86A2376A42051F5FB160
                                              SHA-256:8741A8BB6FBFED7119C1BDECF8EF5C4E5FAEED79208CA1DD78675AC95492B135
                                              SHA-512:251D051FFEA15C050E61AE4E63F2FCBD50AAAFB92700756D850089D885C203D05AC9B75ABAAB62C767A7A948413D4EB616597BD893C06C557718E731EE52E336
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........g..........................L.............................t.....g.................9......9......9......9...........9......Rich............PE..d......b.........."..........D.................@............................. !.....R. ...`..........................................c.......c........ ..........F...,.......!.....xP..T............................P..8...............x............................text............................... ..`.rdata..............................@..@.data............6...t..............@....pdata...F.......H..................@..@_RDATA........ .....................@..@.rsrc......... .....................@..@.reloc........!.. ..................@..B................................................................................................................................................................

                                              C:\Program Files\FileOpen\UtilDll.dll (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):223744
                                              Entropy (8bit):6.552035196075477
                                              Encrypted:false
                                              SSDEEP:6144:Q4L7/E4GpmEXrLTilLKvMoiLQpQuK2cVAORcC75FI:K4GpmEXrLTiwvlQjuK2arR5FI
                                              MD5:79F2386CF7296E8661997193CF01BAAD
                                              SHA1:726FEA5EABC5B38981B1D6CC5B8BE01212C90616
                                              SHA-256:101EBA215EF5F833EC332DA2C803FBFF060EB55F32A88EC261B5C4192528E6DD
                                              SHA-512:123F4FFA772FDE8F901ABF12C49B78EB81975E5E5F38A8EF80C10B4CA08DA422C42EE72F51155FC87A6726217A29B0E8BF22CB927347D324D41E87485C5EFF7E
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|....p...p...p.us...p.uu.n.p.ut...p..mt...p..ms...p..mu..p.uq...p...q..p.Nly...p.Nlp...p.Nl....p.......p.Nlr...p.Rich..p.........PE..L...[F9`...........!.....$...P..............@............................................@..........................<..l....>..x....p.......................... "......p...............................@............@...............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...T....P.......0..............@....rsrc........p.......@..............@..@.reloc.. ".......$...F..............@..B................................................................................................................................................................................................................................................................................................

                                              C:\Program Files\FileOpen\examples\installcomplete.pdf (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PDF document, version 1.6 (zip deflate encoded)
                                              Category:dropped
                                              Size (bytes):162991
                                              Entropy (8bit):7.995368768567606
                                              Encrypted:true
                                              SSDEEP:3072:HAmvwgsSx/UW0CSz15sU1mHNPKYm+HfJkGspEX+OQJv5RComJGD:HbXdECSzvm9KIH7aM+yuD
                                              MD5:D020B6FF764F08684688E772BCCFFA99
                                              SHA1:117CCBA4D83B17914F4FF1FFE1996540A041C507
                                              SHA-256:A6EF65B36F8521FC67269B9FBD024C7E98E0207AE76C8BECA9B289F125F92383
                                              SHA-512:5C8E7FFD0CBB3205F9164EF83500A9353C3D3F052FA4167AB0F49DE44CA29CF90982CCD767646D339A64A0F26446CEC4BA447D1CFD71388B17DD47F0DFEE35F8
                                              Malicious:false
                                              Preview:%PDF-1.6.%......38 0 obj<</Linearized 1/L 162991/O 40/E 157459/N 1/T 162689/H [ 564 199]>>.endobj. ..66 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<FE2312A4B89FD64A94044C8C74BAEF85><7653CFFF47F8504296A48EE78CC73A7D>]/Index[38 50]/Info 37 0 R/Length 128/Prev 162689/Root 39 0 R/Size 88/Type/XRef/W[1 3 1]/Encrypt 87 0 R>>stream..x.cbd`.``b``s....A$......Dr.....`.).T...`..`R.,..D2>....".?.E.A......$..7.m...E...m 2#..f,..f..u....K.*..].6...N...&.w 7\b....o..endstream.endobj.startxref..0..%%EOF.. ..86 0 obj<</C 131/Filter/FlateDecode/I 115/Length 113/S 38>>stream..x.c``.b``{.....`..........YL..........,."b..q.rD.m.o...K.....fj...l;..WB..@.OyF..):/...00UYC,`t..L...>.Q.........endstream.endobj. .. ..87 0 obj<</Filter/FOPN_foweb/V 1/Length 40/VEID(9.1)/BUILD(925)/SVID(InstallComplete)/DUID(D-700)/INFO(HgR50GSLkqXShHKestPel17ocyoslBDzOQxbbI1ggGDzJg3a0ibO9nsUYTCH8yDM/ivhsmBnq8p1Au54/T8cq0W8wU5aNOh8aIQgrHDt1oJStrQbMk6GhyM4Cfo

                                              C:\Program Files\FileOpen\examples\is-5NKPI.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PDF document, version 1.6 (zip deflate encoded)
                                              Category:dropped
                                              Size (bytes):162991
                                              Entropy (8bit):7.995368768567606
                                              Encrypted:true
                                              SSDEEP:3072:HAmvwgsSx/UW0CSz15sU1mHNPKYm+HfJkGspEX+OQJv5RComJGD:HbXdECSzvm9KIH7aM+yuD
                                              MD5:D020B6FF764F08684688E772BCCFFA99
                                              SHA1:117CCBA4D83B17914F4FF1FFE1996540A041C507
                                              SHA-256:A6EF65B36F8521FC67269B9FBD024C7E98E0207AE76C8BECA9B289F125F92383
                                              SHA-512:5C8E7FFD0CBB3205F9164EF83500A9353C3D3F052FA4167AB0F49DE44CA29CF90982CCD767646D339A64A0F26446CEC4BA447D1CFD71388B17DD47F0DFEE35F8
                                              Malicious:false
                                              Preview:%PDF-1.6.%......38 0 obj<</Linearized 1/L 162991/O 40/E 157459/N 1/T 162689/H [ 564 199]>>.endobj. ..66 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<FE2312A4B89FD64A94044C8C74BAEF85><7653CFFF47F8504296A48EE78CC73A7D>]/Index[38 50]/Info 37 0 R/Length 128/Prev 162689/Root 39 0 R/Size 88/Type/XRef/W[1 3 1]/Encrypt 87 0 R>>stream..x.cbd`.``b``s....A$......Dr.....`.).T...`..`R.,..D2>....".?.E.A......$..7.m...E...m 2#..f,..f..u....K.*..].6...N...&.w 7\b....o..endstream.endobj.startxref..0..%%EOF.. ..86 0 obj<</C 131/Filter/FlateDecode/I 115/Length 113/S 38>>stream..x.c``.b``{.....`..........YL..........,."b..q.rD.m.o...K.....fj...l;..WB..@.OyF..):/...00UYC,`t..L...>.Q.........endstream.endobj. .. ..87 0 obj<</Filter/FOPN_foweb/V 1/Length 40/VEID(9.1)/BUILD(925)/SVID(InstallComplete)/DUID(D-700)/INFO(HgR50GSLkqXShHKestPel17ocyoslBDzOQxbbI1ggGDzJg3a0ibO9nsUYTCH8yDM/ivhsmBnq8p1Au54/T8cq0W8wU5aNOh8aIQgrHDt1oJStrQbMk6GhyM4Cfo

                                              C:\Program Files\FileOpen\is-9KV5A.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):223744
                                              Entropy (8bit):6.552035196075477
                                              Encrypted:false
                                              SSDEEP:6144:Q4L7/E4GpmEXrLTilLKvMoiLQpQuK2cVAORcC75FI:K4GpmEXrLTiwvlQjuK2arR5FI
                                              MD5:79F2386CF7296E8661997193CF01BAAD
                                              SHA1:726FEA5EABC5B38981B1D6CC5B8BE01212C90616
                                              SHA-256:101EBA215EF5F833EC332DA2C803FBFF060EB55F32A88EC261B5C4192528E6DD
                                              SHA-512:123F4FFA772FDE8F901ABF12C49B78EB81975E5E5F38A8EF80C10B4CA08DA422C42EE72F51155FC87A6726217A29B0E8BF22CB927347D324D41E87485C5EFF7E
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|....p...p...p.us...p.uu.n.p.ut...p..mt...p..ms...p..mu..p.uq...p...q..p.Nly...p.Nlp...p.Nl....p.......p.Nlr...p.Rich..p.........PE..L...[F9`...........!.....$...P..............@............................................@..........................<..l....>..x....p.......................... "......p...............................@............@...............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...T....P.......0..............@....rsrc........p.......@..............@..@.reloc.. ".......$...F..............@..B................................................................................................................................................................................................................................................................................................

                                              C:\Program Files\FileOpen\is-NSHSA.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):3119936
                                              Entropy (8bit):6.073128166324036
                                              Encrypted:false
                                              SSDEEP:49152:IR/KpmZubPf2S8W2ILeWl+C1p9jWy5Mnd0wigbLNDH:O/jtYLP1Sy5i0qH
                                              MD5:B7988AC379CEAA456BAA3EF19EB55263
                                              SHA1:15C13A91E64739C76FF48E20C5BB4182AAD94339
                                              SHA-256:69383793D354F2A95D88F610B0559F321F37C97197554CD1E9D6D30B038C352D
                                              SHA-512:22D4544911F496B22AF502869CBDFBC371617A418EB8010319D1842A862F84CA2CA23F1BE505C5F03BD404CB2EE5E489B1FE86B3047356ACE3965F5494AA9FA6
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....m^..................%...........%.......%...@..........................`0.....5./...@......@....................'.......&..5...0'.|+...........z/.@!................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc...|+...0'..,...N&.............@..@............. (......:'.............@..@........................................................

                                              C:\Program Files\FileOpen\unins000.dat

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:InnoSetup Log 64-bit FileOpen Client B998, version 0x418, 28298 bytes, 724536\37\user\37, C:\Program Files\FileOpen\376\377\377\007
                                              Category:dropped
                                              Size (bytes):28298
                                              Entropy (8bit):3.9283973556016476
                                              Encrypted:false
                                              SSDEEP:384:JCEwFsZAIXuAhKCVMneFqf8cGKBUorhr+2NQfiA1kK0bPImRZ8dAHM:JQIRYiBKBUoF62lbbZ4
                                              MD5:AC044F627C6750CDDEDC6466460B8335
                                              SHA1:F57FFA62EB27BD8DF86C010885F29A4ED1DE25C7
                                              SHA-256:16C0FD51135214FCEF99AB370B5D6E91478789115259887E5D6E8A36AE84030C
                                              SHA-512:60A5845FABA55BB9281D34F1F8AA99972BB33D11E85851E46D30AC7C8C9F3A2C0C484AB42CCE6439717EEA7466316EC9A368B8760FE148E58BA7FDA4CD2D5708
                                              Malicious:false
                                              Preview:Inno Setup Uninstall Log (b) 64-bit.............................FileOpenClient..................................................................................................................FileOpen Client B998.....................................................................................................................n.....................................................................................................................w.........d.j......o........7.2.4.5.3.6......A.r.t.h.u.r......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.i.l.e.O.p.e.n................(...}.. ......].......IFPS....'...P....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM..........................................................................."..

                                              C:\Program Files\FileOpen\unins000.exe (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):3119936
                                              Entropy (8bit):6.073128166324036
                                              Encrypted:false
                                              SSDEEP:49152:IR/KpmZubPf2S8W2ILeWl+C1p9jWy5Mnd0wigbLNDH:O/jtYLP1Sy5i0qH
                                              MD5:B7988AC379CEAA456BAA3EF19EB55263
                                              SHA1:15C13A91E64739C76FF48E20C5BB4182AAD94339
                                              SHA-256:69383793D354F2A95D88F610B0559F321F37C97197554CD1E9D6D30B038C352D
                                              SHA-512:22D4544911F496B22AF502869CBDFBC371617A418EB8010319D1842A862F84CA2CA23F1BE505C5F03BD404CB2EE5E489B1FE86B3047356ACE3965F5494AA9FA6
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....m^..................%...........%.......%...@..........................`0.....5./...@......@....................'.......&..5...0'.|+...........z/.@!................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc...|+...0'..,...N&.............@..@............. (......:'.............@..@........................................................

                                              C:\Program Files\FileOpen\unins000.msg

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:InnoSetup messages, version 6.0.0, 243 messages (UTF-16), Cancel installation
                                              Category:dropped
                                              Size (bytes):23409
                                              Entropy (8bit):3.2729698372223375
                                              Encrypted:false
                                              SSDEEP:192:M1EXSCkf3STsfr69FTyPanTa1tznL7VF+Iqfc51U5YQDztXfbKJg/Bfvo:M196ir64+WX+7Q1U5YQDzt7/B3o
                                              MD5:DD3DDF5C06B1D597A1D4B0897CEAF095
                                              SHA1:E6BC22523D9AA34063FE76ED9108376DD35C7DD8
                                              SHA-256:B3F9AF6EC27F42D6F895794CCF28C4100FEFFDF20505E19C6C37A00826D6B82C
                                              SHA-512:80D57A14EF8AC41E6A1630C5CA4552421A5A6490BED6318068E5AB34440428DF4D7258199A8B06BF158604E079D4D2525DA5E75A781D0E1F15984208FD68268E
                                              Malicious:false
                                              Preview:Inno Setup Messages (6.0.0) (u).....................................$[...../.1.C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                              C:\ProgramData\FileOpen\Updates\L10n\fotk_de.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (12648), with no line terminators
                                              Category:dropped
                                              Size (bytes):12648
                                              Entropy (8bit):5.997991870273226
                                              Encrypted:false
                                              SSDEEP:384:vH6NHxuYvSxaFjN43mKAIz03TuslDR6mZ/juc:yNRuYvSxaFJRIqTvlDR6mZ/l
                                              MD5:1FF1A88C097A10AF0D2CB463BBB5E4C9
                                              SHA1:D149B1D0BCD84FAD9A4BD143E7837999BC840141
                                              SHA-256:3E077B1A201D71636DD045F7B2694AFEE90881DF97704B012DC947C7429492A7
                                              SHA-512:82AA26F7E0D877A0BEA8D55C57D4D6B98DF283C04360C730E6ED385A589D16438F9BC00B80609B48C33028202661E7343DD4A13A53AE31B6C9A4D8C2E63D1023
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600010072wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zRFBKRDtypz8MHsvOxXIrTq4HwI3gUHxIekwE6otym/yYLUZP7PlEy8O/bpGxW6LzHdWOK3fYHRItpDgBaA5X1AxvY2BO/XOfKySo1Db21+l9H//wtfYGiYOORGAUa1z2iOm5ELO3M+r0ktrNKBZRnxOzECsQsuEa/+1aidVgmCcr5OGJOHDz1NMK0yOvHorXY0lEp0E8UW2oOSovzMqnXNMMwnohZZA/WgMLkGJRbbRp9Qe/tz3PFPaGTc4c9uJpl1CN1n1v3n8ScqDkHNQ72m3NFqoEU0IBA6ZMCFRpB3PAx6VQgER3kQUB75gSOYlRe8OFEygpaacvJBa+SPwRA0PZu9N3WqHCJ5vks/lgCGrivfiTI/mokBWgEres7DjQjkOEJyuwk/x+rXId0ne1yi+dcSgih/kSGGEPnISAxskQFCkrqpWfdTJRMD+7negc2tQRjAdpaFIUKJ3ZmXmCKxTaC1F6Ypjp3YJgAGYhkGRrDT7f7tmBmM3Ow5R/RSIhc8U4Q0Fy8Di3AuIKcZ+nXYkKRyHT1OkxMuL8xtcwK52NpN6KGI1McXLIYi4k+HzXQmksHytorOvcqNT4YD+NUbyJyyeauJSvGYqPNvlvmsw05oIGDH5KOHUIey+9vGyP9DWqMfxM/i+Z8rZw9WUzh9qvZukWUF/Kvhnlci82eegqCdG4MGbsfIubxfArCfQ65jKl1B+H+h5HWyMsIaPrntbQhi4sgM5tYYGqros0o0pzGZFCESgBxPPy/Pe/AorFJsKjzsDfsF/bSeAfJN8lv0SL8JrbukctqROb8gziqsrvHbz1esn4PYRWw3BfHICa8/fiHRQZ7q83b6piRBqYzU91yqG+1ytB7jBh7A7PjNuR7DMMIVdohKwKMjawkIQHxFj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\fotk_fr.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (12752), with no line terminators
                                              Category:dropped
                                              Size (bytes):12752
                                              Entropy (8bit):5.999182781405648
                                              Encrypted:false
                                              SSDEEP:384:b477Sr0GX7TA4Sx6RHk73hrtoueh5Fix0:b477SH/APE2hrto1h5B
                                              MD5:02D3A1C956563BA31087EE811BCF1F41
                                              SHA1:6BDDFE58549C328D810B15B37BF93BCFCAB1A14B
                                              SHA-256:E6DCD083958DB6FB9A3FB75A9ED320638C3CBF97B69AA24AAF68E96FB644F9F1
                                              SHA-512:A385C69D7CFD88F637D3553BEEFA502563E9620FBA1C502DBCB7CF868383F1CF86D6578FCCCE0EF6B5D0E246E1F94313FF6A3AC01B1529AC78DF5F376B76C3E2
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600010176wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zShBKRDtypz8MHsvOxXIrTqaHwI3gUHxIekwE6otym/yebUZP7PlEy8O/bpGxW6LzHxWOK3fYHRItpDgBaA5X1A5vY2BO/XOfKySo1Db21+l93//wtfYGiYOORGAUa1z2ham5ELO3M+r0ktrNKBZRnx/zECsQsuEa/+1aidVgmCcs5OGJOHDz1NMK0yOvHorXYolEp0E8UW2oOSovzMqnXNBMwnohZZA/WgMLkGJRbbRoNQe/tz3PFPaGTc4c9uJplVCN1n1v3n8ScqDkHNQ72mgNFqoEU0IBA6ZMCFRpB3PAx6VQgER3kQUB75gSOYlRcAOFEygpaacvJBa+SPwRA0PZu9N3WqHCJ5vks/lgCGrivfiTI/mokBWgEres7DjQjIOEJyuwk/x+rXId0ne1yi9dcSgih/kSGGEPnISAxskRlCkrqpWfdTJRMD+7negc2JQRjAdpaFIUKJ3ZmXmCKw8aC1F6Ypjp3YJgAGYhkGR1TT7f7tmBmM3Ow5R/RSIhb4U4Q0Fy8Di3AuIKcZ+nXY3KRyHT1OkxMuL8xtcwK52RpN6KGI1McXLIYi4k+HzXTWksHytorOvcqNT4YD+NUbvJyyeauJSvGYqPNvlvmsw0ZoIGDH5KOHUIey+9vGyP8vWqMfxM/i+Z8rZw9WUzh8QvZukWUF/Kvhnlci82eegqSdG4MGbsfIubxfArCfQ64TKl1B+H+h5HWyMsIaPrntVQhi4sgM5tYYGqros0o0py2ZFCESgBxPPy/Pe/AorFJoKjzsDfsF/bSeAfJN8lv0aL8JrbukctqROb8gziqsrtHbz1esn4PYRWw3BfHICa6PfiHRQZ7q83b6piRBqYzUh1yqG+1ytB7jBh7A7PjNuK7DMMIVdohKwKMjawkIQHw1j/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\fotk_ja.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (15400), with no line terminators
                                              Category:dropped
                                              Size (bytes):15400
                                              Entropy (8bit):5.998963228052221
                                              Encrypted:false
                                              SSDEEP:192:sT4SmJg9IPU7nKZ7FknvIyD4s892kYOPM/vUm7Z1pTD/fOa8n9td6XBgD9IEbHxO:+4SuPUmXknvb04kXoMmjpH/GtnOBShK
                                              MD5:7DD5A9A2ED2E595E660EAB7B06449720
                                              SHA1:992CAD591FB818A66DFEC96CC32B5B94739692FF
                                              SHA-256:168ED420AB4AC7C5468362EE5804A1EE1BC2304B3A61884ADF1D9E764E66F889
                                              SHA-512:2C335278E6E67FD26AF6DCFC50417CB70EA35BDB4ABA5185F023AEC6BA1948F096677B4A6DA3539B746CC79378F6DAB82F386995CD56F3BD9F977815B11FE699
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600012824wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zQFBKRDtypz8MHsvOxXIrTrvHwI3gUHxIekwE6otym/yHbUZP7PlEy8O/bpGxW6LzHtWOK3fYHRItpDgBaA5X1AXvY2BO/XOfKySo1Db21+lg3//wtfYGiYOORGAUa1z2iam5ELO3M+r0ktrNKBZRnxIzECsQsuEa/+1aidVgmCc0ZOGJOHDz1NMK0yOvHorXY0lEp0E8UW2oOSovzMqnXNGMwnohZZA/WgMLkGJRbbRrtQe/tz3PFPaGTc4c9uJpm1CN1n1v3n8ScqDkHNQ72mzNFqoEU0IBA6ZMCFRpB3PEx6VQgER3kQUB75gSOYlReMOFEygpaacvJBa+SPwRA0aZu9N3WqHCJ5vks/lgCGrn/fiTI/mokBWgEres7DjQh4OEJyuwk/x+rXId0ne1yihdcSgih/kSGGEPnISAxskQlCkrqpWfdTJRMD+7negcyFQRjAdpaFIUKJ3ZmXmCKwtaC1F6Ypjp3YJgAGYhkGRoDT7f7tmBmM3Ow5R/RSIhbAU4Q0Fy8Di3AuIKcZ+nXZwKRyHT1OkxMuL8xtcwK52OZN6KGI1McXLIYi4k+HzXfOksHytorOvcqNT4YD+NUaPJyyeauJSvGYqPNvlvmswnZoIGDH5KOHUIey+9vGyP9vWqMfxM/i+Z8rZw9WUzh92vZukWUF/Kvhnlci82eegvydG4MGbsfIubxfArCfQ6+XKl1B+H+h5HWyMsIaPrnszQhi4sgM5tYYGqros0o0pr2ZFCESgBxPPy/Pe/AorFOQKjzsDfsF/bSeAfJN8lv1rL8JrbukctqROb8gziqsr73bz1esn4PYRWw3BfHICa7HfiHRQZ7q83b6piRBqYzUR1yqG+1ytB7jBh7A7PjNuObDMMIVdohKwKMjawkIQHz1j/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\fotk_zh.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (10172), with no line terminators
                                              Category:dropped
                                              Size (bytes):10172
                                              Entropy (8bit):5.999002101128432
                                              Encrypted:false
                                              SSDEEP:192:HQzOr83z8zOvnbYPEe5MXjzo2LvLXuqQGgfPuVC9ZMCNVm:HQTz8zO086M42LvcPuVL+Vm
                                              MD5:03F4D28B17CE89CFE4C288EF7225451F
                                              SHA1:3470AD6103983DAABEE0D8494E891123BCA9804A
                                              SHA-256:7C7509711730827DA1A713398845A2E09ADDE8ECFCA07DB04B47F34EECE52493
                                              SHA-512:50EBDBA872C08D18C54AEBA31C025DE7203C0E1444CDA541857715BB186358C8D8C186F0419EDD9A5C02E03D98D44B95C0EDC4549CF725578CEBD667482A3326
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600007596wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zS9BKRDtypz8MHsvOxXIrTqMHwI3gUHxIekwE6otym/yTbUZP7PlEy8O/bpGxW6LzFxWOK3fYHRItpDgBaA5X1BavY2BO/XOfKySo1Db21+l/X//wtfYGiYOORGAUa1z2gum5ELO3M+r0ktrNKBZRnxxzECsQsuEa/+1aidVgmCcrZOGJOHDz1NMK0yOvHorXbslEp0E8UW2oOSovzMqnXN3MwnohZZA/WgMLkGJRbbRl9Qe/tz3PFPaGTc4c9uJpklCN1n1v3n8ScqDkHNQ72l+NFqoEU0IBA6ZMCFRpB3PcR6VQgER3kQUB75gSOYlRaQOFEygpaacvJBa+SPwRA0PZu9N3WqHCJ5vks/lgCGrivfiTI/mokBWgEres7DjQiAOEJyuwk/x+rXId0ne1yihdcSgih/kSGGEPnISAxskTVCkrqpWfdTJRMD+7negc5lQRjAdpaFIUKJ3ZmXmCKwKaC1F6Ypjp3YJgAGYhkGRsTT7f7tmBmM3Ow5R/RSIhdYU4Q0Fy8Di3AuIKcZ+nXYxKRyHT1OkxMuL8xtcwK52LJN6KGI1McXLIYi4k+HzXUiksHytorOvcqNT4YD+NUbcJyyeauJSvGYqPNvlvmswz5oIGDH5KOHUIey+9vGyP/rWqMfxM/i+Z8rZw9WUzh8MvZukWUF/Kvhnlci82eeglydG4MGbsfIubxfArCfQ65LKl1B+H+h5HWyMsIaPrntWQhi4sgM5tYYGqros0o0p0mZFCESgBxPPy/Pe/AorFJAKjzsDfsF/bSeAfJN8lv0KL8JrbukctqROb8gziqsrpXbz1esn4PYRWw3BfHICa87fiHRQZ7q83b6piRBqYzU/1yqG+1ytB7jBh7A7PjNuRrDMMIVdohKwKMjawkIQHxNj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\is-50LB9.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (12752), with no line terminators
                                              Category:dropped
                                              Size (bytes):12752
                                              Entropy (8bit):5.999182781405648
                                              Encrypted:false
                                              SSDEEP:384:b477Sr0GX7TA4Sx6RHk73hrtoueh5Fix0:b477SH/APE2hrto1h5B
                                              MD5:02D3A1C956563BA31087EE811BCF1F41
                                              SHA1:6BDDFE58549C328D810B15B37BF93BCFCAB1A14B
                                              SHA-256:E6DCD083958DB6FB9A3FB75A9ED320638C3CBF97B69AA24AAF68E96FB644F9F1
                                              SHA-512:A385C69D7CFD88F637D3553BEEFA502563E9620FBA1C502DBCB7CF868383F1CF86D6578FCCCE0EF6B5D0E246E1F94313FF6A3AC01B1529AC78DF5F376B76C3E2
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600010176wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zShBKRDtypz8MHsvOxXIrTqaHwI3gUHxIekwE6otym/yebUZP7PlEy8O/bpGxW6LzHxWOK3fYHRItpDgBaA5X1A5vY2BO/XOfKySo1Db21+l93//wtfYGiYOORGAUa1z2ham5ELO3M+r0ktrNKBZRnx/zECsQsuEa/+1aidVgmCcs5OGJOHDz1NMK0yOvHorXYolEp0E8UW2oOSovzMqnXNBMwnohZZA/WgMLkGJRbbRoNQe/tz3PFPaGTc4c9uJplVCN1n1v3n8ScqDkHNQ72mgNFqoEU0IBA6ZMCFRpB3PAx6VQgER3kQUB75gSOYlRcAOFEygpaacvJBa+SPwRA0PZu9N3WqHCJ5vks/lgCGrivfiTI/mokBWgEres7DjQjIOEJyuwk/x+rXId0ne1yi9dcSgih/kSGGEPnISAxskRlCkrqpWfdTJRMD+7negc2JQRjAdpaFIUKJ3ZmXmCKw8aC1F6Ypjp3YJgAGYhkGR1TT7f7tmBmM3Ow5R/RSIhb4U4Q0Fy8Di3AuIKcZ+nXY3KRyHT1OkxMuL8xtcwK52RpN6KGI1McXLIYi4k+HzXTWksHytorOvcqNT4YD+NUbvJyyeauJSvGYqPNvlvmsw0ZoIGDH5KOHUIey+9vGyP8vWqMfxM/i+Z8rZw9WUzh8QvZukWUF/Kvhnlci82eegqSdG4MGbsfIubxfArCfQ64TKl1B+H+h5HWyMsIaPrntVQhi4sgM5tYYGqros0o0py2ZFCESgBxPPy/Pe/AorFJoKjzsDfsF/bSeAfJN8lv0aL8JrbukctqROb8gziqsrtHbz1esn4PYRWw3BfHICa6PfiHRQZ7q83b6piRBqYzUh1yqG+1ytB7jBh7A7PjNuK7DMMIVdohKwKMjawkIQHw1j/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\is-B9C47.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (12648), with no line terminators
                                              Category:dropped
                                              Size (bytes):12648
                                              Entropy (8bit):5.997991870273226
                                              Encrypted:false
                                              SSDEEP:384:vH6NHxuYvSxaFjN43mKAIz03TuslDR6mZ/juc:yNRuYvSxaFJRIqTvlDR6mZ/l
                                              MD5:1FF1A88C097A10AF0D2CB463BBB5E4C9
                                              SHA1:D149B1D0BCD84FAD9A4BD143E7837999BC840141
                                              SHA-256:3E077B1A201D71636DD045F7B2694AFEE90881DF97704B012DC947C7429492A7
                                              SHA-512:82AA26F7E0D877A0BEA8D55C57D4D6B98DF283C04360C730E6ED385A589D16438F9BC00B80609B48C33028202661E7343DD4A13A53AE31B6C9A4D8C2E63D1023
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600010072wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zRFBKRDtypz8MHsvOxXIrTq4HwI3gUHxIekwE6otym/yYLUZP7PlEy8O/bpGxW6LzHdWOK3fYHRItpDgBaA5X1AxvY2BO/XOfKySo1Db21+l9H//wtfYGiYOORGAUa1z2iOm5ELO3M+r0ktrNKBZRnxOzECsQsuEa/+1aidVgmCcr5OGJOHDz1NMK0yOvHorXY0lEp0E8UW2oOSovzMqnXNMMwnohZZA/WgMLkGJRbbRp9Qe/tz3PFPaGTc4c9uJpl1CN1n1v3n8ScqDkHNQ72m3NFqoEU0IBA6ZMCFRpB3PAx6VQgER3kQUB75gSOYlRe8OFEygpaacvJBa+SPwRA0PZu9N3WqHCJ5vks/lgCGrivfiTI/mokBWgEres7DjQjkOEJyuwk/x+rXId0ne1yi+dcSgih/kSGGEPnISAxskQFCkrqpWfdTJRMD+7negc2tQRjAdpaFIUKJ3ZmXmCKxTaC1F6Ypjp3YJgAGYhkGRrDT7f7tmBmM3Ow5R/RSIhc8U4Q0Fy8Di3AuIKcZ+nXYkKRyHT1OkxMuL8xtcwK52NpN6KGI1McXLIYi4k+HzXQmksHytorOvcqNT4YD+NUbyJyyeauJSvGYqPNvlvmsw05oIGDH5KOHUIey+9vGyP9DWqMfxM/i+Z8rZw9WUzh9qvZukWUF/Kvhnlci82eegqCdG4MGbsfIubxfArCfQ65jKl1B+H+h5HWyMsIaPrntbQhi4sgM5tYYGqros0o0pzGZFCESgBxPPy/Pe/AorFJsKjzsDfsF/bSeAfJN8lv0SL8JrbukctqROb8gziqsrvHbz1esn4PYRWw3BfHICa8/fiHRQZ7q83b6piRBqYzU91yqG+1ytB7jBh7A7PjNuR7DMMIVdohKwKMjawkIQHxFj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\is-BQIFQ.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (15400), with no line terminators
                                              Category:dropped
                                              Size (bytes):15400
                                              Entropy (8bit):5.998963228052221
                                              Encrypted:false
                                              SSDEEP:192:sT4SmJg9IPU7nKZ7FknvIyD4s892kYOPM/vUm7Z1pTD/fOa8n9td6XBgD9IEbHxO:+4SuPUmXknvb04kXoMmjpH/GtnOBShK
                                              MD5:7DD5A9A2ED2E595E660EAB7B06449720
                                              SHA1:992CAD591FB818A66DFEC96CC32B5B94739692FF
                                              SHA-256:168ED420AB4AC7C5468362EE5804A1EE1BC2304B3A61884ADF1D9E764E66F889
                                              SHA-512:2C335278E6E67FD26AF6DCFC50417CB70EA35BDB4ABA5185F023AEC6BA1948F096677B4A6DA3539B746CC79378F6DAB82F386995CD56F3BD9F977815B11FE699
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600012824wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zQFBKRDtypz8MHsvOxXIrTrvHwI3gUHxIekwE6otym/yHbUZP7PlEy8O/bpGxW6LzHtWOK3fYHRItpDgBaA5X1AXvY2BO/XOfKySo1Db21+lg3//wtfYGiYOORGAUa1z2iam5ELO3M+r0ktrNKBZRnxIzECsQsuEa/+1aidVgmCc0ZOGJOHDz1NMK0yOvHorXY0lEp0E8UW2oOSovzMqnXNGMwnohZZA/WgMLkGJRbbRrtQe/tz3PFPaGTc4c9uJpm1CN1n1v3n8ScqDkHNQ72mzNFqoEU0IBA6ZMCFRpB3PEx6VQgER3kQUB75gSOYlReMOFEygpaacvJBa+SPwRA0aZu9N3WqHCJ5vks/lgCGrn/fiTI/mokBWgEres7DjQh4OEJyuwk/x+rXId0ne1yihdcSgih/kSGGEPnISAxskQlCkrqpWfdTJRMD+7negcyFQRjAdpaFIUKJ3ZmXmCKwtaC1F6Ypjp3YJgAGYhkGRoDT7f7tmBmM3Ow5R/RSIhbAU4Q0Fy8Di3AuIKcZ+nXZwKRyHT1OkxMuL8xtcwK52OZN6KGI1McXLIYi4k+HzXfOksHytorOvcqNT4YD+NUaPJyyeauJSvGYqPNvlvmswnZoIGDH5KOHUIey+9vGyP9vWqMfxM/i+Z8rZw9WUzh92vZukWUF/Kvhnlci82eegvydG4MGbsfIubxfArCfQ6+XKl1B+H+h5HWyMsIaPrnszQhi4sgM5tYYGqros0o0pr2ZFCESgBxPPy/Pe/AorFOQKjzsDfsF/bSeAfJN8lv1rL8JrbukctqROb8gziqsr73bz1esn4PYRWw3BfHICa7HfiHRQZ7q83b6piRBqYzUR1yqG+1ytB7jBh7A7PjNuObDMMIVdohKwKMjawkIQHz1j/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\L10n\is-H0NCM.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (10172), with no line terminators
                                              Category:dropped
                                              Size (bytes):10172
                                              Entropy (8bit):5.999002101128432
                                              Encrypted:false
                                              SSDEEP:192:HQzOr83z8zOvnbYPEe5MXjzo2LvLXuqQGgfPuVC9ZMCNVm:HQTz8zO086M42LvcPuVL+Vm
                                              MD5:03F4D28B17CE89CFE4C288EF7225451F
                                              SHA1:3470AD6103983DAABEE0D8494E891123BCA9804A
                                              SHA-256:7C7509711730827DA1A713398845A2E09ADDE8ECFCA07DB04B47F34EECE52493
                                              SHA-512:50EBDBA872C08D18C54AEBA31C025DE7203C0E1444CDA541857715BB186358C8D8C186F0419EDD9A5C02E03D98D44B95C0EDC4549CF725578CEBD667482A3326
                                              Malicious:false
                                              Preview:lcd&00010000000000440000249600007596wfNamiz0xzddKQHtypz8XHsvOxPIrTqsHwI3kUHxIZw=wfNamzz0zS9BKRDtypz8MHsvOxXIrTqMHwI3gUHxIekwE6otym/yTbUZP7PlEy8O/bpGxW6LzFxWOK3fYHRItpDgBaA5X1BavY2BO/XOfKySo1Db21+l/X//wtfYGiYOORGAUa1z2gum5ELO3M+r0ktrNKBZRnxxzECsQsuEa/+1aidVgmCcrZOGJOHDz1NMK0yOvHorXbslEp0E8UW2oOSovzMqnXN3MwnohZZA/WgMLkGJRbbRl9Qe/tz3PFPaGTc4c9uJpklCN1n1v3n8ScqDkHNQ72l+NFqoEU0IBA6ZMCFRpB3PcR6VQgER3kQUB75gSOYlRaQOFEygpaacvJBa+SPwRA0PZu9N3WqHCJ5vks/lgCGrivfiTI/mokBWgEres7DjQiAOEJyuwk/x+rXId0ne1yihdcSgih/kSGGEPnISAxskTVCkrqpWfdTJRMD+7negc5lQRjAdpaFIUKJ3ZmXmCKwKaC1F6Ypjp3YJgAGYhkGRsTT7f7tmBmM3Ow5R/RSIhdYU4Q0Fy8Di3AuIKcZ+nXYxKRyHT1OkxMuL8xtcwK52LJN6KGI1McXLIYi4k+HzXUiksHytorOvcqNT4YD+NUbcJyyeauJSvGYqPNvlvmswz5oIGDH5KOHUIey+9vGyP/rWqMfxM/i+Z8rZw9WUzh8MvZukWUF/Kvhnlci82eeglydG4MGbsfIubxfArCfQ65LKl1B+H+h5HWyMsIaPrntWQhi4sgM5tYYGqros0o0p0mZFCESgBxPPy/Pe/AorFJAKjzsDfsF/bSeAfJN8lv0KL8JrbukctqROb8gziqsrpXbz1esn4PYRWw3BfHICa87fiHRQZ7q83b6piRBqYzU/1yqG+1ytB7jBh7A7PjNuRrDMMIVdohKwKMjawkIQHxNj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkBus.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (7568), with no line terminators
                                              Category:dropped
                                              Size (bytes):7568
                                              Entropy (8bit):5.994994247200588
                                              Encrypted:false
                                              SSDEEP:192:by7MRsGZtKD5PXgQn2aZgqi3ycNBiEd5vtgZ86VVV0Kq:uIRsgg5P12aiqI5v63GKq
                                              MD5:8C21D08BA2B447A7C85FA5575A3E57EE
                                              SHA1:A07E68F1613AD29A8274A07B6EC03B6266C06F15
                                              SHA-256:BB6DFD0A1F9FA1658FA75BDC117F601398D9D132453EE7A7D1B858AED29E42F9
                                              SHA-512:0AB5767C4EE3D0CFBA28174C8A3FB6BB9326E1BF66554AEFD4549C41FA096DEEFE76A6150DA3C577E6C99B40EFD3151C0A96D6460F3DD266F5928156D58CF56A
                                              Malicious:false
                                              Preview:lcd&00010000000000440000748800000000wfNamjzkzT1BNRD8ypz8XHsvOxLIrTqsHwI36UHxId8=wfNamzz0zTYLRniD6tiTVXsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3jLSxC9j+TIGikgTu62WV+0XP8o3YGiYOORGAV61z2kWm5Dev3M+r00trNKdZRnwrzECsQsuEa/+1aiddgmCcgJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/Wg+HnC0aIboouUpqu3BBmbuIwcIJduJpg1CN1n1v3n8ScqD5RdQ72kHNFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvJBa+TPwRA0JZu9N3WqHCJ5vks/0gCGrjMXSfbnLk3B7snKKkIbZcVk0IKz0wk/x+rXId1re1yiwdcTVFh/kSGCEPnIGAxskVVCkrqpWfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3YJgAGPhkGRljT7f7tmBmM3CT5g0zm4vN8l1lk0/frX6DG4GYV+nXYaKRyHT1OkxMuL826DwK52AJN6KGI1McXLIYi4iOHzXWWksHytorOvcqNT4Zz+NUbHJyyeauJSvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TkmPbHHsiHSvvul/ui9CoVh6uUA0F/Kvhnlcic2eegiSdGlTibsfIvbxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPy/Pe2AorFKMKjzsDfsF/bRWwTYBRpsQNHvU/X98mg5B0X/hPiqsrj3bz1esn4PYRWw20oXICa+HfiHRQZ7q83b6piThqYzV41yqG+1ytB7jBh7ASPjNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkCnfs.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):80
                                              Entropy (8bit):4.142037796599528
                                              Encrypted:false
                                              SSDEEP:3:5VvXjyoyRd2tUquhItSjt/n:5k7KUquhItSt/n
                                              MD5:CA943A39A4F5DD13E54089690FEC080A
                                              SHA1:0DC95BE92BF165A841D1881BC2A14212C31F4792
                                              SHA-256:FDF6D2CBF65EDCF9E84B66D484BA0FD18FAD427E3EB1BF332C94CADDF1D7EC63
                                              SHA-512:EE0051B72252A61399E53288CD23EEE59CA4A7139E941A07B750281CFCB77BFD143453BF86F54C03CAD39CABECA7CEC2C5E4D1DC1B8A41E16FB174FA131966FE
                                              Malicious:false
                                              Preview:lcd&00010000000000440000000000000000wfNamjzkzT1BNRD8ypz8XHsvOxzIrTqtHwI3gUHxIek=

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkDrs.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (7248), with no line terminators
                                              Category:dropped
                                              Size (bytes):7248
                                              Entropy (8bit):5.997073501805218
                                              Encrypted:false
                                              SSDEEP:192:bfzTsUutE1urhpa053dRffUnm309gNCSBgEYpKn2qV/2:bfzTsVEwrTV3zHIUYJpjz
                                              MD5:30FE73410C791D4BF1D7A1FDCEA9E54A
                                              SHA1:ED3EB0A5F503D1B7F84D19592249E0E7409E31EB
                                              SHA-256:366C3AA0A8F734B055D685D1B4783C95B2E1830B7F25319B3577FFA3E66AA2B5
                                              SHA-512:DD76385E04704077E0972DB4BB58629538884A316F8B8EC5C75B7597B66D80A5C20C243A6BA70F67F4492C95BB86D04053E8F7D7DFD8CFF5BC803B286C52FF2D
                                              Malicious:false
                                              Preview:lcd&00010000000000440000716800000000wfNamjzkzT1BNRD8ypz8XHsvOxbIrTqsHwI3AUHxIcM=kbcczG69mWVBKRDtypz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfKySo1De21+ly3//wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa//lLmEWxmCcgJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaSXN+NJ+Jpg1CN1n1v3n8ScqDkH5Q72kENFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvNEetnG1FF49Zu9N3WqHCJ5vks/0gCGrjPfiTI/mokBWgEreobDjQmoOEJyuwk/x+rXId1re1yiwdcSgih/kSGGEPnIGAxskVVCkrqpWfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3YJgAGPhkGRljT7f7tmBmM3ekoep1HY1scU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXWWksHytorOvcuIXqM+qAUbHJyyeauJSvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TWqMfxM/i+Z8rZw8qUzh8hvZukWUF/Kvg3xovOkLf0vCdG4MGbsfIubxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPireXi14eFKMKjzsDfsF/bSeAfLZ8lv0gL8JrbukctqROb8gViqsrj3bz1esn4PYRWw3BW3ICa+DfiHRQZ7q83e76ymojM2FN1yqG+1ytB7jBh7ASPjNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkLngs.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (720), with no line terminators
                                              Category:dropped
                                              Size (bytes):720
                                              Entropy (8bit):5.900569033555435
                                              Encrypted:false
                                              SSDEEP:12:4IHoMwA+gmo1buxC1iXXTpNsoUSFLuQPC+ZkGVg0J3DAiWNOcoJAAijBuDotI:/HoMwAyoMCkXXlWo1LE+2GK0Jal6
                                              MD5:55D02DA6997B22D40AC0BBD083D0D79E
                                              SHA1:5802069EBC18E6B83EF9974E1E88A5DC9AEF3F16
                                              SHA-256:323CA3057BBCD45288E40132953CD66B7F2AA1A403FA3D336F7E395FB51F94C3
                                              SHA-512:4B78F7B57FD666ADA151CFEF2ABAB34A09B5270BE7F7651AEF0AAA1263512C8B35DCB09B70481F010D10417F9D71D13B86A6A51DC77C0FDCA6D50BC5561D69A5
                                              Malicious:false
                                              Preview:lcd&00010000000000440000064000000000wfNamjzkzT1BNRD8ypz8XHsvOxPIrTqsHwI3+UHxIe0=pZZamzz0zTdBKRDtypz8MB1AT3+XyV+tHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfKySo1Dc6W+U/1LP9frqI3I/DCuxZZdD6h+m5ELO3M+r0ktrNKdZRnwrqjKsQsuEa/+1aiddgmCcgPXpUIqcqSFMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaGTc4f9uJpg1CN1n3jUnNfeezp1Ni1j01BmCaIXc4NFSZMCFfpB3PSh6VQgER3kQUfdZgR+YlRZgOFEygpaacvPY1jVivPmUJZu9N3WqHCJ5vks/0gCGrjPfiTI/mokBWgEreobDjQmoOEJyuwk/x+rXId1re1yiwdcSgih/kSGGEPnIEMSsVYX2UlodmS4D4cvrOy02QQ6VQRjAdpaFIUKJ3ZnPmCKwRAkxF6Ypjp3YJgAGPhkGRllKUC9A5bAI3Ow5R5RSIhfIU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXWWksHyvkIOeRI5j2LHOAxL2ERavWdhijDwqPNv4vmsw6JoIGDH5KOHU

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkLsts.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (1104), with no line terminators
                                              Category:dropped
                                              Size (bytes):1104
                                              Entropy (8bit):5.9577061260906765
                                              Encrypted:false
                                              SSDEEP:24:q7VsiyT/NCkWaPIHxby827qIlU7gXcwl9ji5JMvX:uwjNFIRmPVU8qO/
                                              MD5:DE68D51F9BFED85374972FC4B778C7FE
                                              SHA1:70CF0EB0A85E503F56D91404E3C25D140FA462F4
                                              SHA-256:3115D9807B7F4558FA79D09F3DDEBCFD41AF2FA4761B006F108F9817165F0665
                                              SHA-512:37FE62C56CDC889B321C650D87554715113710E081BAE7B35F7C8D52DEF73A7C3E28FDDACD3BBF48270BCBFAEA27DFDA49E0D5E6DEC1A9EF9E8A1B88085EF53A
                                              Malicious:false
                                              Preview:lcd&00010000000000440000102400000000wfNamjzkzT1BNRD8ypz8XHsvOxXIrTqsHwI34UHxIeE=wfNamnCHuURBKRDthvWPRAgvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7ODfFtlsckytW6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfK2VR1Da20mlyn//wjnYGiYOORGAUOEdvTam5ELOkK7FtT4KU8IqRnwrzECsQsuEa/+1aiddgmCcgJOGJOGloCcnZyLpxnorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WkLzkGLRbvRkdQe/gv3PFPaGTc4d5jnwH5CN1n1/BaSL6Pk5QwxmwBrWimoEU0IBA6ZMCFfpB3PSh6VQgF3sTB/RNAGNOYlRZgOFEygpaacvJBa+TPwRA0JZu9N3WqHCJ9oTM/9gCirhvfiTF3mokBWgEreo+CHMAMOEJyukj2YlMGtBR6svl7VB7egih/kSGGEPnIGAxskVVCkrqowEqCiALKN+3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3cOZAGLhleRljT7f2dmBmM3Ow5R5kT46oAU4Q0Fm7KLsn/tW48R7wJpKRyHT1OkxMuL8xtGwK52AZN6KGJTXrGgcfrLiOHzXWWksHytorOvcqNT4Zz+NUbHJyyeauJSvGct3NvzvmAw75oIGOv5KOHUIey+7KPWU4jWqMfxYZ3UAqmtpq7QonNSvZukWUF/Kvhnlcic2eegiSdG4MH93oZFPXOzjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYcBdLoD0oAp62ZFCI+gBxPPy/Pe3UREfc0KjzsDMK42A03lH8IV+ZNTL8JrbukctqROb8gViqsrj3bz1etBj4J6FWSyW3ICa+DfiHRQZ7q83b6piThqYzV41yqG+1ytB7nGWbAUPjFuerDMMFZdohKwKMja7gBlbCZj/E9kgFfUTywf

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkNis.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (2640), with no line terminators
                                              Category:dropped
                                              Size (bytes):2640
                                              Entropy (8bit):5.987942858685715
                                              Encrypted:false
                                              SSDEEP:48:jDSdbGs0gEvopAOW+ChoamiiaAlptDCHdWdy5jqbx3saHOHz8:Sd10PAXnCuamiivAHkdaqb298
                                              MD5:7F9D763543F94CA15B7158ADA872C7E4
                                              SHA1:9661F3C85A6E583EB455E50488530D40B5FD6C56
                                              SHA-256:6E3C654DA94BF2DAB61704FA4787747DA578DF0EA8A7B808A7943E1D506FB373
                                              SHA-512:0F2ACD1B623362B15C1D634B6E18E14452EAE3BA6F984EEEF2496094EBB258B62EDA2CE607FC99F571EEF54E92507650BB83BA2EBBEAAC223D2346D343DEA871
                                              Malicious:false
                                              Preview:lcd&00010000000000440000256000000000wfNamjzkzT1BNRD8ypz8XHsvOxHIrTqsHwI3AUHxIeY=hIsq91OGqEVBKRDtypz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItvWYdchWLTUFk+j5XvXOfKySo1De21+ly3//wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa//6H1Mx7Q/3gJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPadkJME7TmzSMnTzz1v3n8ScqDkH5Q72kENFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvNE5i1ySJXkpNIosuQ/1CJ5vks/0gCGrjPfiTI/mokBWgEreobDjQmoOEJyuwk/x+rXId1re1yiwdcSgih/kSGHFXQBpUX8XZ37B1s9WfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3YJgAGPhkGRljT7f7tmBmM3em0jinbp8fIU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXWWksHytorOvcuIwk/OcVDLpQlT7auJSvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TWqMfxM/i+Z8rZw8qUzh8hvZukWUF/Kvgm9rrzu4bUqWU0j6r+w/IubxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPqpCst2hZe8hv/RVmBqR/bSeAfLZ8lv0gL8JrbukctqROb8gViqsrj3bz1esn4PYRWw3BW3ICa+DfiHRQZ7q83f/K+1cIAkFYlln1ki/ZZta1h7ASPjNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkPrs.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (2960), with no line terminators
                                              Category:dropped
                                              Size (bytes):2960
                                              Entropy (8bit):5.986739218510661
                                              Encrypted:false
                                              SSDEEP:48:3jiESWGhYjEvKaAZ/m7g5Tk0oqmiia4k7qYebCuFbx3JnFpOHdxK/xB:3WYQyPukGNqmii27qYsFbAK/xB
                                              MD5:DD46349E256F66DA49E6ED04DAD039DE
                                              SHA1:32929544444286C63FA674F56BD19171EB851AAB
                                              SHA-256:D658B0AA15C2E36AD2C4C08BCED8693E525387822A1604DAA26D81BBFB6DF6B1
                                              SHA-512:29E9BDCBE21D95DF93FABAF280B90C7FF860B64D692F2492ED642479C0306118F2032EDB6E7FA216687EFB963E71C4F691BAA301060BAE838916047B2AE782EF
                                              Malicious:false
                                              Preview:lcd&00010000000000440000288000000000wfNamjzkzT1BNRD8ypz8XHsvOxfIrTqsHwI3yUHxIfc=wfNamzz0zTIHYFyo8Jz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfKje5hGajxDqhyz/wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa/+1aiddgmCcgJOGJOHDz1NMK0yOtXorXaNjQs8x8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaGTc4f9uJpg1CN1n1v3n8ScqDkH5Q72kENFqoEU0IBAjOeW8Z5UXPSh6VQgER3kQUB75gR+YlRZgOFEygpaacvJBa+TPwRA0JZu9N3WqHCJ5vks/0gCGrjPfiTI/mokBWgEreobDjQm1Kde/FtiCB+rXId1re1yiwdcSgih/kSGGEPnIGAxskVVCkrqpWfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3BazkDIzxWRljT7f7tmBmM3Ow5R5RSIhfIU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXW/i/D3+6uPuIuYB08ysfAiTYn7OJbAGvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TWqMfxM/i+Z8rZw8qUzh8hvZukWUF/KvM30Y6xgaTI6EkhhcGbsfIubxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPy/Pe2AorFKBfy3gDfsF/bSeAfLZ8lv0gL8JrbukctqROb8gViqsrj3bz1esn4PYRWw3BW3ICa+DfiHRQZ7q83b6piThqYzV41yqG+1ytB72H1+AhBDNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\fotkRds.lcd (copy)

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (424), with no line terminators
                                              Category:dropped
                                              Size (bytes):424
                                              Entropy (8bit):5.806054763135282
                                              Encrypted:false
                                              SSDEEP:6:5uRL07KUqCkuYOH6jZPTxDtoIbL6zn9qjAWQbiyT8/KjXPlvNsKOioDUX0bOWxTh:wWIdo6lPTvnFTx/KTpNsoR0yWx5LT
                                              MD5:BABA88923DACAC1B9FFCCD1CAA783903
                                              SHA1:BD9C1D4176B709671310EB31C197E54311DF2E09
                                              SHA-256:06793859377ADE0F42F713178559A3189B9118884CC9D783E98C36820BEAB899
                                              SHA-512:C834660D40616847458D21287692BB809101653EE8A29EB24AAC7D7AC6D9967BD78866081216848E073D50ED2E30EF4219CC13BB494A5F6C0201B27CEA5D0ED8
                                              Malicious:false
                                              Preview:lcd&00010000000000440000034400000000wfNamjzkzT1BNRD8ypz8XHsvOxDIrTqsHwI3AUHxIes=kbccyFKVplJvaECkypz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItsCkQ/dXPjsSvY2BO/XOfKySo1De21+ly3//wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa//EAxVz4xD1gJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaSH5sOoTY02Q2UhCYzxaPIKTkon5Q72kENFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvA==

                                              C:\ProgramData\FileOpen\Updates\Lists\is-9F2R0.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (1104), with no line terminators
                                              Category:dropped
                                              Size (bytes):1104
                                              Entropy (8bit):5.9577061260906765
                                              Encrypted:false
                                              SSDEEP:24:q7VsiyT/NCkWaPIHxby827qIlU7gXcwl9ji5JMvX:uwjNFIRmPVU8qO/
                                              MD5:DE68D51F9BFED85374972FC4B778C7FE
                                              SHA1:70CF0EB0A85E503F56D91404E3C25D140FA462F4
                                              SHA-256:3115D9807B7F4558FA79D09F3DDEBCFD41AF2FA4761B006F108F9817165F0665
                                              SHA-512:37FE62C56CDC889B321C650D87554715113710E081BAE7B35F7C8D52DEF73A7C3E28FDDACD3BBF48270BCBFAEA27DFDA49E0D5E6DEC1A9EF9E8A1B88085EF53A
                                              Malicious:false
                                              Preview:lcd&00010000000000440000102400000000wfNamjzkzT1BNRD8ypz8XHsvOxXIrTqsHwI34UHxIeE=wfNamnCHuURBKRDthvWPRAgvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7ODfFtlsckytW6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfK2VR1Da20mlyn//wjnYGiYOORGAUOEdvTam5ELOkK7FtT4KU8IqRnwrzECsQsuEa/+1aiddgmCcgJOGJOGloCcnZyLpxnorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WkLzkGLRbvRkdQe/gv3PFPaGTc4d5jnwH5CN1n1/BaSL6Pk5QwxmwBrWimoEU0IBA6ZMCFfpB3PSh6VQgF3sTB/RNAGNOYlRZgOFEygpaacvJBa+TPwRA0JZu9N3WqHCJ9oTM/9gCirhvfiTF3mokBWgEreo+CHMAMOEJyukj2YlMGtBR6svl7VB7egih/kSGGEPnIGAxskVVCkrqowEqCiALKN+3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3cOZAGLhleRljT7f2dmBmM3Ow5R5kT46oAU4Q0Fm7KLsn/tW48R7wJpKRyHT1OkxMuL8xtGwK52AZN6KGJTXrGgcfrLiOHzXWWksHytorOvcqNT4Zz+NUbHJyyeauJSvGct3NvzvmAw75oIGOv5KOHUIey+7KPWU4jWqMfxYZ3UAqmtpq7QonNSvZukWUF/Kvhnlcic2eegiSdG4MH93oZFPXOzjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYcBdLoD0oAp62ZFCI+gBxPPy/Pe3UREfc0KjzsDMK42A03lH8IV+ZNTL8JrbukctqROb8gViqsrj3bz1etBj4J6FWSyW3ICa+DfiHRQZ7q83b6piThqYzV41yqG+1ytB7nGWbAUPjFuerDMMFZdohKwKMja7gBlbCZj/E9kgFfUTywf

                                              C:\ProgramData\FileOpen\Updates\Lists\is-CKRT4.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (424), with no line terminators
                                              Category:dropped
                                              Size (bytes):424
                                              Entropy (8bit):5.806054763135282
                                              Encrypted:false
                                              SSDEEP:6:5uRL07KUqCkuYOH6jZPTxDtoIbL6zn9qjAWQbiyT8/KjXPlvNsKOioDUX0bOWxTh:wWIdo6lPTvnFTx/KTpNsoR0yWx5LT
                                              MD5:BABA88923DACAC1B9FFCCD1CAA783903
                                              SHA1:BD9C1D4176B709671310EB31C197E54311DF2E09
                                              SHA-256:06793859377ADE0F42F713178559A3189B9118884CC9D783E98C36820BEAB899
                                              SHA-512:C834660D40616847458D21287692BB809101653EE8A29EB24AAC7D7AC6D9967BD78866081216848E073D50ED2E30EF4219CC13BB494A5F6C0201B27CEA5D0ED8
                                              Malicious:false
                                              Preview:lcd&00010000000000440000034400000000wfNamjzkzT1BNRD8ypz8XHsvOxDIrTqsHwI3AUHxIes=kbccyFKVplJvaECkypz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItsCkQ/dXPjsSvY2BO/XOfKySo1De21+ly3//wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa//EAxVz4xD1gJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaSH5sOoTY02Q2UhCYzxaPIKTkon5Q72kENFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvA==

                                              C:\ProgramData\FileOpen\Updates\Lists\is-DNLJ4.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (2640), with no line terminators
                                              Category:dropped
                                              Size (bytes):2640
                                              Entropy (8bit):5.987942858685715
                                              Encrypted:false
                                              SSDEEP:48:jDSdbGs0gEvopAOW+ChoamiiaAlptDCHdWdy5jqbx3saHOHz8:Sd10PAXnCuamiivAHkdaqb298
                                              MD5:7F9D763543F94CA15B7158ADA872C7E4
                                              SHA1:9661F3C85A6E583EB455E50488530D40B5FD6C56
                                              SHA-256:6E3C654DA94BF2DAB61704FA4787747DA578DF0EA8A7B808A7943E1D506FB373
                                              SHA-512:0F2ACD1B623362B15C1D634B6E18E14452EAE3BA6F984EEEF2496094EBB258B62EDA2CE607FC99F571EEF54E92507650BB83BA2EBBEAAC223D2346D343DEA871
                                              Malicious:false
                                              Preview:lcd&00010000000000440000256000000000wfNamjzkzT1BNRD8ypz8XHsvOxHIrTqsHwI3AUHxIeY=hIsq91OGqEVBKRDtypz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItvWYdchWLTUFk+j5XvXOfKySo1De21+ly3//wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa//6H1Mx7Q/3gJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPadkJME7TmzSMnTzz1v3n8ScqDkH5Q72kENFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvNE5i1ySJXkpNIosuQ/1CJ5vks/0gCGrjPfiTI/mokBWgEreobDjQmoOEJyuwk/x+rXId1re1yiwdcSgih/kSGHFXQBpUX8XZ37B1s9WfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3YJgAGPhkGRljT7f7tmBmM3em0jinbp8fIU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXWWksHytorOvcuIwk/OcVDLpQlT7auJSvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TWqMfxM/i+Z8rZw8qUzh8hvZukWUF/Kvgm9rrzu4bUqWU0j6r+w/IubxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPqpCst2hZe8hv/RVmBqR/bSeAfLZ8lv0gL8JrbukctqROb8gViqsrj3bz1esn4PYRWw3BW3ICa+DfiHRQZ7q83f/K+1cIAkFYlln1ki/ZZta1h7ASPjNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\is-KNQ1D.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (720), with no line terminators
                                              Category:dropped
                                              Size (bytes):720
                                              Entropy (8bit):5.900569033555435
                                              Encrypted:false
                                              SSDEEP:12:4IHoMwA+gmo1buxC1iXXTpNsoUSFLuQPC+ZkGVg0J3DAiWNOcoJAAijBuDotI:/HoMwAyoMCkXXlWo1LE+2GK0Jal6
                                              MD5:55D02DA6997B22D40AC0BBD083D0D79E
                                              SHA1:5802069EBC18E6B83EF9974E1E88A5DC9AEF3F16
                                              SHA-256:323CA3057BBCD45288E40132953CD66B7F2AA1A403FA3D336F7E395FB51F94C3
                                              SHA-512:4B78F7B57FD666ADA151CFEF2ABAB34A09B5270BE7F7651AEF0AAA1263512C8B35DCB09B70481F010D10417F9D71D13B86A6A51DC77C0FDCA6D50BC5561D69A5
                                              Malicious:false
                                              Preview:lcd&00010000000000440000064000000000wfNamjzkzT1BNRD8ypz8XHsvOxPIrTqsHwI3+UHxIe0=pZZamzz0zTdBKRDtypz8MB1AT3+XyV+tHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfKySo1Dc6W+U/1LP9frqI3I/DCuxZZdD6h+m5ELO3M+r0ktrNKdZRnwrqjKsQsuEa/+1aiddgmCcgPXpUIqcqSFMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaGTc4f9uJpg1CN1n3jUnNfeezp1Ni1j01BmCaIXc4NFSZMCFfpB3PSh6VQgER3kQUfdZgR+YlRZgOFEygpaacvPY1jVivPmUJZu9N3WqHCJ5vks/0gCGrjPfiTI/mokBWgEreobDjQmoOEJyuwk/x+rXId1re1yiwdcSgih/kSGGEPnIEMSsVYX2UlodmS4D4cvrOy02QQ6VQRjAdpaFIUKJ3ZnPmCKwRAkxF6Ypjp3YJgAGPhkGRllKUC9A5bAI3Ow5R5RSIhfIU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXWWksHyvkIOeRI5j2LHOAxL2ERavWdhijDwqPNv4vmsw6JoIGDH5KOHU

                                              C:\ProgramData\FileOpen\Updates\Lists\is-L7T53.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (2960), with no line terminators
                                              Category:dropped
                                              Size (bytes):2960
                                              Entropy (8bit):5.986739218510661
                                              Encrypted:false
                                              SSDEEP:48:3jiESWGhYjEvKaAZ/m7g5Tk0oqmiia4k7qYebCuFbx3JnFpOHdxK/xB:3WYQyPukGNqmii27qYsFbAK/xB
                                              MD5:DD46349E256F66DA49E6ED04DAD039DE
                                              SHA1:32929544444286C63FA674F56BD19171EB851AAB
                                              SHA-256:D658B0AA15C2E36AD2C4C08BCED8693E525387822A1604DAA26D81BBFB6DF6B1
                                              SHA-512:29E9BDCBE21D95DF93FABAF280B90C7FF860B64D692F2492ED642479C0306118F2032EDB6E7FA216687EFB963E71C4F691BAA301060BAE838916047B2AE782EF
                                              Malicious:false
                                              Preview:lcd&00010000000000440000288000000000wfNamjzkzT1BNRD8ypz8XHsvOxfIrTqsHwI3yUHxIfc=wfNamzz0zTIHYFyo8Jz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfKje5hGajxDqhyz/wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa/+1aiddgmCcgJOGJOHDz1NMK0yOtXorXaNjQs8x8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaGTc4f9uJpg1CN1n1v3n8ScqDkH5Q72kENFqoEU0IBAjOeW8Z5UXPSh6VQgER3kQUB75gR+YlRZgOFEygpaacvJBa+TPwRA0JZu9N3WqHCJ5vks/0gCGrjPfiTI/mokBWgEreobDjQm1Kde/FtiCB+rXId1re1yiwdcSgih/kSGGEPnIGAxskVVCkrqpWfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3BazkDIzxWRljT7f7tmBmM3Ow5R5RSIhfIU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXW/i/D3+6uPuIuYB08ysfAiTYn7OJbAGvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TWqMfxM/i+Z8rZw8qUzh8hvZukWUF/KvM30Y6xgaTI6EkhhcGbsfIubxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPy/Pe2AorFKBfy3gDfsF/bSeAfLZ8lv0gL8JrbukctqROb8gViqsrj3bz1esn4PYRWw3BW3ICa+DfiHRQZ7q83b6piThqYzV41yqG+1ytB72H1+AhBDNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\is-O4NSE.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (7568), with no line terminators
                                              Category:dropped
                                              Size (bytes):7568
                                              Entropy (8bit):5.994994247200588
                                              Encrypted:false
                                              SSDEEP:192:by7MRsGZtKD5PXgQn2aZgqi3ycNBiEd5vtgZ86VVV0Kq:uIRsgg5P12aiqI5v63GKq
                                              MD5:8C21D08BA2B447A7C85FA5575A3E57EE
                                              SHA1:A07E68F1613AD29A8274A07B6EC03B6266C06F15
                                              SHA-256:BB6DFD0A1F9FA1658FA75BDC117F601398D9D132453EE7A7D1B858AED29E42F9
                                              SHA-512:0AB5767C4EE3D0CFBA28174C8A3FB6BB9326E1BF66554AEFD4549C41FA096DEEFE76A6150DA3C577E6C99B40EFD3151C0A96D6460F3DD266F5928156D58CF56A
                                              Malicious:false
                                              Preview:lcd&00010000000000440000748800000000wfNamjzkzT1BNRD8ypz8XHsvOxLIrTqsHwI36UHxId8=wfNamzz0zTYLRniD6tiTVXsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3jLSxC9j+TIGikgTu62WV+0XP8o3YGiYOORGAV61z2kWm5Dev3M+r00trNKdZRnwrzECsQsuEa/+1aiddgmCcgJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/Wg+HnC0aIboouUpqu3BBmbuIwcIJduJpg1CN1n1v3n8ScqD5RdQ72kHNFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvJBa+TPwRA0JZu9N3WqHCJ5vks/0gCGrjMXSfbnLk3B7snKKkIbZcVk0IKz0wk/x+rXId1re1yiwdcTVFh/kSGCEPnIGAxskVVCkrqpWfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3YJgAGPhkGRljT7f7tmBmM3CT5g0zm4vN8l1lk0/frX6DG4GYV+nXYaKRyHT1OkxMuL826DwK52AJN6KGI1McXLIYi4iOHzXWWksHytorOvcqNT4Zz+NUbHJyyeauJSvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TkmPbHHsiHSvvul/ui9CoVh6uUA0F/Kvhnlcic2eegiSdGlTibsfIvbxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPy/Pe2AorFKMKjzsDfsF/bRWwTYBRpsQNHvU/X98mg5B0X/hPiqsrj3bz1esn4PYRWw20oXICa+HfiHRQZ7q83b6piThqYzV41yqG+1ytB7jBh7ASPjNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\ProgramData\FileOpen\Updates\Lists\is-OQA7C.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):80
                                              Entropy (8bit):4.142037796599528
                                              Encrypted:false
                                              SSDEEP:3:5VvXjyoyRd2tUquhItSjt/n:5k7KUquhItSt/n
                                              MD5:CA943A39A4F5DD13E54089690FEC080A
                                              SHA1:0DC95BE92BF165A841D1881BC2A14212C31F4792
                                              SHA-256:FDF6D2CBF65EDCF9E84B66D484BA0FD18FAD427E3EB1BF332C94CADDF1D7EC63
                                              SHA-512:EE0051B72252A61399E53288CD23EEE59CA4A7139E941A07B750281CFCB77BFD143453BF86F54C03CAD39CABECA7CEC2C5E4D1DC1B8A41E16FB174FA131966FE
                                              Malicious:false
                                              Preview:lcd&00010000000000440000000000000000wfNamjzkzT1BNRD8ypz8XHsvOxzIrTqtHwI3gUHxIek=

                                              C:\ProgramData\FileOpen\Updates\Lists\is-THTBB.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:ASCII text, with very long lines (7248), with no line terminators
                                              Category:dropped
                                              Size (bytes):7248
                                              Entropy (8bit):5.997073501805218
                                              Encrypted:false
                                              SSDEEP:192:bfzTsUutE1urhpa053dRffUnm309gNCSBgEYpKn2qV/2:bfzTsVEwrTV3zHIUYJpjz
                                              MD5:30FE73410C791D4BF1D7A1FDCEA9E54A
                                              SHA1:ED3EB0A5F503D1B7F84D19592249E0E7409E31EB
                                              SHA-256:366C3AA0A8F734B055D685D1B4783C95B2E1830B7F25319B3577FFA3E66AA2B5
                                              SHA-512:DD76385E04704077E0972DB4BB58629538884A316F8B8EC5C75B7597B66D80A5C20C243A6BA70F67F4492C95BB86D04053E8F7D7DFD8CFF5BC803B286C52FF2D
                                              Malicious:false
                                              Preview:lcd&00010000000000440000716800000000wfNamjzkzT1BNRD8ypz8XHsvOxbIrTqsHwI3AUHxIcM=kbcczG69mWVBKRDtypz8MHsvOxTIrTqtHwI3gUHxIekwE6ovym/yVrUZP7PlEy8O/bpGxm6LzApWOK3fYHRItpDgBaQ5X1B3vY2BO/XOfKySo1De21+ly3//wtfYGiYOORGAV61z2kWm5ELO3M+r0ktrNKdZRnwrzECsQsuEa//lLmEWxmCcgJOGJOHDz1NMK0yOtXorXaAlEp0E8UW2oOSovzkqnXNsMwnohZZA/WgMLkGCRbbRj9Qe/tz3PFPaSXN+NJ+Jpg1CN1n1v3n8ScqDkH5Q72kENFqoEU0IBA6ZMCFfpB3PSh6VQgER3kQUB75gR+YlRZgOFEygpaacvNEetnG1FF49Zu9N3WqHCJ5vks/0gCGrjPfiTI/mokBWgEreobDjQmoOEJyuwk/x+rXId1re1yiwdcSgih/kSGGEPnIGAxskVVCkrqpWfdTJRMD++3egc/9QRjAdpaFIUKJ3ZnPmCKwRaC1F6Ypjp3YJgAGPhkGRljT7f7tmBmM3ekoep1HY1scU4Q0Fy8Di3AuIKd9+nXYaKRyHT1OkxMuL8xtGwK52AZN6KGI1McXLIYi4iOHzXWWksHytorOvcuIXqM+qAUbHJyyeauJSvGYqPNv4vmsw6JoIGDH5KOHUIey+6PGyP+TWqMfxM/i+Z8rZw8qUzh8hvZukWUF/Kvg3xovOkLf0vCdG4MGbsfIubxfAjSfQ67XKl1B+H+h5HWyMsKSPrntxQhi4sgM5tYYGqroP0o0p+GZFCESgBxPPireXi14eFKMKjzsDfsF/bSeAfLZ8lv0gL8JrbukctqROb8gViqsrj3bz1esn4PYRWw3BW3ICa+DfiHRQZ7q83e76ymojM2FN1yqG+1ytB7jBh7ASPjNuaLDMMIVdohKwKMja6EIQH1Rj/E9kwja6IUl7

                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3035004, file counter 22, database pages 16, 1st free page 12, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 22
                                              Category:dropped
                                              Size (bytes):65536
                                              Entropy (8bit):4.151918324786366
                                              Encrypted:false
                                              SSDEEP:384:vedThotEL38KXlOmrhSZsLRGlMapvC+8ZsLTT1SwIvV:JK+ZsL7ZsLP1iV
                                              MD5:D058D6CD99A7455EEBBF633D891E4B5E
                                              SHA1:70F65A4153CE5926CA34B09AFCAE78046F7925DE
                                              SHA-256:9F762476756F2A65B023D16D651F6BC63ACF9C59D19A86EF70A19D2702545A0C
                                              SHA-512:31C9FCED9D45CF69D376A00578B5B1B6D2D05A7C2E2A6B65F18EE761BA5AAA7B81B8901E134DA1644F86726CDEC2F6C8BFA711A684D873CC4DF114BC75D999CC
                                              Malicious:false
                                              Preview:SQLite format 3......@ ..........................................................................O|......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:SQLite Rollback Journal
                                              Category:dropped
                                              Size (bytes):8720
                                              Entropy (8bit):3.2041765369956123
                                              Encrypted:false
                                              SSDEEP:48:7MWECiolVaioldol1Nol1Aiol1RROiol1+EMol1C0f5ol15iolBxqumFTIF3XmHd:7F9paSMm0SjG9IVXEBodRBkD
                                              MD5:D2B7CE307691325B4E04CF50EEAD8E30
                                              SHA1:3FD1DB1CC08735BF7D7387426266B34F0573CEA4
                                              SHA-256:3E45607EED54B74890CC34DA0B7C58CD3D983BA4489523E1BC1A53C6F6CC1FD9
                                              SHA-512:D73A637025FEFAF0D8EF27FD52509BFDE0F55A3194328D9F6C13A0D9FD248D5DAB3F2C65D08DA76C2A4D8819003A5B030FD5A8E6D09266CE2224472F9E5454F4
                                              Malicious:false
                                              Preview:.... .c.....Z\.E.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...../.y..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt22.lst.1460

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:PostScript document text
                                              Category:dropped
                                              Size (bytes):110694
                                              Entropy (8bit):5.190261286653695
                                              Encrypted:false
                                              SSDEEP:1536:JgN4DipADWp1ttawvayjLgs1RY4V9gMRpF6j37cNp3yrjDlro/qu9rp:WaDls1RY4V9gMRpF6j37cNp3yrjA
                                              MD5:F94C322499A42D2F2D40561BB14B8397
                                              SHA1:526645D16C28BF57406A8B96AB27A97C8AFD21F6
                                              SHA-256:A3A862B90DE7C071196DD65C81C6E6DAAB486537FF4CABF5003D2411B2CE9B42
                                              SHA-512:1E31084AC3D1484E88970026FF7BAD1F6C4E5CC5B09A53B20A49833878A0A983E1E7778CE8B74C2CAC24F1F77DBA372771D761A7D06C031C504596BF17A29E3A
                                              Malicious:false
                                              Preview:%!Adobe-FontList 1.22.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.hasSVG:no.VariableFontType:NonVariableFont.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-Black.FamilyName:Arial.StyleName:Black.MenuName:Arial Black.StyleBits:0.WeightClass:900.WidthClass:5.AngleClass:0.FullName:Arial Black.WritingScript:Roman.hasSVG:no.VariableFontType:NonVariableFont.WinName:Arial Black.FileLength:167592.NameArray:0,Win,1,Arial Black.NameArray:0,Mac,4,Arial Black.NameArray:0,Win,1,Arial Black.NameArray:0,Win,16,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:PostScript document text
                                              Category:dropped
                                              Size (bytes):110694
                                              Entropy (8bit):5.190261286653695
                                              Encrypted:false
                                              SSDEEP:1536:JgN4DipADWp1ttawvayjLgs1RY4V9gMRpF6j37cNp3yrjDlro/qu9rp:WaDls1RY4V9gMRpF6j37cNp3yrjA
                                              MD5:F94C322499A42D2F2D40561BB14B8397
                                              SHA1:526645D16C28BF57406A8B96AB27A97C8AFD21F6
                                              SHA-256:A3A862B90DE7C071196DD65C81C6E6DAAB486537FF4CABF5003D2411B2CE9B42
                                              SHA-512:1E31084AC3D1484E88970026FF7BAD1F6C4E5CC5B09A53B20A49833878A0A983E1E7778CE8B74C2CAC24F1F77DBA372771D761A7D06C031C504596BF17A29E3A
                                              Malicious:false
                                              Preview:%!Adobe-FontList 1.22.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.hasSVG:no.VariableFontType:NonVariableFont.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-Black.FamilyName:Arial.StyleName:Black.MenuName:Arial Black.StyleBits:0.WeightClass:900.WidthClass:5.AngleClass:0.FullName:Arial Black.WritingScript:Roman.hasSVG:no.VariableFontType:NonVariableFont.WinName:Arial Black.FileLength:167592.NameArray:0,Win,1,Arial Black.NameArray:0,Mac,4,Arial Black.NameArray:0,Win,1,Arial Black.NameArray:0,Win,16,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):4
                                              Entropy (8bit):0.8112781244591328
                                              Encrypted:false
                                              SSDEEP:3:e:e
                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                              Malicious:false
                                              Preview:....

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:JSON data
                                              Category:dropped
                                              Size (bytes):945
                                              Entropy (8bit):5.084822438547672
                                              Encrypted:false
                                              SSDEEP:24:YFubaRCzi56W9fg56Uxvj56R2clx2LSC56+Xma560OG:YgY8i56W9o56+56RdxY56+Xma56w
                                              MD5:9B25B5445ECA39016DC30DE44FD9539A
                                              SHA1:520C63BEBDC323CC349C6DAA1C8EA30886A18DE3
                                              SHA-256:DB65364D109DCB21B7A0E8B8C3889BAD6AFAFAA63D2A85871FF5081AAD3611D1
                                              SHA-512:17751C25AFBF562BE4BD4E57E0B27BF5CBFD6ABA95B3DCD807F9AF25E75EA560839F1BCDBB053FAC73FAD32581E7D4CFBE8FFA7D9C1AAEE2BC619AFE01D37E4C
                                              Malicious:false
                                              Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1675795219000},{"id":"Edit_InApp_Aug2020","info":{"dg":"2646f0f0f5dd62f2d56ca1c033033c58","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1642668697000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"6b5098d964b65c5397b668715cc670a2","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1393,"ts":1642668697000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"0e188ce3b10d082e729bd3a233cfaf51","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":286,"ts":1642668697000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"74af15052665af89ad7102a0cb63a33a","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1642668697000},{"id":"DC_Reader_RHP_Retention","info":{"dg":"38b4eab1fcf9ab6a31440a452fcbde2b","sid":"DC_Reader_RHP_Retention"},"mimeType":"file","size":287,"ts":1642668697000}],"g_info":{"Version":"0.0.0.1"}}

                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                              Download File
                                              Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):40393
                                              Entropy (8bit):5.517981962339109
                                              Encrypted:false
                                              SSDEEP:384:K7X4oyVFMqnBkPa2wy+QZ0KEJrgL1KsYNg7y:KT4oyVFMQBoaLy+QZ0KEJ6Yyu
                                              MD5:E8E7E38218B5033FEEF933576AD02510
                                              SHA1:38BF9C8E07B2164CA4547D1AC742E503A0D3410C
                                              SHA-256:CA3F67BA69A8BA7848B5D832709B04C180655E7FEE7A7B566B32B5AA1C5CC4C8
                                              SHA-512:896BC5A6E217D7B2A896F465D5CDF21CF5A7DF96B9389E2BF70D3AD0C5F36C9B45E4A1F32D571349E4C7E9C2B881FD934A1C449C7108621D36D9981A6C84091E
                                              Malicious:false
                                              Preview:4.241.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-BoldItalicMT.P:Arial Bold Italic.L:$.........................."F:Arial.#.91.FID.2:o:........:F:Arial-Black.P:Arial Black.L:-.........................."F:Arial Black.#.103.FID.2:o:........:F:Bahnschrift.P:Bahnschrift Light.L:&...............,.........."F:Bahnschrift Light.#.

                                              C:\Users\user\AppData\Local\Temp\Setup Log 2023-02-07 #001.txt

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):21453
                                              Entropy (8bit):5.12277210742906
                                              Encrypted:false
                                              SSDEEP:384:hwZpMJvlfGLekAD6BFxie6vjphYjSYfJ00c:h+8mjlfJ00c
                                              MD5:74BEFA61F838AD6178FD091F41640A01
                                              SHA1:4F01B78C105F010882965AA1703DE7364BFD4785
                                              SHA-256:1A4F9AE259E6008493B0C11CC8E9C22D856A95337213382FEA2B5ACFBD1A7737
                                              SHA-512:600D99672AB1B074A590A31A7BD547F79EF1894FBB377DEDBDA2702586AFE8B509D962133DF40910A261B73B7A31C227BA512FBD13AACE3B1BE4707738463E89
                                              Malicious:false
                                              Preview:.2023-02-07 18:39:47.989 Log opened. (Time zone: UTC+00:00)..2023-02-07 18:39:47.989 Setup version: Inno Setup version 6.0.4 (u)..2023-02-07 18:39:47.989 Original Setup EXE: C:\Users\user\Desktop\FileOpenInstaller.exe..2023-02-07 18:39:47.989 Setup command line: /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe" ..2023-02-07 18:39:47.989 Windows version: 10.0.19042 (NT platform: Yes)..2023-02-07 18:39:47.989 64-bit Windows: Yes..2023-02-07 18:39:47.989 Processor architecture: x64..2023-02-07 18:39:47.989 User privileges: Administrative..2023-02-07 18:39:48.333 Administrative install mode: Yes..2023-02-07 18:39:48.333 Install mode root key: HKEY_LOCAL_MACHINE..2023-02-07 18:39:48.333 64-bit install mode: Yes..2023-02-07 18:39:48.333 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-K56MV.tmp..2023-02-07 18:39:48.380 -- DLL function import --..2023-02-07 18:39:48.380 Function name: OpenSCManagerW..2023-02-07 18:39

                                              C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\UtilDll.dll

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):223744
                                              Entropy (8bit):6.552035196075477
                                              Encrypted:false
                                              SSDEEP:6144:Q4L7/E4GpmEXrLTilLKvMoiLQpQuK2cVAORcC75FI:K4GpmEXrLTiwvlQjuK2arR5FI
                                              MD5:79F2386CF7296E8661997193CF01BAAD
                                              SHA1:726FEA5EABC5B38981B1D6CC5B8BE01212C90616
                                              SHA-256:101EBA215EF5F833EC332DA2C803FBFF060EB55F32A88EC261B5C4192528E6DD
                                              SHA-512:123F4FFA772FDE8F901ABF12C49B78EB81975E5E5F38A8EF80C10B4CA08DA422C42EE72F51155FC87A6726217A29B0E8BF22CB927347D324D41E87485C5EFF7E
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|....p...p...p.us...p.uu.n.p.ut...p..mt...p..ms...p..mu..p.uq...p...q..p.Nly...p.Nlp...p.Nl....p.......p.Nlr...p.Rich..p.........PE..L...[F9`...........!.....$...P..............@............................................@..........................<..l....>..x....p.......................... "......p...............................@............@...............................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...T....P.......0..............@....rsrc........p.......@..............@..@.reloc.. ".......$...F..............@..B................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\_isetup\_setup64.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                              Category:dropped
                                              Size (bytes):6144
                                              Entropy (8bit):4.720366600008286
                                              Encrypted:false
                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp

                                              Download File
                                              Process:C:\Users\user\Desktop\FileOpenInstaller.exe
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):3119936
                                              Entropy (8bit):6.073128166324036
                                              Encrypted:false
                                              SSDEEP:49152:IR/KpmZubPf2S8W2ILeWl+C1p9jWy5Mnd0wigbLNDH:O/jtYLP1Sy5i0qH
                                              MD5:B7988AC379CEAA456BAA3EF19EB55263
                                              SHA1:15C13A91E64739C76FF48E20C5BB4182AAD94339
                                              SHA-256:69383793D354F2A95D88F610B0559F321F37C97197554CD1E9D6D30B038C352D
                                              SHA-512:22D4544911F496B22AF502869CBDFBC371617A418EB8010319D1842A862F84CA2CA23F1BE505C5F03BD404CB2EE5E489B1FE86B3047356ACE3965F5494AA9FA6
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....m^..................%...........%.......%...@..........................`0.....5./...@......@....................'.......&..5...0'.|+...........z/.@!................................... '.....................L.&.H.....&......................text.....%.......%................. ..`.itext...&....%..(....%............. ..`.data...dZ....%..\....%.............@....bss.....x...0&..........................idata...5....&..6....&.............@....didata.......&......@&.............@....edata........'......J&.............@..@.tls....D.....'..........................rdata..].... '......L&.............@..@.rsrc...|+...0'..,...N&.............@..@............. (......:'.............@..@........................................................

                                              C:\Users\user\AppData\Roaming\FileOpen\Fowpmadi.txt

                                              Download File
                                              Process:C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):5.52764247057246
                                              Encrypted:false
                                              SSDEEP:3:39+/34y9q4LlIUBncPA5Vw+en:tRl4F15q
                                              MD5:61010E7699F30FEED1B3E7C73AC21C8C
                                              SHA1:5F237B4BD6FD54912ECFACADCE758288EAD907AE
                                              SHA-256:964A8D039AB66591B3562204CB488DC12B43D262484D6D005895ADB64EED9F5B
                                              SHA-512:B71C82D414DB61DCA65894BF8A911EDF6B5DBEDEAD5B4F0A25A41F6721A13AC53C32E82E58A5ED58B781BD49B51696349EF6A1CB4AFE87B502DCCFDCBF9E1F3C
                                              Malicious:false
                                              Preview:..*.I%.1./....]...p.S.f....).-7..d}.5..*7i%.\7K2...)m...

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.779130580328553
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 98.45%
                                              • Inno Setup installer (109748/4) 1.08%
                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              File name:FileOpenInstaller.exe
                                              File size:6831336
                                              MD5:599ebd4af31288db879786f49bf9487d
                                              SHA1:ee40630abcb1fe05051c3f832c72c2ee99722c35
                                              SHA256:f469734bc576a00e113bc43b1b1a13de3c74f5370c5b9db8b9289bd9cf8aac31
                                              SHA512:1f5ab864f07bfc0900eefbc5dbc94ead881156262bf401b46c188a9b51af54247d406eb225f7d7479e75817150313e7ddefadf85ca0edc960f34f4db5d4d3f30
                                              SSDEEP:98304:ZEVrLQI+bHRk0ryjyKY0hMrF2t2nvuk9orCFrGD4pStQgyCsadx0tJnX1BzNE3:sMdDRk0+WG4QCOugtsa70ttX1da3
                                              TLSH:6E6602AF73A6902ED86A8AF105BAD3104C776F115C06CCDA13F0E5CCDB369A0FD2A655
                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                              File Icon

                                              Icon Hash:c0d4d4d4d4d4dc60

                                              Static PE Info

                                              General

                                              Entrypoint:0x4b5eec
                                              Entrypoint Section:.itext
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x5E6D1B8D [Sat Mar 14 17:59:41 2020 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:6
                                              OS Version Minor:0
                                              File Version Major:6
                                              File Version Minor:0
                                              Subsystem Version Major:6
                                              Subsystem Version Minor:0
                                              Import Hash:5a594319a0d69dbc452e748bcf05892e

                                              Authenticode Signature

                                              Signature Valid:true
                                              Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                              Signature Validation Error:The operation completed successfully
                                              Error Number:0
                                              Not Before, Not After
                                              • 02/03/2021 00:00:00 01/03/2023 23:59:59
                                              Subject Chain
                                              • CN=FileOpen Systems Inc., O=FileOpen Systems Inc., L=Santa Cruz, S=California, C=US, SERIALNUMBER=5070649, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
                                              Version:3
                                              Thumbprint MD5:672CE4183DD35C3C4E6ABD4CAF549C09
                                              Thumbprint SHA-1:42E58D6C0DCC7076DDEB6E71534CB1F0913CD6C9
                                              Thumbprint SHA-256:BB460A91449CA5F96957CE80966CF8CC861F26A2FAA340DD81D50A41B9885AE8
                                              Serial:0FDAD5722CB13F7F2013A1CA98D144FE

                                              Entrypoint Preview

                                              Instruction
                                              push ebp
                                              mov ebp, esp
                                              add esp, FFFFFFA4h
                                              push ebx
                                              push esi
                                              push edi
                                              xor eax, eax
                                              mov dword ptr [ebp-3Ch], eax
                                              mov dword ptr [ebp-40h], eax
                                              mov dword ptr [ebp-5Ch], eax
                                              mov dword ptr [ebp-30h], eax
                                              mov dword ptr [ebp-38h], eax
                                              mov dword ptr [ebp-34h], eax
                                              mov dword ptr [ebp-2Ch], eax
                                              mov dword ptr [ebp-28h], eax
                                              mov dword ptr [ebp-14h], eax
                                              mov eax, 004B10D8h
                                              call 00007FF854A91215h
                                              xor eax, eax
                                              push ebp
                                              push 004B65DEh
                                              push dword ptr fs:[eax]
                                              mov dword ptr fs:[eax], esp
                                              xor edx, edx
                                              push ebp
                                              push 004B659Ah
                                              push dword ptr fs:[edx]
                                              mov dword ptr fs:[edx], esp
                                              mov eax, dword ptr [004BE634h]
                                              call 00007FF854B33927h
                                              call 00007FF854B3347Eh
                                              lea edx, dword ptr [ebp-14h]
                                              xor eax, eax
                                              call 00007FF854AA6C88h
                                              mov edx, dword ptr [ebp-14h]
                                              mov eax, 004C1D3Ch
                                              call 00007FF854A8BE07h
                                              push 00000002h
                                              push 00000000h
                                              push 00000001h
                                              mov ecx, dword ptr [004C1D3Ch]
                                              mov dl, 01h
                                              mov eax, dword ptr [004237A4h]
                                              call 00007FF854AA7CEFh
                                              mov dword ptr [004C1D40h], eax
                                              xor edx, edx
                                              push ebp
                                              push 004B6546h
                                              push dword ptr fs:[edx]
                                              mov dword ptr fs:[edx], esp
                                              call 00007FF854B339AFh
                                              mov dword ptr [004C1D48h], eax
                                              mov eax, dword ptr [004C1D48h]
                                              cmp dword ptr [eax+0Ch], 01h
                                              jne 00007FF854B39FAAh
                                              mov eax, dword ptr [004C1D48h]
                                              mov edx, 00000028h
                                              call 00007FF854AA85E4h
                                              mov edx, dword ptr [004C1D48h]

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x88578.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x681ba80x2140
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000xb36040xb3800False0.34484761272632314data6.354329115342966IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .itext0xb50000x16840x1800False0.5445963541666666data5.970901565517897IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .data0xb70000x37a40x3800False0.36104910714285715data5.0421620677813435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .bss0xbb0000x6da00x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .idata0xc20000xf360x1000False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .didata0xc30000x1a40x200False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .edata0xc40000x9a0x200False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rdata0xc60000x5d0x200False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .rsrc0xc70000x885780x88600False0.05596571379468378data3.1574910512692473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0xc77980x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144EnglishUnited States
                                              RT_ICON0x1097c00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States
                                              RT_ICON0x119fe80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States
                                              RT_ICON0x1234900x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States
                                              RT_ICON0x1276b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States
                                              RT_ICON0x129c600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States
                                              RT_ICON0x12ad080x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States
                                              RT_ICON0x12b6900x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States
                                              RT_ICON0x12baf80x12428Device independent bitmap graphic, 256 x 512 x 8, image size 65536EnglishUnited States
                                              RT_ICON0x13df200x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 16384EnglishUnited States
                                              RT_ICON0x142b480x2ca8Device independent bitmap graphic, 96 x 192 x 8, image size 9216EnglishUnited States
                                              RT_ICON0x1457f00x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096EnglishUnited States
                                              RT_ICON0x146e180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304EnglishUnited States
                                              RT_ICON0x147cc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States
                                              RT_ICON0x1485680x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576EnglishUnited States
                                              RT_ICON0x148c300x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States
                                              RT_ICON0x1491980x2868Device independent bitmap graphic, 128 x 256 x 4, image size 8192EnglishUnited States
                                              RT_ICON0x14ba000xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States
                                              RT_ICON0x14c4680x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                              RT_STRING0x14c6500x360data
                                              RT_STRING0x14c9b00x260data
                                              RT_STRING0x14cc100x45cdata
                                              RT_STRING0x14d06c0x40cdata
                                              RT_STRING0x14d4780x2d4data
                                              RT_STRING0x14d74c0xb8data
                                              RT_STRING0x14d8040x9cdata
                                              RT_STRING0x14d8a00x374data
                                              RT_STRING0x14dc140x398data
                                              RT_STRING0x14dfac0x368data
                                              RT_STRING0x14e3140x2a4data
                                              RT_RCDATA0x14e5b80x10data
                                              RT_RCDATA0x14e5c80x2c4data
                                              RT_RCDATA0x14e88c0x2cdata
                                              RT_GROUP_ICON0x14e8b80x110dataEnglishUnited States
                                              RT_VERSION0x14e9c80x584dataEnglishUnited States
                                              RT_MANIFEST0x14ef4c0x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                              Imports

                                              DLLImport
                                              kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                              comctl32.dllInitCommonControls
                                              version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                              user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                              oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                              netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                              advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                              Exports

                                              NameOrdinalAddress
                                              TMethodImplementationIntercept30x454058
                                              __dbk_fcall_wrapper20x40d0a0
                                              dbkFCallWrapperAddr10x4be63c

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Feb 7, 2023 18:40:17.564126968 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:17.564145088 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:17.564351082 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:17.576366901 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:17.576374054 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:17.973437071 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:17.973717928 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.059180975 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.059195995 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.059534073 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.059776068 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.061364889 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.061364889 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.061387062 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.417651892 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.417804956 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.417831898 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.417990923 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.418032885 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.418131113 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.419624090 CET49803443192.168.11.2072.3.136.136
                                              Feb 7, 2023 18:40:18.419634104 CET4434980372.3.136.136192.168.11.20
                                              Feb 7, 2023 18:40:18.786721945 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:18.786739111 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:18.786868095 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:18.787334919 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:18.787343979 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.192358017 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.192694902 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.194992065 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.195024967 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.195450068 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.195997000 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.196116924 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.236479044 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.328406096 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.328579903 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.328623056 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.328874111 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.329595089 CET49804443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.329643965 CET4434980472.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.331896067 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.331989050 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.332298040 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.332508087 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.332551956 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.605200052 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.605422020 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.607630014 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.607639074 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.608886003 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.608921051 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.911317110 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.911520004 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.911544085 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.911575079 CET4434980572.3.136.132192.168.11.20
                                              Feb 7, 2023 18:40:19.911669970 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.914753914 CET49805443192.168.11.2072.3.136.132
                                              Feb 7, 2023 18:40:19.914788008 CET4434980572.3.136.132192.168.11.20

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Feb 7, 2023 18:40:17.513036966 CET5495853192.168.11.201.1.1.1
                                              Feb 7, 2023 18:40:17.554100037 CET53549581.1.1.1192.168.11.20
                                              Feb 7, 2023 18:40:18.452562094 CET6438453192.168.11.201.1.1.1
                                              Feb 7, 2023 18:40:18.785670996 CET53643841.1.1.1192.168.11.20

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Feb 7, 2023 18:40:17.513036966 CET192.168.11.201.1.1.10xc93Standard query (0)usr.fileopen.comA (IP address)IN (0x0001)false
                                              Feb 7, 2023 18:40:18.452562094 CET192.168.11.201.1.1.10x7553Standard query (0)plugin.fileopen.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Feb 7, 2023 18:40:17.554100037 CET1.1.1.1192.168.11.200xc93No error (0)usr.fileopen.com72.3.136.136A (IP address)IN (0x0001)false
                                              Feb 7, 2023 18:40:18.785670996 CET1.1.1.1192.168.11.200x7553No error (0)plugin.fileopen.com72.3.136.132A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • usr.fileopen.com
                                              • plugin.fileopen.com

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.11.204980372.3.136.136443C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              TimestampkBytes transferredDirectionData
                                              2023-02-07 17:40:18 UTC0OUTPOST /check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUX+9uW5qs0U4Ek= HTTP/1.1
                                              Content-type: application/json
                                              User-Agent: FileOpen Client
                                              Host: usr.fileopen.com
                                              Content-Length: 1043
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              2023-02-07 17:40:18 UTC0OUTData Raw: 7b 22 51 22 3a 22 57 75 30 4d 61 69 43 5a 58 2f 39 39 74 30 44 65 55 2b 76 51 65 7a 46 66 38 38 7a 4a 67 4a 64 61 6d 36 41 78 62 42 31 35 52 4f 34 70 4e 47 63 4b 30 68 50 41 2b 76 62 68 59 4f 61 57 39 6b 65 64 37 72 71 66 6b 30 4d 33 74 34 61 4c 48 57 48 44 65 2f 58 79 72 47 4c 36 68 49 68 42 35 65 50 52 34 6a 33 54 39 70 4c 50 66 66 73 51 41 50 36 4e 59 55 68 53 6a 6e 6c 6d 36 4f 61 4c 74 68 38 63 77 56 49 31 58 30 43 71 74 35 68 63 62 53 47 7a 68 30 4d 59 6a 74 48 54 55 62 44 44 5a 2b 2b 46 32 49 63 33 39 4b 55 71 79 38 57 4c 42 52 68 4e 57 44 36 36 36 4f 57 61 6b 4b 37 68 37 7a 75 78 6d 53 72 35 38 54 6b 6e 4d 4d 73 2b 67 2b 32 4f 6f 59 78 68 2b 46 59 32 2f 72 34 77 57 5a 42 35 4f 57 35 73 56 41 52 64 30 44 38 42 76 79 49 4d 63 41 45 43 6c 7a 58 36 4e
                                              Data Ascii: {"Q":"Wu0MaiCZX/99t0DeU+vQezFf88zJgJdam6AxbB15RO4pNGcK0hPA+vbhYOaW9ked7rqfk0M3t4aLHWHDe/XyrGL6hIhB5ePR4j3T9pLPffsQAP6NYUhSjnlm6OaLth8cwVI1X0Cqt5hcbSGzh0MYjtHTUbDDZ++F2Ic39KUqy8WLBRhNWD666OWakK7h7zuxmSr58TknMMs+g+2OoYxh+FY2/r4wWZB5OW5sVARd0D8BvyIMcAEClzX6N
                                              2023-02-07 17:40:18 UTC1INHTTP/1.1 200 OK
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Content-Length: 882
                                              Content-Type: application/json; charset=utf-8
                                              Expires: -1
                                              Server: Microsoft-IIS/10.0
                                              X-AspNet-Version: 4.0.30319
                                              X-Powered-By: ASP.NET
                                              Strict-Transport-Security: max-age=31536000
                                              Date: Tue, 07 Feb 2023 17:40:18 GMT
                                              Connection: close
                                              2023-02-07 17:40:18 UTC1INData Raw: 7b 22 49 64 22 3a 22 67 4c 46 4f 57 37 66 53 79 61 35 64 35 78 31 59 42 4a 31 33 2b 4e 63 31 55 71 39 6c 64 54 31 65 55 4f 62 46 43 61 6e 69 32 47 63 3d 22 2c 22 51 22 3a 22 68 4a 2f 67 47 64 62 34 2b 70 54 57 45 61 55 6c 4f 78 63 6e 76 38 6d 50 65 62 73 54 73 51 76 37 72 51 47 52 4b 77 52 69 6b 47 42 65 31 6b 51 33 31 30 6b 50 2f 76 50 75 58 67 6d 33 6c 63 35 73 62 52 72 39 78 75 5a 38 4c 47 78 4e 2b 69 37 76 35 6d 4a 32 59 72 39 45 67 67 47 5a 59 37 51 45 41 57 4a 6f 4d 37 34 72 61 41 36 7a 65 64 6f 72 64 5a 4a 32 42 31 34 39 52 46 54 59 7a 54 4a 6f 6d 31 76 77 4e 43 48 65 4f 42 4c 46 59 4f 2b 43 62 61 65 36 57 30 38 47 77 54 64 30 68 49 42 46 66 66 38 6b 53 4f 4f 33 66 44 76 64 56 30 76 4b 4a 32 62 4e 46 70 63 73 38 57 69 54 52 65 4c 53 4b 78 69 4a 30
                                              Data Ascii: {"Id":"gLFOW7fSya5d5x1YBJ13+Nc1Uq9ldT1eUObFCani2Gc=","Q":"hJ/gGdb4+pTWEaUlOxcnv8mPebsTsQv7rQGRKwRikGBe1kQ310kP/vPuXgm3lc5sbRr9xuZ8LGxN+i7v5mJ2Yr9EggGZY7QEAWJoM74raA6zedordZJ2B149RFTYzTJom1vwNCHeOBLFYO+Cbae6W08GwTd0hIBFff8kSOO3fDvdV0vKJ2bNFpcs8WiTReLSKxiJ0


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.11.204980472.3.136.132443C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              TimestampkBytes transferredDirectionData
                                              2023-02-07 17:40:19 UTC2OUTGET /installcomplete.ashx?Request=Setting&Stamp=1675795217&Mode=CNR&USR=10007&ServiceID=InstallComplete&DocumentID=D-700&Ident3ID=number3&Ident4ID=number4&DocStrFmt=ASCII&PageCount=0&AdobePermanentId=fe2312a4b89fd64a94044c8c74baef85&AdobeInstanceId=7653cfff47f8504296a48ee78cc73a7d&OSType=Windows&Language=ENU&LngLCID=ENU&LngRFC1766=en&LngISO4Char=en-us&HostAppClass=FileOpen%20Plug-in&HostAppFeatures=001fff7f337ff3ff&Build=998&ProdVer=4.4.0.32&EncrVer=3.9.2.5&Machine=JC8RXKWL&Disk=E8LEL4BB&Uuid=dc8a5f3e-a716-11ed-a50d-d05099db2398&PrevMach=&PrevDisk=&FormHFT=Yes&SelServer=Yes&AcroProduct=Reader&AcroVersion=21.1792&AcroReader=Yes&AcroCanEdit=Yes&AcroPrefIDib=Yes&InBrowser=No&IEProtectedMode=Unknown&HostAppName=&DocIsLocal=Yes&DocPathUrl=file%3A%2F%2F%2FC%7C%2FProgram%20Files%2FFileOpen%2Fexamples%2Finstallcomplete.pdf&VolName=&VolType=Fixed&VolSN=1160136908&FSName=NTFS&FowpKbd=Yes&ScreenHook=Yes&Broker=Yes&RejectedDlls=&OSName=WindowsWin8%2064bit&OSBuild=Build%209200&RequestSchema=Default HTTP/1.1
                                              User-Agent: "Acrobat Reader FileOpen Plug-in"
                                              Host: plugin.fileopen.com
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              2023-02-07 17:40:19 UTC3INHTTP/1.1 200 OK
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Content-Length: 71
                                              Content-Type: text/plain; charset=utf-8
                                              Expires: -1
                                              Server: Microsoft-IIS/10.0
                                              X-AspNet-Version: 4.0.30319
                                              X-Powered-By: ASP.NET
                                              Access-Control-Allow-Origin: *
                                              Strict-Transport-Security: max-age=31536000
                                              Date: Tue, 07 Feb 2023 17:40:18 GMT
                                              Connection: close
                                              2023-02-07 17:40:19 UTC3INData Raw: 52 65 74 56 61 6c 3d 41 6e 73 77 65 72 26 53 74 61 6d 70 3d 31 36 37 35 37 39 35 32 31 37 26 53 74 72 69 6e 67 46 6f 72 6d 61 74 3d 41 53 43 49 49 26 52 65 71 75 65 73 74 53 63 68 65 6d 61 3d 44 65 66 61 75 6c 74
                                              Data Ascii: RetVal=Answer&Stamp=1675795217&StringFormat=ASCII&RequestSchema=Default


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.11.204980572.3.136.132443C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              TimestampkBytes transferredDirectionData
                                              2023-02-07 17:40:19 UTC3OUTGET /installcomplete.ashx?Request=DocPerm&Stamp=1675795218&Mode=CNR&USR=10007&ServiceID=InstallComplete&DocumentID=D-700&Ident3ID=number3&Ident4ID=number4&DocStrFmt=ASCII&PageCount=0&AdobePermanentId=fe2312a4b89fd64a94044c8c74baef85&AdobeInstanceId=7653cfff47f8504296a48ee78cc73a7d&OSType=Windows&Language=ENU&LngLCID=ENU&LngRFC1766=en&LngISO4Char=en-us&HostAppClass=FileOpen%20Plug-in&HostAppFeatures=001fff7f337ff3ff&Build=998&ProdVer=4.4.0.32&EncrVer=3.9.2.5&Machine=JC8RXKWL&Disk=E8LEL4BB&Uuid=dc8a5f3e-a716-11ed-a50d-d05099db2398&FormHFT=Yes&SelServer=Yes&AcroProduct=Reader&AcroVersion=21.1792&AcroReader=Yes&AcroCanEdit=Yes&AcroPrefIDib=Yes&InBrowser=No&IEProtectedMode=Unknown&HostAppName=&DocIsLocal=Yes&DocPathUrl=file%3A%2F%2F%2FC%7C%2FProgram%20Files%2FFileOpen%2Fexamples%2Finstallcomplete.pdf&VolName=&VolType=Fixed&VolSN=1160136908&FSName=NTFS&FowpKbd=Yes&ScreenHook=Yes&Broker=Yes&RejectedDlls=&OSName=WindowsWin8%2064bit&OSBuild=Build%209200&RequestSchema=Default HTTP/1.1
                                              User-Agent: "Acrobat Reader FileOpen Plug-in"
                                              Host: plugin.fileopen.com
                                              Connection: Keep-Alive
                                              Cache-Control: no-cache
                                              2023-02-07 17:40:19 UTC5INHTTP/1.1 200 OK
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Content-Length: 121
                                              Content-Type: text/plain; charset=utf-8
                                              Expires: -1
                                              Server: Microsoft-IIS/10.0
                                              X-AspNet-Version: 4.0.30319
                                              X-Powered-By: ASP.NET
                                              Access-Control-Allow-Origin: *
                                              Strict-Transport-Security: max-age=31536000
                                              Date: Tue, 07 Feb 2023 17:40:19 GMT
                                              Connection: close
                                              2023-02-07 17:40:19 UTC5INData Raw: 52 65 74 56 61 6c 3d 41 6e 73 77 65 72 26 53 74 61 6d 70 3d 31 36 37 35 37 39 35 32 31 38 26 53 65 72 76 49 64 3d 49 6e 73 74 61 6c 6c 43 6f 6d 70 6c 65 74 65 26 44 6f 63 75 49 64 3d 44 2d 37 30 30 26 49 64 65 6e 74 33 49 44 3d 6e 75 6d 62 65 72 33 26 49 64 65 6e 74 34 49 44 3d 6e 75 6d 62 65 72 34 26 43 6f 64 65 3d 6d 6e 6f 70 71 26 50 65 72 6d 73 3d 31 30 35
                                              Data Ascii: RetVal=Answer&Stamp=1675795218&ServId=InstallComplete&DocuId=D-700&Ident3ID=number3&Ident4ID=number4&Code=mnopq&Perms=105


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:18:39:46
                                              Start date:07/02/2023
                                              Path:C:\Users\user\Desktop\FileOpenInstaller.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\Desktop\FileOpenInstaller.exe
                                              Imagebase:0x400000
                                              File size:6831336 bytes
                                              MD5 hash:599EBD4AF31288DB879786F49BF9487D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Borland Delphi
                                              Reputation:low

                                              General

                                              Target ID:4
                                              Start time:18:39:47
                                              Start date:07/02/2023
                                              Path:C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe"
                                              Imagebase:0x400000
                                              File size:3119936 bytes
                                              MD5 hash:B7988AC379CEAA456BAA3EF19EB55263
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Borland Delphi
                                              Antivirus matches:
                                              • Detection: 0%, ReversingLabs
                                              Reputation:low

                                              General

                                              Target ID:6
                                              Start time:18:40:10
                                              Start date:07/02/2023
                                              Path:C:\Windows\System32\sc.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\system32\sc.exe" create FileOpenManager binpath= "\"C:\Program Files\FileOpen\Services\FileOpenManager64.exe\"" start= auto
                                              Imagebase:0x7ff767990000
                                              File size:72192 bytes
                                              MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              General

                                              Target ID:7
                                              Start time:18:40:10
                                              Start date:07/02/2023
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff70dd20000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:8
                                              Start time:18:40:10
                                              Start date:07/02/2023
                                              Path:C:\Windows\System32\sc.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\system32\sc.exe" description FileOpenManager "FileOpen Client Manager"
                                              Imagebase:0x7ff767990000
                                              File size:72192 bytes
                                              MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              General

                                              Target ID:9
                                              Start time:18:40:10
                                              Start date:07/02/2023
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff70dd20000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:10
                                              Start time:18:40:11
                                              Start date:07/02/2023
                                              Path:C:\Windows\System32\sc.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\system32\sc.exe" start FileOpenManager
                                              Imagebase:0x7ff767990000
                                              File size:72192 bytes
                                              MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:11
                                              Start time:18:40:11
                                              Start date:07/02/2023
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff70dd20000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:12
                                              Start time:18:40:11
                                              Start date:07/02/2023
                                              Path:C:\Program Files\FileOpen\Services\FileOpenManager64.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Program Files\FileOpen\Services\FileOpenManager64.exe
                                              Imagebase:0x7ff600a70000
                                              File size:846816 bytes
                                              MD5 hash:2ACE6BC0F8B1752879AD54D4EA1938D9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:13
                                              Start time:18:40:11
                                              Start date:07/02/2023
                                              Path:C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              Imagebase:0x7ff668dd0000
                                              File size:2089968 bytes
                                              MD5 hash:DE1A88EBE38A4EB36E2C88B1A69A0251
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:15
                                              Start time:18:40:15
                                              Start date:07/02/2023
                                              Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" installcomplete.pdf
                                              Imagebase:0x650000
                                              File size:3014368 bytes
                                              MD5 hash:6791EAE6124B58F201B32F1F6C3EC1B0
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language

                                              General

                                              Target ID:16
                                              Start time:18:40:19
                                              Start date:07/02/2023
                                              Path:C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"
                                              Imagebase:0x7ff668dd0000
                                              File size:2089968 bytes
                                              MD5 hash:DE1A88EBE38A4EB36E2C88B1A69A0251
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:1.5%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:19.8%
                                                Total number of Nodes:420
                                                Total number of Limit Nodes:19
                                                execution_graph 55139 7ff600aa1180 55155 7ff600aa0ff0 55139->55155 55141 7ff600aa1191 CreateEventA 55142 7ff600aa11af 55141->55142 55143 7ff600aa11f8 55141->55143 55144 7ff600aa0ff0 SetServiceStatus 55142->55144 55145 7ff600aa0ff0 SetServiceStatus 55143->55145 55146 7ff600aa11bc 55144->55146 55147 7ff600aa1205 55145->55147 55148 7ff600aa18e0 182 API calls 55146->55148 55149 7ff600aa11c1 55148->55149 55149->55143 55150 7ff600aa11c5 55149->55150 55151 7ff600aa0ff0 SetServiceStatus 55150->55151 55152 7ff600aa11d2 WaitForSingleObject 55151->55152 55153 7ff600aa0ff0 SetServiceStatus 55152->55153 55154 7ff600aa11f1 55153->55154 55156 7ff600aa1008 SetServiceStatus 55155->55156 55158 7ff600a77196 55172 7ff600a76e8d 55158->55172 55159 7ff600a771ac 55160 7ff600a772da 55159->55160 55161 7ff600a771f4 GetTickCount 55159->55161 55161->55160 55164 7ff600a77244 55161->55164 55162 7ff600a76e98 WaitForSingleObject 55163 7ff600a76ebd 55162->55163 55165 7ff600a76ec2 EnterCriticalSection 55162->55165 55167 7ff600a77250 SetEvent 55164->55167 55166 7ff600a76f0c LeaveCriticalSection 55165->55166 55165->55172 55166->55172 55178 7ff600a79f10 55167->55178 55169 7ff600a76f92 SetEvent 55169->55172 55170 7ff600a77036 LocalAlloc 55170->55172 55171 7ff600a77134 WaitForSingleObject 55171->55172 55172->55159 55172->55162 55172->55163 55172->55166 55172->55169 55172->55170 55172->55171 55173 7ff600a77064 CreateEventW CreateThread 55172->55173 55174 7ff600a770f9 CloseHandle LocalFree 55173->55174 55175 7ff600a770de SetThreadPriority 55173->55175 55177 7ff600a79e70 55174->55177 55175->55172 55177->55172 55178->55160 55179 7ff600aa5a84 55202 7ff600aa65a4 55179->55202 55184 7ff600aa5bef 55234 7ff600aa66d8 7 API calls 55184->55234 55185 7ff600aa5ab9 55187 7ff600aa5bf9 55185->55187 55189 7ff600aa5ad7 55185->55189 55235 7ff600aa66d8 7 API calls 55187->55235 55190 7ff600aa5afc 55189->55190 55192 7ff600aa5b82 55189->55192 55231 7ff600ae418c 37 API calls 55189->55231 55191 7ff600aa5c04 55213 7ff600ae3be8 55192->55213 55195 7ff600aa5b87 55219 7ff600aa1390 WTSGetActiveConsoleSessionId 55195->55219 55197 7ff600aa5ba4 55232 7ff600aa686c GetModuleHandleW 55197->55232 55199 7ff600aa5bab 55199->55191 55233 7ff600aa6048 7 API calls 55199->55233 55201 7ff600aa5bc2 55201->55190 55203 7ff600aa65c7 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 55202->55203 55204 7ff600aa5a8d 55202->55204 55203->55204 55205 7ff600aa5eb4 55204->55205 55206 7ff600aa5ed6 55205->55206 55236 7ff600aa86d8 55206->55236 55211 7ff600aa5ab1 55211->55184 55211->55185 55214 7ff600ae3bf8 55213->55214 55218 7ff600ae3c0d 55213->55218 55214->55218 55283 7ff600ae32c8 48 API calls 55214->55283 55216 7ff600ae3c16 55216->55218 55284 7ff600ae36c0 15 API calls 55216->55284 55218->55195 55285 7ff600a72440 GetCurrentProcessId 55219->55285 55223 7ff600aa13b1 lstrcmpiA 55224 7ff600aa13d1 StartServiceCtrlDispatcherA 55223->55224 55225 7ff600aa13c6 55223->55225 55227 7ff600aa1410 55224->55227 55228 7ff600aa1404 55224->55228 55291 7ff600aa1b60 17 API calls 55225->55291 55227->55197 55292 7ff600aa12b0 12 API calls 55228->55292 55230 7ff600aa13cb 55230->55197 55231->55192 55232->55199 55233->55201 55234->55187 55235->55191 55248 7ff600aa90d0 55236->55248 55239 7ff600aa5edb 55239->55211 55243 7ff600ae708c 55239->55243 55241 7ff600aa86ee 55241->55239 55254 7ff600aa9120 DeleteCriticalSection 55241->55254 55244 7ff600af90b0 55243->55244 55245 7ff600aa5ee8 55244->55245 55271 7ff600aebe30 55244->55271 55245->55211 55247 7ff600aa8728 7 API calls 55245->55247 55247->55211 55255 7ff600ab23e4 55248->55255 55251 7ff600aa86e1 55251->55239 55253 7ff600aa9064 8 API calls 55251->55253 55253->55241 55254->55239 55261 7ff600ab1f1c 55255->55261 55258 7ff600ab242f InitializeCriticalSectionAndSpinCount 55259 7ff600aa90e8 55258->55259 55259->55251 55260 7ff600aa9120 DeleteCriticalSection 55259->55260 55260->55251 55262 7ff600ab2043 55261->55262 55269 7ff600ab1f60 55261->55269 55262->55258 55262->55259 55263 7ff600ab1f8e LoadLibraryExW 55265 7ff600ab1faf GetLastError 55263->55265 55266 7ff600ab2005 55263->55266 55264 7ff600ab2025 GetProcAddress 55264->55262 55268 7ff600ab2036 55264->55268 55265->55269 55266->55264 55267 7ff600ab201c FreeLibrary 55266->55267 55267->55264 55268->55262 55269->55262 55269->55263 55269->55264 55270 7ff600ab1fd1 LoadLibraryExW 55269->55270 55270->55266 55270->55269 55282 7ff600af087c EnterCriticalSection 55271->55282 55273 7ff600aebe40 55274 7ff600af53e0 32 API calls 55273->55274 55275 7ff600aebe49 55274->55275 55276 7ff600aebc34 34 API calls 55275->55276 55281 7ff600aebe57 55275->55281 55278 7ff600aebe52 55276->55278 55277 7ff600af08d0 LeaveCriticalSection 55279 7ff600aebe63 55277->55279 55280 7ff600aebd24 GetStdHandle GetFileType 55278->55280 55279->55244 55280->55281 55281->55277 55283->55216 55284->55218 55293 7ff600a72360 GetLastError 55285->55293 55287 7ff600a72451 55288 7ff600aa00f0 55287->55288 55327 7ff600aa0fd0 GetSystemInfo 55288->55327 55290 7ff600aa00fd 55290->55223 55291->55230 55292->55227 55302 7ff600a7c5e0 55293->55302 55295 7ff600a72424 SetLastError 55295->55287 55296 7ff600a723c2 55299 7ff600a723d3 GetCurrentProcessId 55296->55299 55301 7ff600a72407 55296->55301 55300 7ff600a723df GetCurrentProcess 55299->55300 55299->55301 55300->55301 55301->55295 55317 7ff600a7c530 55302->55317 55305 7ff600a7c604 55309 7ff600a7c530 4 API calls 55305->55309 55306 7ff600a7c643 55307 7ff600a7c63e 55306->55307 55308 7ff600a72388 55306->55308 55307->55306 55324 7ff600a7c4c0 GetModuleHandleW SetLastError SetLastError SetLastError 55307->55324 55308->55295 55308->55296 55316 7ff600a7c6a0 49 API calls 55308->55316 55310 7ff600a7c626 55309->55310 55323 7ff600a7ab10 49 API calls 55310->55323 55313 7ff600a7c66d 55325 7ff600a7ab10 49 API calls 55313->55325 55315 7ff600a7c685 55315->55308 55316->55296 55318 7ff600a7c586 55317->55318 55319 7ff600a7c541 55317->55319 55318->55305 55318->55306 55326 7ff600a7ddc0 SetLastError SetLastError SetLastError 55319->55326 55321 7ff600a7c570 55321->55318 55322 7ff600a7c574 GetModuleHandleW 55321->55322 55322->55318 55323->55307 55324->55313 55325->55315 55326->55321 55327->55290 55328 7ff600a77320 55334 7ff600a77329 55328->55334 55329 7ff600a774a0 EnterCriticalSection 55332 7ff600a774c8 CloseHandle CloseHandle LocalFree LeaveCriticalSection 55329->55332 55333 7ff600a774b9 55329->55333 55330 7ff600a7736e 55330->55329 55331 7ff600a7733f WaitForSingleObject 55331->55330 55331->55334 55333->55332 55334->55329 55334->55330 55334->55331 55335 7ff600a77423 SetEvent 55334->55335 55336 7ff600a77450 GetTickCount LocalFree ReleaseSemaphore 55334->55336 55339 7ff600aa1580 55334->55339 55344 7ff600a78ac0 55335->55344 55336->55334 55340 7ff600aa1595 55339->55340 55343 7ff600aa15e7 55339->55343 55340->55343 55360 7ff600aa1420 55340->55360 55342 7ff600aa179c 55342->55334 55343->55334 55345 7ff600a78afc 55344->55345 55346 7ff600a78ad5 UnmapViewOfFile 55344->55346 55348 7ff600a78b2d 55345->55348 55349 7ff600a78b07 FindCloseChangeNotification 55345->55349 55346->55345 55347 7ff600a78ae8 GetLastError 55346->55347 55370 7ff600a76710 55347->55370 55350 7ff600a78b79 55348->55350 55351 7ff600a78b45 CloseHandle 55348->55351 55349->55348 55353 7ff600a78b19 GetLastError 55349->55353 55356 7ff600a78bb9 55350->55356 55357 7ff600a78b85 CloseHandle 55350->55357 55354 7ff600a78b6c 55351->55354 55355 7ff600a78b58 GetLastError 55351->55355 55353->55348 55354->55350 55355->55354 55356->55336 55358 7ff600a78b98 GetLastError 55357->55358 55359 7ff600a78bac 55357->55359 55358->55359 55359->55356 55369 7ff600aa14f0 RegCreateKeyExA 55360->55369 55362 7ff600aa143a 55363 7ff600aa144f RegQueryValueExA 55362->55363 55364 7ff600aa1442 55362->55364 55365 7ff600aa14b9 RegCloseKey 55363->55365 55366 7ff600aa148a 55363->55366 55364->55342 55365->55342 55366->55365 55367 7ff600aa148e RegQueryValueExA 55366->55367 55367->55365 55369->55362 55370->55345 55371 7ff600a77510 55388 7ff600a77551 55371->55388 55372 7ff600a7755c LocalAlloc 55374 7ff600a775e0 NtReplyWaitReceivePort 55372->55374 55372->55388 55373 7ff600a77a7d 55374->55388 55375 7ff600a77611 FindCloseChangeNotification 55375->55388 55376 7ff600a77593 NtReplyWaitReceivePortEx 55376->55388 55377 7ff600a77a55 LocalFree 55377->55388 55378 7ff600a776b0 55380 7ff600a776bc NtAcceptConnectPort 55378->55380 55379 7ff600a77726 GetCurrentProcessId LocalAlloc 55379->55388 55469 7ff600a76e50 55380->55469 55382 7ff600a7776b NtAcceptConnectPort 55382->55388 55384 7ff600a777c7 LocalAlloc 55385 7ff600a7781c 55384->55385 55391 7ff600a77859 LocalFree 55385->55391 55386 7ff600a779f4 NtAcceptConnectPort 55386->55388 55387 7ff600a7787a NtCompleteConnectPort 55397 7ff600a78280 55387->55397 55388->55372 55388->55373 55388->55374 55388->55375 55388->55376 55388->55377 55388->55378 55388->55379 55388->55382 55388->55384 55388->55386 55388->55387 55390 7ff600a77a3d LocalFree 55388->55390 55392 7ff600a77a48 LocalFree 55388->55392 55393 7ff600a779db LocalFree 55388->55393 55394 7ff600a778fe SetEvent 55388->55394 55395 7ff600a7792c EnterCriticalSection 55388->55395 55396 7ff600a7799d LeaveCriticalSection ReleaseSemaphore 55388->55396 55390->55392 55391->55388 55392->55388 55393->55388 55394->55388 55395->55388 55396->55388 55398 7ff600a782aa 55397->55398 55445 7ff600a782b9 55397->55445 55399 7ff600a78333 55398->55399 55400 7ff600a782f3 55398->55400 55398->55445 55402 7ff600aa4d40 66 API calls 55399->55402 55401 7ff600aa4d40 66 API calls 55400->55401 55404 7ff600a78331 55401->55404 55403 7ff600a78366 lstrlenA 55402->55403 55405 7ff600a78487 55403->55405 55406 7ff600a78388 55403->55406 55404->55403 55471 7ff600aa4d40 55405->55471 55497 7ff600a86950 10 API calls 55406->55497 55409 7ff600a784de 55475 7ff600a86f70 55409->55475 55410 7ff600a783d9 55411 7ff600a78406 lstrcatA 55410->55411 55498 7ff600a86fd0 10 API calls 55411->55498 55415 7ff600a78427 55419 7ff600a78455 lstrcatA 55415->55419 55416 7ff600a787b3 55422 7ff600a787d5 lstrcatA 55416->55422 55417 7ff600a78536 55421 7ff600aa4d40 66 API calls 55417->55421 55418 7ff600a78583 55420 7ff600aa4d40 66 API calls 55418->55420 55499 7ff600a86fd0 10 API calls 55419->55499 55424 7ff600a785c3 lstrlenA 55420->55424 55425 7ff600a78581 55421->55425 55500 7ff600a87130 10 API calls 55422->55500 55429 7ff600a785f7 55424->55429 55425->55424 55427 7ff600a78476 55466 7ff600a7898b 55427->55466 55428 7ff600a787f1 55431 7ff600a7881f lstrcatA 55428->55431 55432 7ff600a86f70 75 API calls 55429->55432 55430 7ff600a789a5 MapViewOfFile 55436 7ff600a789d6 55430->55436 55501 7ff600a87130 10 API calls 55431->55501 55434 7ff600a78606 55432->55434 55468 7ff600a78719 55434->55468 55478 7ff600a86620 55434->55478 55435 7ff600a7883b 55441 7ff600a78864 55435->55441 55442 7ff600a788b1 55435->55442 55435->55466 55437 7ff600a78ac0 8 API calls 55436->55437 55436->55445 55437->55445 55438 7ff600a7876e 55444 7ff600aa4d40 66 API calls 55438->55444 55439 7ff600a7872e 55443 7ff600aa4d40 66 API calls 55439->55443 55446 7ff600aa4d40 66 API calls 55441->55446 55449 7ff600aa4d40 66 API calls 55442->55449 55447 7ff600a7876c 55443->55447 55450 7ff600a787a1 lstrlenA 55444->55450 55445->55388 55451 7ff600a788af 55446->55451 55447->55450 55453 7ff600a788f1 lstrlenA 55449->55453 55450->55416 55451->55453 55502 7ff600a7c440 55453->55502 55457 7ff600aa4d40 66 API calls 55459 7ff600a7868b 55457->55459 55461 7ff600aa4d40 66 API calls 55459->55461 55460 7ff600a78941 55463 7ff600a7896f lstrcatA 55460->55463 55462 7ff600a786d6 lstrlenA 55461->55462 55464 7ff600a7870a 55462->55464 55505 7ff600a87130 10 API calls 55463->55505 55467 7ff600a86f70 75 API calls 55464->55467 55466->55430 55466->55436 55467->55468 55468->55438 55468->55439 55470 7ff600a76e60 LocalFree 55469->55470 55470->55373 55472 7ff600aa4d65 55471->55472 55506 7ff600acdcfc 55472->55506 55521 7ff600a86d90 55475->55521 55479 7ff600a86630 55478->55479 55480 7ff600a78628 55478->55480 55481 7ff600a86642 GetVersionExW 55479->55481 55480->55468 55483 7ff600a780c0 GetModuleHandleA GetProcAddress 55480->55483 55482 7ff600a8665c 55481->55482 55482->55480 55484 7ff600a78273 55483->55484 55485 7ff600a78103 OpenProcess 55483->55485 55484->55457 55484->55468 55485->55484 55486 7ff600a78129 OpenProcessToken 55485->55486 55487 7ff600a78268 CloseHandle 55486->55487 55488 7ff600a78146 GetAppContainerNamedObjectPath 55486->55488 55487->55484 55489 7ff600a7816d 55488->55489 55490 7ff600a78189 55488->55490 55491 7ff600a7825d FindCloseChangeNotification 55489->55491 55490->55491 55492 7ff600a781bf 55490->55492 55580 7ff600a7c6a0 49 API calls 55490->55580 55491->55487 55492->55491 55494 7ff600a781d4 LocalAlloc 55492->55494 55495 7ff600a7821e 55494->55495 55496 7ff600a7824f LocalFree 55495->55496 55496->55491 55497->55410 55498->55415 55499->55427 55500->55428 55501->55435 55503 7ff600a78925 lstrcatA 55502->55503 55504 7ff600a87130 10 API calls 55503->55504 55504->55460 55505->55466 55507 7ff600acdd0a 55506->55507 55508 7ff600acdd46 55506->55508 55507->55508 55511 7ff600acdd14 55507->55511 55519 7ff600ae8d04 14 API calls 55508->55519 55510 7ff600acdd3e 55520 7ff600ace12c 31 API calls 55510->55520 55517 7ff600ab7a9c 66 API calls 55511->55517 55514 7ff600acdd2d 55515 7ff600aa4d81 55514->55515 55518 7ff600ae8d04 14 API calls 55514->55518 55515->55409 55517->55514 55518->55510 55519->55510 55520->55515 55524 7ff600a86dc0 55521->55524 55522 7ff600a86e3f 55523 7ff600a86e94 55522->55523 55525 7ff600a86e57 55522->55525 55526 7ff600a86e51 GetLastError 55522->55526 55527 7ff600a86e9c GetLastError 55523->55527 55528 7ff600a7850f 55523->55528 55524->55522 55545 7ff600a7e210 55524->55545 55529 7ff600a7e210 5 API calls 55525->55529 55526->55525 55531 7ff600a86ea7 GetLastError 55527->55531 55532 7ff600a86eb2 GetLastError 55527->55532 55528->55416 55528->55417 55528->55418 55536 7ff600a86e6c 55529->55536 55531->55528 55531->55532 55570 7ff600a86ae0 63 API calls 55532->55570 55535 7ff600a86ecc 55538 7ff600a86ed9 SetLastError 55535->55538 55539 7ff600a86ee3 SetLastError 55535->55539 55540 7ff600a86e76 OpenFileMappingW 55536->55540 55538->55528 55539->55528 55542 7ff600a7e460 2 API calls 55540->55542 55541 7ff600a86e17 55543 7ff600a86e21 OpenFileMappingW 55541->55543 55542->55523 55564 7ff600a7e460 55543->55564 55548 7ff600a7e241 55545->55548 55547 7ff600a7e288 55549 7ff600a7e2b3 55547->55549 55572 7ff600a7de00 SetLastError SetLastError SetLastError 55547->55572 55571 7ff600a7e1d0 GetProcessHeap HeapAlloc 55548->55571 55551 7ff600a7f130 55549->55551 55552 7ff600a7f146 55551->55552 55553 7ff600a7f150 55551->55553 55552->55541 55554 7ff600a7f15b 55553->55554 55556 7ff600a7f174 55553->55556 55573 7ff600a7e8c0 7 API calls 55554->55573 55563 7ff600a7f210 55556->55563 55574 7ff600a7e1d0 GetProcessHeap HeapAlloc 55556->55574 55559 7ff600a7f259 55559->55552 55577 7ff600a7dd70 GetProcessHeap HeapFree 55559->55577 55560 7ff600a7f1ec 55575 7ff600a7dd70 GetProcessHeap HeapFree 55560->55575 55576 7ff600a7de00 SetLastError SetLastError SetLastError 55563->55576 55565 7ff600a7e483 55564->55565 55566 7ff600a7e476 55564->55566 55568 7ff600a7e4c3 55565->55568 55579 7ff600a7dd70 GetProcessHeap HeapFree 55565->55579 55578 7ff600a7dd70 GetProcessHeap HeapFree 55566->55578 55568->55522 55570->55535 55571->55547 55572->55549 55573->55552 55574->55560 55575->55563 55576->55559 55577->55552 55578->55565 55579->55568 55580->55492 55581 7ff600a7a0c0 55594 7ff600a7bbc0 VirtualQuery 55581->55594 55584 7ff600a7a0eb GetModuleHandleW 55585 7ff600a7a0fa 55584->55585 55601 7ff600a7a230 GetVersion 55585->55601 55587 7ff600a7a11e 55588 7ff600a7a0ff 55588->55587 55603 7ff600a87c80 55588->55603 55595 7ff600a7bbff 55594->55595 55596 7ff600a7bc32 GetModuleFileNameA 55595->55596 55597 7ff600a7a0e7 55595->55597 55598 7ff600a7bc51 55596->55598 55597->55584 55597->55585 55599 7ff600a7bc84 GetLastError 55598->55599 55600 7ff600a7bc72 55598->55600 55599->55597 55600->55597 55602 7ff600a7a243 55601->55602 55602->55588 55604 7ff600a7a114 55603->55604 55605 7ff600a87c8e 55603->55605 55609 7ff600a834b0 InitializeCriticalSection 55604->55609 55617 7ff600aa5874 55605->55617 55607 7ff600a87cbf InitializeCriticalSection 55607->55604 55608 7ff600a87c98 55608->55607 55610 7ff600aa5874 4 API calls 55609->55610 55611 7ff600a7a119 55610->55611 55612 7ff600a87b30 55611->55612 55629 7ff600a87640 55612->55629 55615 7ff600a87640 35 API calls 55616 7ff600a87b66 55615->55616 55616->55587 55618 7ff600aa587f 55617->55618 55619 7ff600aa5898 55618->55619 55621 7ff600aa589e 55618->55621 55626 7ff600ae207c EnterCriticalSection LeaveCriticalSection 55618->55626 55619->55608 55622 7ff600aa58a9 55621->55622 55627 7ff600aa614c RtlPcToFileHeader RaiseException 55621->55627 55628 7ff600aa616c RtlPcToFileHeader RaiseException 55622->55628 55626->55618 55630 7ff600a87670 55629->55630 55631 7ff600a87aa1 55630->55631 55634 7ff600a87695 55630->55634 55632 7ff600a86620 GetVersionExW 55631->55632 55633 7ff600a87aa6 55632->55633 55635 7ff600a87aad 55633->55635 55636 7ff600a87abc InitializeSecurityDescriptor SetSecurityDescriptorDacl 55633->55636 55637 7ff600a87707 GetModuleHandleA GetProcAddress 55634->55637 55672 7ff600a873c0 8 API calls 55635->55672 55639 7ff600a87a9f 55636->55639 55640 7ff600a87735 AllocateAndInitializeSid 55637->55640 55641 7ff600a87a10 InitializeSecurityDescriptor SetSecurityDescriptorDacl 55637->55641 55639->55615 55640->55641 55643 7ff600a8778f AllocateAndInitializeSid 55640->55643 55644 7ff600a87a4c FreeSid 55641->55644 55645 7ff600a87a5a 55641->55645 55642 7ff600a87aba 55642->55639 55643->55641 55646 7ff600a877ec GetCurrentProcess 55643->55646 55644->55645 55647 7ff600a87a65 FreeSid 55645->55647 55648 7ff600a87a73 55645->55648 55660 7ff600a75270 OpenProcessToken 55646->55660 55647->55648 55649 7ff600a87a8c 55648->55649 55650 7ff600a87a7e FreeSid 55648->55650 55649->55639 55652 7ff600a87a94 LocalFree 55649->55652 55650->55649 55652->55639 55653 7ff600a877ff 55653->55641 55654 7ff600a86620 GetVersionExW 55653->55654 55655 7ff600a878ec 55654->55655 55656 7ff600a878f7 AllocateAndInitializeSid 55655->55656 55657 7ff600a87953 55655->55657 55656->55657 55658 7ff600a879ac SetEntriesInAclA 55657->55658 55659 7ff600a879ce 55657->55659 55658->55659 55659->55641 55661 7ff600a7536b GetLastError 55660->55661 55662 7ff600a752a3 GetTokenInformation 55660->55662 55663 7ff600a75371 55661->55663 55664 7ff600a752d5 LocalAlloc 55662->55664 55665 7ff600a752cf GetLastError 55662->55665 55663->55653 55666 7ff600a75358 GetLastError 55664->55666 55667 7ff600a752fe GetTokenInformation 55664->55667 55665->55664 55668 7ff600a7535e FindCloseChangeNotification 55666->55668 55669 7ff600a7532d 55667->55669 55670 7ff600a75337 GetLastError LocalFree 55667->55670 55668->55663 55669->55668 55670->55669 55671 7ff600a75350 GetLastError 55670->55671 55671->55669 55672->55642

                                                Executed Functions

                                                Function 00007FF600A768B0 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 249threadmemorystringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 7ff600a768b0-7ff600a76930 GetCurrentProcess * 3 DuplicateHandle 1 7ff600a76954-7ff600a7695d 0->1 2 7ff600a76932-7ff600a7694e call 7ff600a75a00 SetLastError FindCloseChangeNotification 0->2 4 7ff600a76976-7ff600a76991 EnterCriticalSection 1->4 5 7ff600a7695f-7ff600a76968 1->5 2->1 9 7ff600a7699e-7ff600a769b6 4->9 7 7ff600a7696a call 7ff600a75930 5->7 8 7ff600a7696f 5->8 7->8 8->4 11 7ff600a769f8-7ff600a76a0c LeaveCriticalSection 9->11 12 7ff600a769b8-7ff600a769ed call 7ff600acf51c 9->12 13 7ff600a76a12-7ff600a76a44 call 7ff600aa7ef0 call 7ff600a76810 call 7ff600a76730 11->13 14 7ff600a76e00 11->14 20 7ff600a769f6 12->20 21 7ff600a769ef-7ff600a769f4 12->21 27 7ff600a76a8d 13->27 28 7ff600a76a46-7ff600a76a53 call 7ff600a7a830 13->28 17 7ff600a76e04-7ff600a76e0b 14->17 20->9 21->11 29 7ff600a76a99-7ff600a76ad0 LocalAlloc 27->29 35 7ff600a76a55-7ff600a76a60 28->35 36 7ff600a76a62 28->36 31 7ff600a76ae4-7ff600a76aec 29->31 32 7ff600a76ad2-7ff600a76ae2 29->32 34 7ff600a76af4-7ff600a76b67 NtCreatePort call 7ff600a76e50 LocalFree * 2 31->34 32->34 41 7ff600a76b69-7ff600a76b71 LocalFree 34->41 42 7ff600a76b77-7ff600a76b7e 34->42 38 7ff600a76a6d-7ff600a76a8b call 7ff600a87640 35->38 36->38 38->29 41->42 44 7ff600a76b87-7ff600a76b8e 42->44 45 7ff600a76b80-7ff600a76b82 42->45 44->14 46 7ff600a76b94-7ff600a76ba8 call 7ff600a76710 44->46 45->17 49 7ff600a76baa 46->49 50 7ff600a76bb5-7ff600a76c2d LocalAlloc lstrlenA LocalAlloc lstrcpyA call 7ff600aa5874 46->50 49->50 53 7ff600a76c7a 50->53 54 7ff600a76c2f-7ff600a76c78 50->54 55 7ff600a76c86-7ff600a76ded CreateSemaphoreW InitializeCriticalSection CreateThread * 2 SetThreadPriority * 2 EnterCriticalSection call 7ff600a79b80 53->55 54->55 57 7ff600a76df2-7ff600a76dfa LeaveCriticalSection 55->57 57->14
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$CriticalSection$CreateThread$AddressAllocCurrentFreeProcProcess$EnterInitializeLeavePriority$AllocateChangeCloseDuplicateErrorFindHandleLastLibraryLoadNotificationPortSemaphorelstrcpylstrlen
                                                • String ID: @$NtCreatePort succeeded
                                                • API String ID: 1730203066-1743496559
                                                • Opcode ID: 31e1bafa4149d0ffd31b71a06bfb39386d2ad9a8be67e0483800e71a232c26dd
                                                • Instruction ID: 53eb751908b91fce35c33c636ed5b137229d0f583d3d7a25cb1c9f1ed188a548
                                                • Opcode Fuzzy Hash: 31e1bafa4149d0ffd31b71a06bfb39386d2ad9a8be67e0483800e71a232c26dd
                                                • Instruction Fuzzy Hash: 81E1FB36A0CBC195E7608B15E8543AAB7A1FBC9784F204136DA8E83BADDF7DD544CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A77510 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 285nativememoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 58 7ff600a77510-7ff600a77548 59 7ff600a77551-7ff600a77556 58->59 60 7ff600a7755c-7ff600a77582 LocalAlloc 59->60 61 7ff600a77a84-7ff600a77a8f 59->61 62 7ff600a77584-7ff600a77591 call 7ff600a7a830 60->62 63 7ff600a775e0-7ff600a77605 NtReplyWaitReceivePort 60->63 62->63 69 7ff600a77593-7ff600a775ce NtReplyWaitReceivePortEx 62->69 65 7ff600a77609-7ff600a7760f 63->65 67 7ff600a77625-7ff600a7762a 65->67 68 7ff600a77611-7ff600a7761c FindCloseChangeNotification 65->68 70 7ff600a77a55-7ff600a77a6c LocalFree 67->70 71 7ff600a77630-7ff600a77646 call 7ff600a77ac0 67->71 68->67 72 7ff600a775d0-7ff600a775dc 69->72 73 7ff600a775de 69->73 74 7ff600a77a6e-7ff600a77a7b call 7ff600a7a830 70->74 75 7ff600a77a7f 70->75 71->70 79 7ff600a7764c-7ff600a776ae call 7ff600a76710 71->79 72->69 72->73 73->65 74->75 82 7ff600a77a7d 74->82 75->59 84 7ff600a7770a-7ff600a77712 79->84 85 7ff600a776b0-7ff600a77705 call 7ff600a76710 NtAcceptConnectPort call 7ff600a76e50 LocalFree 79->85 82->61 87 7ff600a77726-7ff600a777b2 GetCurrentProcessId LocalAlloc call 7ff600a76710 NtAcceptConnectPort call 7ff600a76e50 84->87 88 7ff600a77714-7ff600a77720 84->88 85->61 96 7ff600a779e8-7ff600a77a42 call 7ff600a76710 NtAcceptConnectPort call 7ff600a76e50 LocalFree 87->96 97 7ff600a777b8-7ff600a777c1 87->97 88->87 112 7ff600a77a48-7ff600a77a53 LocalFree 96->112 98 7ff600a777c7-7ff600a77869 LocalAlloc call 7ff600aa7840 * 2 LocalFree 97->98 99 7ff600a7786e-7ff600a778e0 call 7ff600a76710 NtCompleteConnectPort call 7ff600a78280 97->99 98->99 111 7ff600a778e5-7ff600a778ea 99->111 113 7ff600a779db-7ff600a779e0 LocalFree 111->113 114 7ff600a778f0-7ff600a778fc 111->114 112->75 115 7ff600a779e6 113->115 116 7ff600a77910-7ff600a7797e call 7ff600acf6a0 EnterCriticalSection 114->116 117 7ff600a778fe-7ff600a7790a SetEvent 114->117 115->112 120 7ff600a77983-7ff600a7798c 116->120 117->116 121 7ff600a7799d-7ff600a779d9 LeaveCriticalSection ReleaseSemaphore 120->121 122 7ff600a7798e-7ff600a7799b 120->122 121->115 122->120
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$FreePort$Connect$AcceptAlloc$CriticalReceiveReplySectionWait$ChangeCloseCompleteCurrentEnterEventFindLeaveNotificationProcessReleaseSemaphore
                                                • String ID: LpcPortThread: Accepting connection request$LpcPortThread: Completing connection request$LpcPortThread: Got message from client$LpcPortThread: Rejecting connection request because accepting it failed$LpcPortThread: Rejecting connection request because queue is shutting down
                                                • API String ID: 891257322-1442112762
                                                • Opcode ID: 76929066990ea465598241cb8b3f881c35437cdc42b2f596bcde5497074f6192
                                                • Instruction ID: 9c1c0981bc4e42e1c4434eb0e90fe6c07316810270a4e881f3f6d76df5a8f8b9
                                                • Opcode Fuzzy Hash: 76929066990ea465598241cb8b3f881c35437cdc42b2f596bcde5497074f6192
                                                • Instruction Fuzzy Hash: E6E1DB36A0CB4196EB508B15E85436EB7A1FBC5B84F204035EA8E87BADDF3DD445CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A87640 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 200memorylibraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 237 7ff600a87640-7ff600a8768f call 7ff600aa7ef0 * 2 242 7ff600a87695-7ff600a8772f call 7ff600a7c440 * 2 GetModuleHandleA GetProcAddress 237->242 243 7ff600a87aa1-7ff600a87aab call 7ff600a86620 237->243 254 7ff600a87735-7ff600a87789 AllocateAndInitializeSid 242->254 255 7ff600a87a10-7ff600a87a4a InitializeSecurityDescriptor SetSecurityDescriptorDacl 242->255 249 7ff600a87aad-7ff600a87aba call 7ff600a873c0 243->249 250 7ff600a87abc-7ff600a87ae2 InitializeSecurityDescriptor SetSecurityDescriptorDacl 243->250 253 7ff600a87ae8-7ff600a87b20 249->253 250->253 254->255 257 7ff600a8778f-7ff600a877e6 AllocateAndInitializeSid 254->257 258 7ff600a87a4c-7ff600a87a54 FreeSid 255->258 259 7ff600a87a5a-7ff600a87a63 255->259 257->255 260 7ff600a877ec-7ff600a87801 GetCurrentProcess call 7ff600a75270 257->260 258->259 261 7ff600a87a65-7ff600a87a6d FreeSid 259->261 262 7ff600a87a73-7ff600a87a7c 259->262 260->255 269 7ff600a87807-7ff600a8780d 260->269 261->262 263 7ff600a87a8c-7ff600a87a92 262->263 264 7ff600a87a7e-7ff600a87a86 FreeSid 262->264 266 7ff600a87a94-7ff600a87a99 LocalFree 263->266 267 7ff600a87a9f 263->267 264->263 266->267 267->253 269->255 270 7ff600a87813-7ff600a878f1 call 7ff600aa7ef0 call 7ff600a86620 269->270 275 7ff600a878f7-7ff600a87951 AllocateAndInitializeSid 270->275 276 7ff600a879a0-7ff600a879aa 270->276 275->276 277 7ff600a87953-7ff600a87999 275->277 278 7ff600a879dc-7ff600a87a02 276->278 279 7ff600a879ac-7ff600a879cc SetEntriesInAclA 276->279 277->276 278->255 283 7ff600a87a04 278->283 280 7ff600a879da 279->280 281 7ff600a879ce 279->281 280->255 281->280 283->255
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Initialize$DescriptorFreeSecurity$AllocateToken$DaclInformationLocalProcess$AddressAllocChangeCloseCurrentEntriesErrorFindHandleLastModuleNotificationOpenProcVersion
                                                • String ID: 41#4%<fg{199U
                                                • API String ID: 2919999450-644288483
                                                • Opcode ID: d7b1ed9da9a118cc0a03b03415f98220529f6d975cd1d2deb272bd51fb5ead30
                                                • Instruction ID: 155dfd2124822b0e694a074857948302b43a2f2bd662d7860a65111594e3d121
                                                • Opcode Fuzzy Hash: d7b1ed9da9a118cc0a03b03415f98220529f6d975cd1d2deb272bd51fb5ead30
                                                • Instruction Fuzzy Hash: 11C1157260C6C196E7708B11E8587AFB7A0F785784F604135DA8E86B99DFBED148CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7A260 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 134memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: LookupPrivilegeTokenValue$InformationProcess$AllocCurrentLocalOpen
                                                • String ID: SeBackupPrivilege$SeRestorePrivilege$SeTakeOwnershipPrivilege
                                                • API String ID: 501445279-1682096087
                                                • Opcode ID: a0ebd9af9d7b52fe2f34e34a4939dea6762880330461aebd1caee760c26f95d1
                                                • Instruction ID: 721ca0177f25a9505b39c7ce644e4586c6b5e675f0638398f78bfb60dd13dfda
                                                • Opcode Fuzzy Hash: a0ebd9af9d7b52fe2f34e34a4939dea6762880330461aebd1caee760c26f95d1
                                                • Instruction Fuzzy Hash: DB613F32A0C681A6DB50CB15E49432EB7A1FBD5B45F608135E68E87BACDF7EE405CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A75A00 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 174libraryloadermemoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Free$AddressProc$AllocateInitializeLibraryLocal$Load
                                                • String ID: 41#4%<fg{199U
                                                • API String ID: 2943476830-644288483
                                                • Opcode ID: 621937b1cdf205f9a993bf9182ae00c909270779467bcc6e536a8521c0e9c0d4
                                                • Instruction ID: c22b1db036cb7986e183558049c7cb3be3eae27c6fbb936052416ffde4759cfa
                                                • Opcode Fuzzy Hash: 621937b1cdf205f9a993bf9182ae00c909270779467bcc6e536a8521c0e9c0d4
                                                • Instruction Fuzzy Hash: 7DA1F472A1CAC196E7B08B10E8587AAB7A0F785744F608139D6CD86B9DDFBDD148CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA1390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34stringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ActiveConsoleCtrlCurrentDispatcherErrorFileLastModuleNameProcessServiceSessionStartlstrcmpi
                                                • String ID: StartServiceCtrlDispatcher$install
                                                • API String ID: 2538444031-562348700
                                                • Opcode ID: 9ee5c7c16c899cbfcc9cbe0615818f95355ba22e18b8c7cd08a31366c8982d5d
                                                • Instruction ID: ef78e81931dd71f6378cbc4b7f7d6f8a759396cbaf7c6ba9d2baed5712e7fe9a
                                                • Opcode Fuzzy Hash: 9ee5c7c16c899cbfcc9cbe0615818f95355ba22e18b8c7cd08a31366c8982d5d
                                                • Instruction Fuzzy Hash: 41014F66E5CB03B2EB409B21E8405B963A4BF4A784F344131D54FC67AEEF3DE9558700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA1180 Relevance: 3.0, APIs: 2, Instructions: 41synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CreateEventObjectSingleWait
                                                • String ID:
                                                • API String ID: 2678385144-0
                                                • Opcode ID: 106d928ac0fec528036484022a8fd0af6f0d3707d652613ff67c50ed2908906e
                                                • Instruction ID: 213618c48ad5d69952a05db8a71088e217d137436c7dde1b43ce650065118c42
                                                • Opcode Fuzzy Hash: 106d928ac0fec528036484022a8fd0af6f0d3707d652613ff67c50ed2908906e
                                                • Instruction Fuzzy Hash: F2019237E18261A7F728EF35C852D6A7312AF86300FB48534C909527DB9F2965458A00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA0FD0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00007FF600AA00FD), ref: 00007FF600AA0FD9
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: InfoSystem
                                                • String ID:
                                                • API String ID: 31276548-0
                                                • Opcode ID: 367b50a8ccff58eb9a357546240d045a90736219638001734fbaa8123bcf7ab0
                                                • Instruction ID: 20f207bba24abc0c6fde463b0bd11fae8f798c4ef8295cb1e44313e4efe921fb
                                                • Opcode Fuzzy Hash: 367b50a8ccff58eb9a357546240d045a90736219638001734fbaa8123bcf7ab0
                                                • Instruction Fuzzy Hash: 90B09B17D1C9C0D2CB21BB10D9050197332F795704FD00110D28D519A49F6CD75ACB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A78280 Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 382stringfileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 123 7ff600a78280-7ff600a782a8 124 7ff600a782aa-7ff600a782b7 123->124 125 7ff600a782b9-7ff600a782bb 123->125 124->125 126 7ff600a782c0-7ff600a782cc 124->126 127 7ff600a78ab6-7ff600a78abd 125->127 128 7ff600a782d2-7ff600a782f1 call 7ff600a7c440 126->128 129 7ff600a78a6e-7ff600a78aad 126->129 133 7ff600a78333-7ff600a78361 call 7ff600aa4d40 128->133 134 7ff600a782f3-7ff600a78331 call 7ff600aa4d40 128->134 130 7ff600a78ab2 129->130 130->127 137 7ff600a78366-7ff600a78382 lstrlenA 133->137 134->137 139 7ff600a78388-7ff600a78482 call 7ff600a76710 call 7ff600a7c440 call 7ff600a86950 call 7ff600a7c440 lstrcatA call 7ff600a86fd0 call 7ff600a7c440 lstrcatA call 7ff600a86fd0 137->139 140 7ff600a78487-7ff600a78526 call 7ff600a76710 call 7ff600a7c440 call 7ff600aa4d40 call 7ff600a7c440 call 7ff600a86f70 137->140 177 7ff600a78997-7ff600a789a3 139->177 161 7ff600a7852c-7ff600a78534 140->161 162 7ff600a787b3-7ff600a78854 call 7ff600a7c440 lstrcatA call 7ff600a87130 call 7ff600a7c440 lstrcatA call 7ff600a87130 140->162 164 7ff600a78536-7ff600a78581 call 7ff600aa4d40 161->164 165 7ff600a78583-7ff600a785be call 7ff600aa4d40 161->165 162->177 198 7ff600a7885a-7ff600a78862 162->198 172 7ff600a785c3-7ff600a7861d lstrlenA call 7ff600a7c440 call 7ff600a86f70 164->172 165->172 192 7ff600a78724-7ff600a7872c 172->192 193 7ff600a78623-7ff600a7862d call 7ff600a86620 172->193 181 7ff600a789d6-7ff600a789e3 177->181 182 7ff600a789a5-7ff600a789d2 MapViewOfFile 177->182 185 7ff600a789e5-7ff600a789f2 181->185 186 7ff600a78a10 181->186 182->181 185->186 189 7ff600a789f4-7ff600a78a01 185->189 190 7ff600a78a1b-7ff600a78a2e 186->190 189->186 194 7ff600a78a03-7ff600a78a0e 189->194 195 7ff600a78a30-7ff600a78a3a 190->195 196 7ff600a78a5f-7ff600a78a67 call 7ff600a78ac0 190->196 199 7ff600a7876e-7ff600a7879c call 7ff600aa4d40 192->199 200 7ff600a7872e-7ff600a7876c call 7ff600aa4d40 192->200 193->192 213 7ff600a78633-7ff600a7864c call 7ff600a780c0 193->213 194->190 202 7ff600a78a5d 195->202 203 7ff600a78a3c-7ff600a78a58 call 7ff600aa7ef0 195->203 204 7ff600a78a6c 196->204 205 7ff600a78864-7ff600a788af call 7ff600aa4d40 198->205 206 7ff600a788b1-7ff600a788ec call 7ff600aa4d40 198->206 215 7ff600a787a1-7ff600a787ac lstrlenA 199->215 200->215 202->204 203->202 204->130 218 7ff600a788f1-7ff600a78993 lstrlenA call 7ff600a7c440 lstrcatA call 7ff600a87130 call 7ff600a7c440 lstrcatA call 7ff600a87130 205->218 206->218 213->192 221 7ff600a78652-7ff600a78714 call 7ff600aa4d40 * 2 lstrlenA call 7ff600a7c440 call 7ff600a86f70 213->221 215->162 218->177 236 7ff600a78719-7ff600a78721 221->236 236->192
                                                C-Code - Quality: 37%
                                                			E00007FF67FF600A78280(signed int __ecx, long long __rdx, signed int _a8, void* _a16, long long _a24, long long _a32, long long* _a40, intOrPtr* _a48) {
				long long _v24;
				char _v296;
				char _v568;
				char _v592;
				long long _v600;
				char _v952;
				char _v976;
				signed int _v984;
				long long _v992;
				long long _v1000;
				long long _v1008;
				long long _v1016;
				int _t205;
				void* _t214;
				signed int _t254;
				void* _t255;
				long long _t283;
				long long _t287;
				long long _t289;
				long long _t291;
				intOrPtr* _t292;
				long long _t294;
				long long _t302;
				long long _t304;
				intOrPtr* _t309;
				long long _t313;
				long long _t315;
				long long _t320;
				long long _t322;
				long long _t324;
				long long _t332;
				long long _t334;
				long long _t336;
				long long _t337;
				void* _t438;

				_t254 = __ecx;
				_a32 = r9d;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __ecx;
				_v984 = 0;
				if (_a16 == 0) goto 0xa782b9;
				if ( *_a16 != 0) goto 0xa782c0;
				goto 0xa78ab6;
				if ( *((long long*)(_a40 + 0x10)) <= 0) goto 0xa78a6e;
				r8d = 0x10;
				E00007FF67FF600A7C440(0xb08470,  &_v976);
				if (_a32 == 0) goto 0xa78333;
				_v1000 = _a32;
				_v1008 = _a24;
				_v1016 =  &_v976;
				asm("pushad");
				E00007FF67FF600AA4D40(__ecx,  &_v976, 0xb08470, 0x15e, "%s%s%d$%x", _a16);
				goto 0xa78366;
				_v1008 = _a24;
				_t283 =  &_v976;
				_v1016 = _t283;
				asm("pushad");
				E00007FF67FF600AA4D40(__ecx, _t283, 0xb08470, 0x15e, "%s%s%d", _a16);
				_t205 = lstrlenA(??);
				_v600 = _t283;
				if ((_a8 & 0x000000ff) == 0) goto 0xa78487;
				E00007FF67FF600A76710(_t205, L"InitIpcAnswer: Creating Answer file mapping.  name=%S\n",  &_v952, "%s%s%d", _a16);
				r8d = 8;
				E00007FF67FF600A7C440(0xb083e4, _t438 + _v600 + 0x60);
				r9d = 0;
				r8d = 1;
				_t287 = _a40;
				E00007FF67FF600A86950(__ecx, _t255, _t287,  &_v952, "%s%s%d");
				 *_a40 = _t287;
				_t289 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb0845c, _t289);
				lstrcatA(??, ??);
				r8d = 0;
				E00007FF67FF600A86FD0(__ecx, _t255,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x18)) = _t289;
				_t291 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb0845c, _t291);
				lstrcatA(??, ??);
				r8d = 0;
				_t214 = E00007FF67FF600A86FD0(__ecx, _t255,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x20)) = _t291;
				goto 0xa78997;
				E00007FF67FF600A76710(_t214, L"InitIpcAnswer: Opening existing answer file mapping.  name=%S\n",  &_v952, "%s%s%d", _a16);
				r8d = 0x10;
				E00007FF67FF600A7C440(0xb08448,  &_v592);
				_t292 = _a48;
				_v1016 = _t292;
				asm("loopne 0x3");
				 *_t292 =  *_t292;
				E00007FF67FF600AA4D40(__ecx, _t292, 0xb08448, 0x104, "%s%d\\",  &_v592);
				_t294 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb083e4, _t294);
				asm("pushad"); // executed
				E00007FF67FF600A86F70(_t255, 0xb083e4); // executed
				 *_a40 = _t294;
				if ( *_a40 != 0) goto 0xa787b3;
				if (_a32 == 0) goto 0xa78583;
				_v992 = _a32;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				asm("pushad");
				E00007FF67FF600AA4D40(__ecx, _a16, _a40, 0x15e, "%s%s%s%d$%x",  &_v568);
				goto 0xa785c3;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_t302 = _a16;
				_v1016 = _t302;
				asm("pushad");
				E00007FF67FF600AA4D40(__ecx, _t302, _a40, 0x15e, "%s%s%s%d",  &_v568);
				lstrlenA(??);
				_v600 = _t302;
				_t304 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb083e4, _t304);
				asm("pushad"); // executed
				E00007FF67FF600A86F70(_t255, 0xb083e4); // executed
				 *_a40 = _t304;
				if ( *_a40 != 0) goto 0xa78724;
				E00007FF67FF600A86620();
				if (0 == 0) goto 0xa78724;
				E00007FF67FF600A780C0(__ecx, 0,  &_v296); // executed
				if (0 == 0) goto 0xa78724;
				_v1008 =  &_v296;
				_t309 = _a48;
				_v1016 = _t309;
				asm("loopne 0x3");
				 *_t309 =  *_t309;
				E00007FF67FF600AA4D40(_t254, _t309, _a32, 0x104, "%s%d\\%s\\",  &_v592);
				_v992 = _a32;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_t313 = _a16;
				_v1016 = _t313;
				asm("pushad");
				E00007FF67FF600AA4D40(_t254, _t313, _a32, 0x15e, "%s%s%s%d$%x",  &_v568);
				lstrlenA(??);
				_v600 = _t313;
				_t315 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb083e4, _t315);
				asm("pushad"); // executed
				E00007FF67FF600A86F70(_t255, 0xb083e4); // executed
				 *_a40 = _t315;
				if (_a32 == 0) goto 0xa7876e;
				_v1000 = _a32;
				_v1008 = _a24;
				_v1016 =  &_v976;
				asm("pushad");
				E00007FF67FF600AA4D40(_t254,  &_v976, _a40, 0x15e, "%s%s%d$%x", _a16);
				goto 0xa787a1;
				_v1008 = _a24;
				_t320 =  &_v976;
				_v1016 = _t320;
				asm("pushad");
				E00007FF67FF600AA4D40(_t254, _t320, _a40, 0x15e, "%s%s%d", _a16);
				lstrlenA(??);
				_v600 = _t320;
				_t322 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb0845c, _t322);
				lstrcatA(??, ??);
				E00007FF67FF600A87130(_t254, _t255,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x18)) = _t322;
				_t324 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb0845c, _t324);
				lstrcatA(??, ??);
				E00007FF67FF600A87130(_t254, _t255,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x20)) = _t324;
				if ( *((long long*)(_a40 + 0x18)) != 0) goto 0xa78997;
				if (_a32 == 0) goto 0xa788b1;
				_v992 = _a32;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				asm("pushad");
				E00007FF67FF600AA4D40(_t254, _a16, _a40, 0x15e, "%s%s%s%d$%x",  &_v568);
				goto 0xa788f1;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_t332 = _a16;
				_v1016 = _t332;
				asm("pushad");
				E00007FF67FF600AA4D40(_t254, _t332, _a40, 0x15e, "%s%s%s%d",  &_v568);
				lstrlenA(??);
				_v600 = _t332;
				_t334 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb0845c, _t334);
				lstrcatA(??, ??);
				E00007FF67FF600A87130(_t254, _t255,  &_v952, "%s%s%s%d");
				 *((long long*)(_a40 + 0x18)) = _t334;
				_t336 = _t438 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF600A7C440(0xb0845c, _t336);
				lstrcatA(??, ??);
				E00007FF67FF600A87130(_t254, _t255,  &_v952, "%s%s%s%d");
				 *((long long*)(_a40 + 0x20)) = _t336;
				_t337 = _a40;
				if ( *_t337 == 0) goto 0xa789d6;
				_v1016 = 0;
				r9d = 0;
				r8d = 0;
				 *((intOrPtr*)(_t337 - 0x75)) =  *((intOrPtr*)(_t337 - 0x75)) + _t254;
				dil = dil;
				asm("adc eax, 0x8e94e"); // executed
				 *((long long*)(_a40 + 8)) = _t337;
				if ( *((long long*)(_a40 + 0x18)) == 0) goto 0xa78a10;
				if ( *((long long*)(_a40 + 0x20)) == 0) goto 0xa78a10;
				if ( *((long long*)(_a40 + 8)) == 0) goto 0xa78a10;
				_v24 = 1;
				goto 0xa78a1b;
				_v24 = 0;
				_v984 = 0;
				if ((_v984 & 0x000000ff) == 0) goto 0xa78a5f;
				if ((_a8 & 0x000000ff) == 0) goto 0xa78a5d;
				E00007FF67FF600AA7EF0(0, _t255,  *((intOrPtr*)(_a40 + 8)), 0,  *((intOrPtr*)(_a40 + 0x10)));
				goto 0xa78a6c;
				E00007FF67FF600A78AC0(_a40);
				goto 0xa78ab2;
				 *_a40 = 0;
				 *((long long*)(_a40 + 8)) = 0;
				 *((long long*)(_a40 + 0x18)) = 0;
				 *((long long*)(_a40 + 0x20)) = 0;
				_v984 = 1;
				return _v984;
			}






































                                                0x7ff600a78280
                                                0x7ff600a78280
                                                0x7ff600a78285
                                                0x7ff600a7828a
                                                0x7ff600a7828f
                                                0x7ff600a7829a
                                                0x7ff600a782a8
                                                0x7ff600a782b7
                                                0x7ff600a782bb
                                                0x7ff600a782cc
                                                0x7ff600a782d2
                                                0x7ff600a782e4
                                                0x7ff600a782f1
                                                0x7ff600a782fa
                                                0x7ff600a78305
                                                0x7ff600a7830e
                                                0x7ff600a7832b
                                                0x7ff600a7832c
                                                0x7ff600a78331
                                                0x7ff600a7833a
                                                0x7ff600a7833e
                                                0x7ff600a78343
                                                0x7ff600a78360
                                                0x7ff600a78361
                                                0x7ff600a7836b
                                                0x7ff600a78371
                                                0x7ff600a78382
                                                0x7ff600a78394
                                                0x7ff600a783a6
                                                0x7ff600a783b6
                                                0x7ff600a783bb
                                                0x7ff600a783be
                                                0x7ff600a783c4
                                                0x7ff600a783d4
                                                0x7ff600a783e1
                                                0x7ff600a783ec
                                                0x7ff600a783f1
                                                0x7ff600a78401
                                                0x7ff600a78412
                                                0x7ff600a78418
                                                0x7ff600a78422
                                                0x7ff600a7842f
                                                0x7ff600a7843b
                                                0x7ff600a78440
                                                0x7ff600a78450
                                                0x7ff600a78461
                                                0x7ff600a78467
                                                0x7ff600a78471
                                                0x7ff600a7847e
                                                0x7ff600a78482
                                                0x7ff600a78493
                                                0x7ff600a78498
                                                0x7ff600a784ad
                                                0x7ff600a784b2
                                                0x7ff600a784b9
                                                0x7ff600a784d5
                                                0x7ff600a784d7
                                                0x7ff600a784d9
                                                0x7ff600a784e6
                                                0x7ff600a784eb
                                                0x7ff600a784fb
                                                0x7ff600a78509
                                                0x7ff600a7850a
                                                0x7ff600a78517
                                                0x7ff600a78526
                                                0x7ff600a78534
                                                0x7ff600a7853d
                                                0x7ff600a78548
                                                0x7ff600a78551
                                                0x7ff600a7855e
                                                0x7ff600a7857b
                                                0x7ff600a7857c
                                                0x7ff600a78581
                                                0x7ff600a7858a
                                                0x7ff600a78593
                                                0x7ff600a78598
                                                0x7ff600a785a0
                                                0x7ff600a785bd
                                                0x7ff600a785be
                                                0x7ff600a785c8
                                                0x7ff600a785ce
                                                0x7ff600a785dd
                                                0x7ff600a785e2
                                                0x7ff600a785f2
                                                0x7ff600a78600
                                                0x7ff600a78601
                                                0x7ff600a7860e
                                                0x7ff600a7861d
                                                0x7ff600a78623
                                                0x7ff600a7862d
                                                0x7ff600a78642
                                                0x7ff600a7864c
                                                0x7ff600a7865a
                                                0x7ff600a7865f
                                                0x7ff600a78666
                                                0x7ff600a78682
                                                0x7ff600a78684
                                                0x7ff600a78686
                                                0x7ff600a78692
                                                0x7ff600a7869d
                                                0x7ff600a786a6
                                                0x7ff600a786ab
                                                0x7ff600a786b3
                                                0x7ff600a786d0
                                                0x7ff600a786d1
                                                0x7ff600a786db
                                                0x7ff600a786e1
                                                0x7ff600a786f0
                                                0x7ff600a786f5
                                                0x7ff600a78705
                                                0x7ff600a78713
                                                0x7ff600a78714
                                                0x7ff600a78721
                                                0x7ff600a7872c
                                                0x7ff600a78735
                                                0x7ff600a78740
                                                0x7ff600a78749
                                                0x7ff600a78766
                                                0x7ff600a78767
                                                0x7ff600a7876c
                                                0x7ff600a78775
                                                0x7ff600a78779
                                                0x7ff600a7877e
                                                0x7ff600a7879b
                                                0x7ff600a7879c
                                                0x7ff600a787a6
                                                0x7ff600a787ac
                                                0x7ff600a787bb
                                                0x7ff600a787c0
                                                0x7ff600a787d0
                                                0x7ff600a787e1
                                                0x7ff600a787ec
                                                0x7ff600a787f9
                                                0x7ff600a78805
                                                0x7ff600a7880a
                                                0x7ff600a7881a
                                                0x7ff600a7882b
                                                0x7ff600a78836
                                                0x7ff600a78843
                                                0x7ff600a78854
                                                0x7ff600a78862
                                                0x7ff600a7886b
                                                0x7ff600a78876
                                                0x7ff600a7887f
                                                0x7ff600a7888c
                                                0x7ff600a788a9
                                                0x7ff600a788aa
                                                0x7ff600a788af
                                                0x7ff600a788b8
                                                0x7ff600a788c1
                                                0x7ff600a788c6
                                                0x7ff600a788ce
                                                0x7ff600a788eb
                                                0x7ff600a788ec
                                                0x7ff600a788f6
                                                0x7ff600a788fc
                                                0x7ff600a7890b
                                                0x7ff600a78910
                                                0x7ff600a78920
                                                0x7ff600a78931
                                                0x7ff600a7893c
                                                0x7ff600a78949
                                                0x7ff600a78955
                                                0x7ff600a7895a
                                                0x7ff600a7896a
                                                0x7ff600a7897b
                                                0x7ff600a78986
                                                0x7ff600a78993
                                                0x7ff600a78997
                                                0x7ff600a789a3
                                                0x7ff600a789a5
                                                0x7ff600a789ae
                                                0x7ff600a789b1
                                                0x7ff600a789c0
                                                0x7ff600a789c3
                                                0x7ff600a789c5
                                                0x7ff600a789d2
                                                0x7ff600a789e3
                                                0x7ff600a789f2
                                                0x7ff600a78a01
                                                0x7ff600a78a03
                                                0x7ff600a78a0e
                                                0x7ff600a78a10
                                                0x7ff600a78a23
                                                0x7ff600a78a2e
                                                0x7ff600a78a3a
                                                0x7ff600a78a58
                                                0x7ff600a78a5d
                                                0x7ff600a78a67
                                                0x7ff600a78a6c
                                                0x7ff600a78a76
                                                0x7ff600a78a85
                                                0x7ff600a78a95
                                                0x7ff600a78aa5
                                                0x7ff600a78aad
                                                0x7ff600a78abd

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: lstrcat$lstrlen$ErrorLast$Close$FileHandleView$ChangeFindNotificationUnmap
                                                • String ID: %s%d\$%s%d\%s\$%s%s%d$%s%s%d$%x$%s%s%s%d$%s%s%s%d$%x$InitIpcAnswer: Creating Answer file mapping. name=%S$InitIpcAnswer: Opening existing answer file mapping. name=%S
                                                • API String ID: 1479831617-1343440147
                                                • Opcode ID: dde2e3a94a37adf39bca9595121ff58fdc3665ccc9b6159ba5c86193bd69dc5f
                                                • Instruction ID: a9dc933fdc524df92045a1944daa2db2beb3913a46124d7926b094a95496fb06
                                                • Opcode Fuzzy Hash: dde2e3a94a37adf39bca9595121ff58fdc3665ccc9b6159ba5c86193bd69dc5f
                                                • Instruction Fuzzy Hash: FA222C7260CA86A5E720CB14E4943EAB760FB89744F604136EB8D87BADDF3DD644CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A76E70 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 221memorysynchronizationthreadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 284 7ff600a76e70-7ff600a76e85 285 7ff600a76e8d-7ff600a76e92 284->285 286 7ff600a76e98-7ff600a76ebb WaitForSingleObject 285->286 287 7ff600a772e4-7ff600a772ed 285->287 288 7ff600a76ebd 286->288 289 7ff600a76ec2-7ff600a76eef EnterCriticalSection 286->289 288->287 290 7ff600a76f0c-7ff600a76f1b LeaveCriticalSection 289->290 291 7ff600a76ef1-7ff600a76f08 289->291 292 7ff600a76f21-7ff600a76f27 290->292 291->290 293 7ff600a76f2d-7ff600a76f35 292->293 294 7ff600a77160-7ff600a7716c 292->294 295 7ff600a76f42-7ff600a76f60 293->295 296 7ff600a77173-7ff600a771a6 294->296 297 7ff600a7716e 294->297 298 7ff600a76f66-7ff600a76f90 295->298 299 7ff600a76fff-7ff600a77005 295->299 303 7ff600a771ac-7ff600a771b1 296->303 304 7ff600a772df 296->304 297->287 301 7ff600a76ffa 298->301 302 7ff600a76f92-7ff600a76ff8 SetEvent 298->302 305 7ff600a7715b 299->305 306 7ff600a7700b-7ff600a77030 299->306 301->295 302->299 308 7ff600a771b3-7ff600a771b8 303->308 309 7ff600a771be-7ff600a771ee 303->309 304->285 305->292 310 7ff600a7712c-7ff600a77132 306->310 311 7ff600a77036-7ff600a770dc LocalAlloc call 7ff600a79d50 CreateEventW CreateThread 306->311 308->309 313 7ff600a772da 308->313 309->313 314 7ff600a771f4-7ff600a7723e GetTickCount 309->314 310->305 312 7ff600a77134-7ff600a77157 WaitForSingleObject 310->312 320 7ff600a770f9-7ff600a77127 CloseHandle LocalFree call 7ff600a79e70 311->320 321 7ff600a770de-7ff600a770f7 SetThreadPriority 311->321 312->305 316 7ff600a77159 312->316 314->313 317 7ff600a77244-7ff600a772d5 call 7ff600a76710 SetEvent call 7ff600a79f10 314->317 316->294 317->313 320->310 321->310
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CreateCriticalEventSection$AllocEnterLeaveLocalObjectSingleThreadWait
                                                • String ID: Dispatch thread: Removing idle thread from worker pool
                                                • API String ID: 3859977208-3158692423
                                                • Opcode ID: 57723b6c703e4577aafa68432194fdb573cb6929ae053a47e4feb9c0fcecfbcc
                                                • Instruction ID: ce4e56988a355c1c6cea995fe1c6a1ec797dfe027775bb1fafba0b533d737af5
                                                • Opcode Fuzzy Hash: 57723b6c703e4577aafa68432194fdb573cb6929ae053a47e4feb9c0fcecfbcc
                                                • Instruction Fuzzy Hash: F3C19536618B8596DB60CB59E49436EB7B0F7C9B84F208136EA8E83769CF7DD445CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A78AC0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                C-Code - Quality: 37%
                                                			E00007FF67FF600A78AC0(long long __rcx, void* _a8) {
				void* _t32;
				void* _t65;
				void* _t66;

				_a8 = __rcx;
				if ( *((long long*)(_a8 + 8)) == 0) goto 0xa78afc;
				UnmapViewOfFile(??);
				if (_a8 != 0) goto 0xa78afc;
				E00007FF67FF600A76710(GetLastError(), L"CloseIpcAnswer: UnmapViewOfFile failed: %d\n", _a8, _t65, _t66);
				if ( *_a8 == 0) goto 0xa78b39;
				FindCloseChangeNotification(??); // executed
				if (_a8 != 0) goto 0xa78b2d;
				E00007FF67FF600A76710(GetLastError(), L"CloseIpcAnswer: CloseHandle(Map) failed: %d\n", _a8, _t65, _t66);
				 *_a8 = 0;
				if ( *((long long*)(_a8 + 0x18)) == 0) goto 0xa78b79;
				CloseHandle(??);
				if (_a8 != 0) goto 0xa78b6c;
				E00007FF67FF600A76710(GetLastError(), L"CloseIpcAnswer: CloseHandle(Event1) failed: %d\n", _a8, _t65, _t66);
				 *((long long*)(_a8 + 0x18)) = 0;
				if ( *((long long*)(_a8 + 0x20)) == 0) goto 0xa78bb9;
				CloseHandle(??);
				if (_a8 != 0) goto 0xa78bac;
				_t32 = E00007FF67FF600A76710(GetLastError(), L"CloseIpcAnswer: CloseHandle(Event2) failed: %d\n", _a8, _t65, _t66);
				 *((long long*)(_a8 + 0x20)) = 0;
				return _t32;
			}






                                                0x7ff600a78ac0
                                                0x7ff600a78ad3
                                                0x7ff600a78ade
                                                0x7ff600a78ae6
                                                0x7ff600a78af7
                                                0x7ff600a78b05
                                                0x7ff600a78b0f
                                                0x7ff600a78b17
                                                0x7ff600a78b28
                                                0x7ff600a78b32
                                                0x7ff600a78b43
                                                0x7ff600a78b4e
                                                0x7ff600a78b56
                                                0x7ff600a78b67
                                                0x7ff600a78b71
                                                0x7ff600a78b83
                                                0x7ff600a78b8e
                                                0x7ff600a78b96
                                                0x7ff600a78ba7
                                                0x7ff600a78bb1
                                                0x7ff600a78bbd

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Close$Handle$ChangeFileFindNotificationUnmapView
                                                • String ID: CloseIpcAnswer: CloseHandle(Event1) failed: %d$CloseIpcAnswer: CloseHandle(Event2) failed: %d$CloseIpcAnswer: CloseHandle(Map) failed: %d$CloseIpcAnswer: UnmapViewOfFile failed: %d
                                                • API String ID: 2462088729-206946785
                                                • Opcode ID: 76bd55b7f964beb651cb3b85676babbb421a46c4ced8e773b41e82f04e03c6fe
                                                • Instruction ID: 065e5f615b25326ce63a5e0415457933e1bbc7a56edb6db3482391d405f24270
                                                • Opcode Fuzzy Hash: 76bd55b7f964beb651cb3b85676babbb421a46c4ced8e773b41e82f04e03c6fe
                                                • Instruction Fuzzy Hash: 6531EA66A6DA46A2E7449B15E89476A7360FBC4B84F609032E94FC37BDDF3DE844C340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A780C0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84librarymemoryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseHandleLocalOpenProcess$AddressAllocChangeContainerFindFreeModuleNamedNotificationObjectPathProcToken
                                                • String ID: GetAppContainerNamedObjectPath$kernelbase.dll
                                                • API String ID: 2961208496-3458540933
                                                • Opcode ID: 0ffc556b47da561c096d28bc67db62a862320c84825ac0d2c00853ffe3d9a717
                                                • Instruction ID: 4dd60fb3c356119e7182a50205d0ee589c3e9010e7434561fe2d140ba048d440
                                                • Opcode Fuzzy Hash: 0ffc556b47da561c096d28bc67db62a862320c84825ac0d2c00853ffe3d9a717
                                                • Instruction Fuzzy Hash: 26412232A5CA8191E7A0DB15E9483AAB7A0FBC6740F605135DA9E837ADDF3DE444CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A75270 Relevance: 16.6, APIs: 11, Instructions: 62memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Token$InformationLocal$AllocChangeCloseFindFreeNotificationOpenProcess
                                                • String ID:
                                                • API String ID: 3374312277-0
                                                • Opcode ID: 17bd890be3c3d7c71809d051cc845429677b538c499284128fe982e0f8dec3cc
                                                • Instruction ID: 10d6d610f2c060436c1d4f4ac47ecd9816cd2b9530551372c8faf6aa37bb8cca
                                                • Opcode Fuzzy Hash: 17bd890be3c3d7c71809d051cc845429677b538c499284128fe982e0f8dec3cc
                                                • Instruction Fuzzy Hash: 9F312F32A1CA4196E7508B65E85472DB360FB85B90F605035EA8FC7BACCFBDE444CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A77320 Relevance: 15.1, APIs: 10, Instructions: 104synchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseCriticalFreeHandleLocalSection$CountEnterEventLeaveObjectReleaseSemaphoreSingleTickWait
                                                • String ID:
                                                • API String ID: 171361178-0
                                                • Opcode ID: 20f04044d339af900af646baf3f5f550378a64d2f8716f6da9f1f07b077510b9
                                                • Instruction ID: 4170bbd769ed14ad34f544da622873cfe32d0e34d8511f02f57830205b9541c2
                                                • Opcode Fuzzy Hash: 20f04044d339af900af646baf3f5f550378a64d2f8716f6da9f1f07b077510b9
                                                • Instruction Fuzzy Hash: 7151B876A1CB8992DB50CB16E49436DB7A1F789F94F614032EE4E87768CF39E444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A86D90 Relevance: 12.1, APIs: 8, Instructions: 74COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                C-Code - Quality: 42%
                                                			E00007FF67FF600A86D90(void* __ecx, void* __edx, long long __rax, long long __rcx, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				char _v56;
				char _v64;
				char _v104;
				long long _v112;
				long long _v120;
				void* _t48;
				long long _t60;
				long long _t76;

				_t83 = __r8;
				_t60 = __rax;
				_t50 = __edx;
				_a24 = r8d;
				_a16 = _t76;
				_a8 = __rcx;
				_v112 = 0;
				_v120 = 0;
				if (_a16 == 0) goto 0xa86dca;
				_v120 = 0xf001f;
				goto 0xa86dd2;
				_v120 = 4;
				if (_a24 == 0) goto 0xa86e3f;
				r8d = 8;
				E00007FF67FF600A7C440(0xb09a00,  &_v64);
				r8d = 0;
				E00007FF67FF600A7E210(__ecx, __edx,  &_v104,  &_v64, __r8);
				E00007FF67FF600A7F640(E00007FF67FF600A7F130(__ecx, _t50,  &_v104, _a8, _t83),  &_v104);
				OpenFileMappingW(??, ??, ??); // executed
				_v112 = _t60;
				E00007FF67FF600A7E460( &_v104);
				if (_v112 != 0) goto 0xa86e94;
				if (_a24 == 0) goto 0xa86e57;
				GetLastError();
				r8d = 0;
				E00007FF67FF600A7F640(E00007FF67FF600A7E210(__ecx, _t50,  &_v56, _a8, _t60),  &_v56);
				OpenFileMappingW(??, ??, ??); // executed
				_v112 = _t60;
				E00007FF67FF600A7E460( &_v56);
				if (_v112 != 0) goto 0xa86ef0;
				GetLastError();
				if (_t60 == 5) goto 0xa86eb2;
				GetLastError();
				if (_t60 != 6) goto 0xa86ef0;
				GetLastError();
				_v16 = _t60;
				_t48 = E00007FF67FF600A86AE0(__ecx, _t60 - 6, _t60, _a8, 0);
				_v112 = _t60;
				if (_v112 == 0) goto 0xa86ee3;
				SetLastError(??);
				goto 0xa86ef0;
				SetLastError(??);
				return _t48;
			}












                                                0x7ff600a86d90
                                                0x7ff600a86d90
                                                0x7ff600a86d90
                                                0x7ff600a86d90
                                                0x7ff600a86d95
                                                0x7ff600a86d99
                                                0x7ff600a86da5
                                                0x7ff600a86dae
                                                0x7ff600a86dbe
                                                0x7ff600a86dc0
                                                0x7ff600a86dc8
                                                0x7ff600a86dca
                                                0x7ff600a86dda
                                                0x7ff600a86ddc
                                                0x7ff600a86dee
                                                0x7ff600a86df3
                                                0x7ff600a86e00
                                                0x7ff600a86e1c
                                                0x7ff600a86e2a
                                                0x7ff600a86e30
                                                0x7ff600a86e3a
                                                0x7ff600a86e45
                                                0x7ff600a86e4f
                                                0x7ff600a86e51
                                                0x7ff600a86e57
                                                0x7ff600a86e71
                                                0x7ff600a86e7f
                                                0x7ff600a86e85
                                                0x7ff600a86e8f
                                                0x7ff600a86e9a
                                                0x7ff600a86e9c
                                                0x7ff600a86ea5
                                                0x7ff600a86ea7
                                                0x7ff600a86eb0
                                                0x7ff600a86eb2
                                                0x7ff600a86eb8
                                                0x7ff600a86ec7
                                                0x7ff600a86ecc
                                                0x7ff600a86ed7
                                                0x7ff600a86edb
                                                0x7ff600a86ee1
                                                0x7ff600a86eea
                                                0x7ff600a86efc

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$FileMappingOpen
                                                • String ID:
                                                • API String ID: 3574041349-0
                                                • Opcode ID: 05d4e8a6f89a6e4e0e10635e7ec0cabf2199b675096b1b682a58abda101d3e59
                                                • Instruction ID: 8e553dcc26560019e9fa4322588028b1cb64e8ccf72cd2b9d6310acccbe75ad4
                                                • Opcode Fuzzy Hash: 05d4e8a6f89a6e4e0e10635e7ec0cabf2199b675096b1b682a58abda101d3e59
                                                • Instruction Fuzzy Hash: BF41413291C681A6E770EB14E45437AB361FF85344F604035E28E82BAECF7CE588CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA1420 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: QueryValue$CloseCreate
                                                • String ID: InstId
                                                • API String ID: 2657993070-4269911512
                                                • Opcode ID: 1dcd0e5c3149684b15bda838b15bec7b8436c05b94bdb4dfbefb862faab03163
                                                • Instruction ID: 1f3db25b2582a2063e054a9d13fb56daf601c72c4d459601f3b2e2e17b810bbc
                                                • Opcode Fuzzy Hash: 1dcd0e5c3149684b15bda838b15bec7b8436c05b94bdb4dfbefb862faab03163
                                                • Instruction Fuzzy Hash: B0218077A0CB42A7EB158F15E5401BAB3A2FB89784F644035EE8D42B59EF3CE445CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA17C0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E00007FF67FF600AA17C0() {
				long long _v16;
				long long _v24;
				long long _t17;
				void* _t22;

				_v16 = 0;
				r9d = 1;
				_v24 = 0x1000;
				r8d = 0;
				E00007FF67FF600A75E90(_t17, "FileOpenManagerListenScreenHooksPipe", 0x7ff600aa16b0, _t22); // executed
				if (_t17 != 0) goto 0xaa1807;
				GetLastError();
				 *0xb34a84 = _t17;
				_v16 = 0;
				r9d = 1;
				_v24 = 0x1000;
				r8d = 0;
				E00007FF67FF600A75E90(_t17, "FileOpenManagerListenPipe", 0x7ff600aa1580, _t22); // executed
				if (_t17 != 0) goto 0xaa184c;
				GetLastError();
				 *0xb34a84 = _t17;
				return 0;
			}







                                                0x7ff600aa17c6
                                                0x7ff600aa17d6
                                                0x7ff600aa17dc
                                                0x7ff600aa17e4
                                                0x7ff600aa17f0
                                                0x7ff600aa17f7
                                                0x7ff600aa17fb
                                                0x7ff600aa1801
                                                0x7ff600aa1807
                                                0x7ff600aa1817
                                                0x7ff600aa181d
                                                0x7ff600aa1825
                                                0x7ff600aa182f
                                                0x7ff600aa1836
                                                0x7ff600aa1838
                                                0x7ff600aa183e
                                                0x7ff600aa184b

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast
                                                • String ID: FileOpenManagerListenPipe$FileOpenManagerListenScreenHooksPipe
                                                • API String ID: 1452528299-1563720609
                                                • Opcode ID: 05e9078695de441b2bc0fca81b854a747b70d52fe036142bb4a79fa93e6d553f
                                                • Instruction ID: d887181ecd0dcd1de898fc37ba94a721ea0369659ad807bc57a052cf5d79bb6a
                                                • Opcode Fuzzy Hash: 05e9078695de441b2bc0fca81b854a747b70d52fe036142bb4a79fa93e6d553f
                                                • Instruction Fuzzy Hash: 67014F76E5C642A2F7509B20E9047A567A0FF5A389FA44031D88DC27AEEF7DF148CB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA14F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID: ?$Software\FileOpen\FileOpenClient
                                                • API String ID: 2289755597-1262923980
                                                • Opcode ID: fb3ee513b855875674bafe252d5642dfd11ab97b5bed66805749e9ce5624857e
                                                • Instruction ID: 686834261a8e2873f5c1220c58625eb5490506119b64930609a9a5c956b048d2
                                                • Opcode Fuzzy Hash: fb3ee513b855875674bafe252d5642dfd11ab97b5bed66805749e9ce5624857e
                                                • Instruction Fuzzy Hash: A5F08231B1CB4593DB108F20F88552673A4FB89794FA01235E68E83B68DF3DD054CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEC120 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00007FF67FF600AEC120(void* __eax, signed int __rcx, signed int __rdx) {
				void* _t8;

				if (__rcx == 0) goto 0xaec13f;
				if (0xffffffffffffffe0 - __rdx < 0) goto 0xaec182;
				_t21 =  ==  ? 0x1 : __rcx * __rdx;
				goto 0xaec166;
				E00007FF67FF600AE6860();
				if (0x1 == 0) goto 0xaec182;
				E00007FF67FF600AE207C(0x1,  ==  ? 0x1 : __rcx * __rdx);
				if (0x1 == 0) goto 0xaec182;
				 *0x1 =  *0x1 + 0x1; // executed
				if (0x1 == 0) goto 0xaec151;
				goto 0xaec18f;
				_t8 = E00007FF67FF600AE8D04(0x1);
				 *0x1 = 0xc;
				return _t8;
			}




                                                0x7ff600aec12f
                                                0x7ff600aec13d
                                                0x7ff600aec14c
                                                0x7ff600aec14f
                                                0x7ff600aec151
                                                0x7ff600aec158
                                                0x7ff600aec15d
                                                0x7ff600aec164
                                                0x7ff600aec179
                                                0x7ff600aec17e
                                                0x7ff600aec180
                                                0x7ff600aec182
                                                0x7ff600aec187
                                                0x7ff600aec194

                                                APIs
                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF600AEA4E9,?,?,?,00007FF600AE8D0D,?,?,?,?,00007FF600ACF7DA), ref: 00007FF600AEC175
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 349cff4eb4b42d48293d0f8615fffb60a94b6f1d9784947270f1b5912248c02b
                                                • Instruction ID: 919e38eca9c6d86ec359c0b0439fa0944508661637825530ebcf0e67eaf4f831
                                                • Opcode Fuzzy Hash: 349cff4eb4b42d48293d0f8615fffb60a94b6f1d9784947270f1b5912248c02b
                                                • Instruction Fuzzy Hash: E4F09057F0D2C3B1FE56676299113B582921F49BA4F3C4530C90EC63CBFE2CE6428211
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7A0C0 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 51%
                                                			E00007FF67FF600A7A0C0(long long __rax, long long __rcx, long long _a8) {
				char _v24;
				void* _t6;
				void* _t10;

				_a8 = __rcx;
				r9d = 8;
				E00007FF67FF600A7BBC0(__rax, 0x7ff600a7a0c0, 0xb34d60,  &_v24);
				if (__rax != 0) goto 0xa7a0fa;
				GetModuleHandleW(??);
				 *0xb34d60 = __rax;
				_t6 = E00007FF67FF600A7A230();
				if (__rax == 0) goto 0xa7a11e;
				 *0xb34d68 = 0;
				E00007FF67FF600A88B70(_t6);
				E00007FF67FF600A87C80(__rax);
				E00007FF67FF600A834B0(__rax); // executed
				_t10 = E00007FF67FF600A87B30(__rax); // executed
				return _t10;
			}






                                                0x7ff600a7a0c0
                                                0x7ff600a7a0c9
                                                0x7ff600a7a0e2
                                                0x7ff600a7a0e9
                                                0x7ff600a7a0ed
                                                0x7ff600a7a0f3
                                                0x7ff600a7a0fa
                                                0x7ff600a7a101
                                                0x7ff600a7a103
                                                0x7ff600a7a10a
                                                0x7ff600a7a10f
                                                0x7ff600a7a114
                                                0x7ff600a7a119
                                                0x7ff600a7a122

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Module$FileHandleNameQueryVirtual
                                                • String ID:
                                                • API String ID: 2639326306-0
                                                • Opcode ID: 7f678bd9411da7659289139b5723f432329c8882b0c88449ac41d8abaaa910bd
                                                • Instruction ID: 9e19e226f9cfea080d50a87074af9a137d6ceb5cd44f816c6786a370efe79ba9
                                                • Opcode Fuzzy Hash: 7f678bd9411da7659289139b5723f432329c8882b0c88449ac41d8abaaa910bd
                                                • Instruction Fuzzy Hash: 37F0FE62D1C68771FA50B7A0AC052BC1650AF91344FB08035D84DC239FDF6DF556C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 00007FF600A8EFE0 Relevance: 65.3, APIs: 36, Strings: 1, Instructions: 544memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00007FF600A9F290: LocalAlloc.KERNEL32 ref: 00007FF600A9F2D3
                                                  • Part of subcall function 00007FF600A9F290: GetModuleFileNameW.KERNEL32 ref: 00007FF600A9F2EB
                                                  • Part of subcall function 00007FF600A9F290: GetModuleFileNameW.KERNEL32 ref: 00007FF600A9F348
                                                  • Part of subcall function 00007FF600A9F290: GetCurrentDirectoryW.KERNEL32 ref: 00007FF600A9F39D
                                                  • Part of subcall function 00007FF600A9F290: GetSystemDirectoryW.KERNEL32 ref: 00007FF600A9F3EE
                                                  • Part of subcall function 00007FF600A9F290: LocalFree.KERNEL32 ref: 00007FF600A9F431
                                                • LocalAlloc.KERNEL32 ref: 00007FF600A8F0DF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocDirectoryFileModuleName$CurrentFreeSystem
                                                • String ID: DLL %03d
                                                • API String ID: 224769099-4281766797
                                                • Opcode ID: d209435052137a8149fb71e0aea3930d1d134427c1036aa17cccf7c9d7caee54
                                                • Instruction ID: bfa77dec78ebec3549b8e0f097f226db4dc99b6f39b2cd7476c1df3e6b0a4ece
                                                • Opcode Fuzzy Hash: d209435052137a8149fb71e0aea3930d1d134427c1036aa17cccf7c9d7caee54
                                                • Instruction Fuzzy Hash: 77624032A1CAC29AE770CB15E4547AAB7A4FB85784F204035EA8E87B6DDF7DD544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A75F80 Relevance: 54.6, APIs: 27, Strings: 4, Instructions: 323filenativesynchronizationCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 18%
                                                			E00007FF67FF600A75F80(void* __edi, void* __esp, long long __rcx, long long __rdx, void* __r8, long long __r9, void* _a4, long long _a8, void* _a12, long long _a16, void* _a20, long _a24, void* _a28, long long _a32, void* _a36, void* _a44) {
				void* _v4;
				char _v32;
				void* _v36;
				char _v40;
				void* _v44;
				void* _v52;
				void* _v60;
				void* _v76;
				void* _v84;
				void* _v100;
				void* _v108;
				void* _v116;
				void* _v124;
				void* _v132;
				void* _v148;
				void* _v156;
				void* _v164;
				void* _v172;
				void* _v196;
				long _v448;
				long long _v452;
				signed long long _v456;
				void* _v460;
				void* _v464;
				void* _v468;
				long long _v472;
				void* _v484;
				void* _v500;
				void* _v508;
				void* _v516;
				void* _v524;
				void* _v532;
				void* _v552;
				void* _v860;
				long _v864;
				char _v872;
				long long _v876;
				void* _v884;
				signed long long _v888;
				void* _v892;
				void* _v900;
				void* _v908;
				void* _v916;
				void* _v924;
				void* _v932;
				signed char _t177;
				signed char _t178;
				long _t183;
				void* _t186;
				void* _t187;
				void* _t190;
				long _t199;
				signed char _t214;
				int _t218;
				void* _t220;
				void* _t223;
				long long _t256;
				signed long long _t259;
				long long _t262;
				long long _t265;
				intOrPtr* _t266;
				long long _t275;
				signed long long _t278;
				signed long long _t282;
				void* _t290;
				void* _t357;
				void* _t358;

				_t360 = __r8;
				_a32 = __r9;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_t358 = _t357 - 0x3b0;
				_t177 = GetLastError();
				_v876 = _t256;
				_v472 = 0;
				_v888 = 0;
				_v872 = 0;
				_t178 = _t177 & 0x00000048;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t178;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t178;
				_t259 = E00007FF67FF600A75E60(0) & 0x000000ff;
				if (_t259 == 0) goto 0xa76392;
				r8d = 0x104;
				E00007FF67FF600AA7EF0(_t179, _t223,  &_v456, 0, __r8);
				E00007FF67FF600A78D00(_t259);
				_v448 = _t259;
				GetCurrentProcessId();
				_v456 = _t259;
				 *((long long*)(_t358 + 0x1c0)) =  *((intOrPtr*)(_t358 + 0x3e0));
				_t183 = GetCurrentProcessId();
				 *((long long*)(_t358 + 0x28)) = 0;
				 *((long long*)(_t358 + 0x20)) = _t358 + 0x1b0;
				r9d = _t183;
				r8d = _v448;
				 *(_t358 + 0x48) = E00007FF67FF600A78280(1, _a8) & 0x000000ff;
				if ( *(_t358 + 0x48) == 0) goto 0xa7638d;
				 *((long long*)(_t358 + 0x350)) = 0;
				 *((long long*)(_t358 + 0x388)) = 0;
				 *((long long*)(_t358 + 0x320)) = 0;
				 *((long long*)(_t358 + 0x318)) = 0;
				E00007FF67FF600A76810(E00007FF67FF600A78280(1, _a8) & 0x000000ff);
				_t186 = E00007FF67FF600A76730(E00007FF67FF600A78280(1, _a8) & 0x000000ff, _a8, _t358 + 0x340);
				r8d = 0x30;
				_t187 = E00007FF67FF600AA7EF0(_t186, _t223, _t358 + 0x358, 0, _t360);
				r8d = 0x14;
				E00007FF67FF600AA7EF0(_t187, _t223, _t358 + 0x300, 0, _t360);
				_t262 = _a24;
				_v452 = _t262;
				GetCurrentProcessId();
				_t190 = E00007FF67FF600A72360(1, _t262);
				 *((long long*)(_t358 + 0x1fc)) = _t262;
				 *((long long*)(_t358 + 0x200)) =  *((intOrPtr*)(_t358 + 0x3e0));
				if (_a24 - 0xf0 <= 0) goto 0xa76230;
				r8d = 0x18;
				E00007FF67FF600AA7EF0(_t190, _t223, _t358 + 0x328, 0, _t360);
				 *((long long*)(_t358 + 0x358)) = 0x30;
				 *((long long*)(_t358 + 0x28)) = 0;
				_t265 = _a24;
				 *((long long*)(_t358 + 0x20)) = _t265;
				r9d = 0;
				r8d = 4;
				CreateFileMappingW(??, ??, ??, ??, ??, ??);
				 *((long long*)(_t358 + 0x360)) = _t265;
				_t266 = _a24;
				 *((long long*)(_t358 + 0x370)) = _t266;
				 *((long long*)(_t358 + 0x20)) = 0;
				r9d = 0;
				r8d = 0;
				asm("pushad");
				dil = dil + dil;
				asm("adc eax, 0x9116f");
				 *((long long*)(_t358 + 0x378)) = _t266 +  *_t266;
				if ( *((long long*)(_t358 + 0x378)) == 0) goto 0xa761f5;
				E00007FF67FF600AA7840();
				UnmapViewOfFile(??);
				 *((long long*)(_t358 + 0x378)) = 0;
				 *((long long*)(_t358 + 0x328)) = 0x18;
				 *((long long*)(_t358 + 0x330)) = _a24;
				 *((long long*)(_t358 + 0x350)) = _t358 + 0x358;
				 *((long long*)(_t358 + 0x388)) = _t358 + 0x328;
				goto 0xa76267;
				E00007FF67FF600AA7840();
				 *((long long*)(_t358 + 0x350)) = 0;
				 *((long long*)(_t358 + 0x388)) = 0;
				 *((long long*)(_t358 + 0x320)) = 0x104;
				 *((long long*)(_t358 + 0x38)) = _t358 + 0x320;
				 *((long long*)(_t358 + 0x30)) =  &_v456;
				 *((long long*)(_t358 + 0x28)) = 0;
				_t275 =  *((intOrPtr*)(_t358 + 0x388));
				 *((long long*)(_t358 + 0x20)) = _t275;
				 *0xb34be0();
				if (_t275 != 0) goto 0xa762da;
				E00007FF67FF600A76710(CloseHandle(??), L"SendIpcMessage: NtConnectPort complete\n", _t358 + 0x340, _t358 + 0x300,  *((intOrPtr*)(_t358 + 0x350)));
				LocalFree(??);
				if ( *((long long*)(_t358 + 0x360)) == 0) goto 0xa7630d;
				CloseHandle(??);
				if (_v456 == 0) goto 0xa76333;
				_t199 = GetCurrentProcessId();
				if (_v456 == _t275) goto 0xa76333;
				 *((long long*)(_t358 + 0x3a0)) = 1;
				goto 0xa7633e;
				 *((long long*)(_t358 + 0x3a0)) = 0;
				_v472 =  *((intOrPtr*)(_t358 + 0x3a0));
				if (_v472 == 0) goto 0xa76381;
				if ( *((long long*)(_t358 + 0x3e0)) == 0) goto 0xa76381;
				_t278 = _v456 - 1;
				r8d = _t199;
				 *_t278 =  *_t278 | _t278;
				_v888 = _t278;
				goto 0xa7638d;
				E00007FF67FF600A76710(_t199, L"SendIpcMessage: *** LpcPortThread did not fill in the process ID\n", 0, _t358 + 0x300,  *((intOrPtr*)(_t358 + 0x350)));
				goto 0xa76603;
				r9d = 0;
				if ((E00007FF67FF600A798B0(_t278, _a8,  &_v872,  &_v40) & 0x000000ff) == 0) goto 0xa76603;
				 *((long long*)(_t358 + 0x1c0)) =  *((intOrPtr*)(_t358 + 0x3e0));
				 *((long long*)(_t358 + 0x28)) = 0;
				 *((long long*)(_t358 + 0x20)) = _t358 + 0x1b0;
				r9d = 0;
				r8d =  *(_t358 + 0x19c);
				_t282 = E00007FF67FF600A78280(1, _a8) & 0x000000ff;
				 *(_t358 + 0x48) = _t282;
				if ( *(_t358 + 0x48) == 0) goto 0xa765e7;
				r8d = _v864;
				 *_t282 =  *_t282 | _t282;
				_v888 = _t282;
				if (_v888 == 0) goto 0xa765e7;
				GetCurrentProcess();
				 *((long long*)(_t358 + 0x30)) = 2;
				 *((long long*)(_t358 + 0x28)) = 0;
				 *((long long*)(_t358 + 0x20)) = 0;
				DuplicateHandle(??, ??, ??, ??, ??, ??, ??);
				if (_t282 == 0) goto 0xa765e7;
				GetCurrentProcessId();
				E00007FF67FF600A72360(1, _t282);
				 *(_t358 + 0x39c) = _t282;
				 *((long long*)(_t358 + 0x20)) = 0;
				r8d = 4;
				WriteFile(??, ??, ??, ??, ??);
				if (_t282 == 0) goto 0xa765c3;
				if (_v32 != 4) goto 0xa765c3;
				 *((long long*)(_t358 + 0x20)) = 0;
				r8d = 4;
				WriteFile(??, ??, ??, ??, ??);
				if (_t282 == 0) goto 0xa765c3;
				if (_v32 != 4) goto 0xa765c3;
				 *((long long*)(_t358 + 0x20)) = 0;
				r8d = 4;
				WriteFile(??, ??, ??, ??, ??);
				if (_t282 == 0) goto 0xa765c3;
				if (_v32 != 4) goto 0xa765c3;
				 *((long long*)(_t358 + 0x20)) = 0;
				r8d = 4;
				WriteFile(??, ??, ??, ??, ??);
				if (_t282 == 0) goto 0xa765c3;
				if (_v32 != 4) goto 0xa765c3;
				 *((long long*)(_t358 + 0x20)) = 0;
				r8d = _a24;
				WriteFile(??, ??, ??, ??, ??);
				if (_t282 == 0) goto 0xa765c3;
				if (_v32 != _a24) goto 0xa765c3;
				 *((long long*)(_t358 + 0x3a4)) = 1;
				goto 0xa765ce;
				 *((long long*)(_t358 + 0x3a4)) = 0;
				_v472 =  *((intOrPtr*)(_t358 + 0x3a4));
				CloseHandle(??);
				ReleaseMutex(??);
				_t214 = CloseHandle(??);
				if (_v888 == 0) goto 0xa766c8;
				if (_v472 == 0) goto 0xa766bb;
				if ( *((long long*)(_t358 + 0x3e0)) == 0) goto 0xa766bb;
				 *((intOrPtr*)(_t290 + 0x107ef9fffffffa0)) =  *((intOrPtr*)(_t290 + 0x107ef9fffffffa0)) + _t214;
				 *((intOrPtr*)(_t290 + 0x107ef9fffffffd4)) =  *((intOrPtr*)(_t290 + 0x107ef9fffffffd4)) + (_t214 & 0x000000f0);
				if ((E00007FF67FF600A78BC0( *((intOrPtr*)(_t358 + 0x1c8)), _v888) & 0x000000ff) == 0) goto 0xa766b0;
				r9d =  *(_t358 + 0x3f0);
				r8d =  *(_t358 + 0x3e8);
				if ((E00007FF67FF600A78BC0( *((intOrPtr*)(_t358 + 0x1d0)), _v888) & 0x000000ff) == 0) goto 0xa766a3;
				E00007FF67FF600AA7840();
				goto 0xa766ae;
				_v472 = 0;
				goto 0xa766bb;
				_v472 = 0;
				_t218 = CloseHandle(??);
				goto 0xa766d4;
				E00007FF67FF600A76710(_t218, L"*** SendIpcMessage: ProcessID was not filled in by server\n",  *((intOrPtr*)(_t358 + 0x1b8)),  *((intOrPtr*)(_t358 + 0x3e0)),  &_v32);
				if ( *(_t358 + 0x48) == 0) goto 0xa766e8;
				_t220 = E00007FF67FF600A78AC0(_t358 + 0x1b0);
				SetLastError(??);
				return _t220;
			}






































































                                                0x7ff600a75f80
                                                0x7ff600a75f80
                                                0x7ff600a75f85
                                                0x7ff600a75f8a
                                                0x7ff600a75f8f
                                                0x7ff600a75f95
                                                0x7ff600a75f9c
                                                0x7ff600a75fa2
                                                0x7ff600a75fa6
                                                0x7ff600a75fb1
                                                0x7ff600a75fba
                                                0x7ff600a75fd6
                                                0x7ff600a75fd8
                                                0x7ff600a75fda
                                                0x7ff600a75fe1
                                                0x7ff600a75fe6
                                                0x7ff600a75fec
                                                0x7ff600a75ffc
                                                0x7ff600a76001
                                                0x7ff600a76006
                                                0x7ff600a7600d
                                                0x7ff600a76013
                                                0x7ff600a76021
                                                0x7ff600a76028
                                                0x7ff600a7602e
                                                0x7ff600a7603e
                                                0x7ff600a76043
                                                0x7ff600a76046
                                                0x7ff600a76060
                                                0x7ff600a76069
                                                0x7ff600a7606f
                                                0x7ff600a7607b
                                                0x7ff600a76087
                                                0x7ff600a76092
                                                0x7ff600a7609e
                                                0x7ff600a760b3
                                                0x7ff600a760b8
                                                0x7ff600a760c8
                                                0x7ff600a760cd
                                                0x7ff600a760dd
                                                0x7ff600a760e2
                                                0x7ff600a760e9
                                                0x7ff600a760f0
                                                0x7ff600a760f8
                                                0x7ff600a760fd
                                                0x7ff600a7610b
                                                0x7ff600a7611f
                                                0x7ff600a76125
                                                0x7ff600a76135
                                                0x7ff600a7613a
                                                0x7ff600a76145
                                                0x7ff600a7614e
                                                0x7ff600a76155
                                                0x7ff600a76159
                                                0x7ff600a7615c
                                                0x7ff600a7616b
                                                0x7ff600a76171
                                                0x7ff600a76179
                                                0x7ff600a76180
                                                0x7ff600a76187
                                                0x7ff600a76190
                                                0x7ff600a76193
                                                0x7ff600a7619f
                                                0x7ff600a761a2
                                                0x7ff600a761a4
                                                0x7ff600a761a9
                                                0x7ff600a761ba
                                                0x7ff600a761d6
                                                0x7ff600a761e3
                                                0x7ff600a761e9
                                                0x7ff600a761f5
                                                0x7ff600a76207
                                                0x7ff600a76216
                                                0x7ff600a76226
                                                0x7ff600a7622e
                                                0x7ff600a7624a
                                                0x7ff600a7624f
                                                0x7ff600a7625b
                                                0x7ff600a76267
                                                0x7ff600a7627a
                                                0x7ff600a76287
                                                0x7ff600a7628c
                                                0x7ff600a76295
                                                0x7ff600a7629d
                                                0x7ff600a762c2
                                                0x7ff600a762ca
                                                0x7ff600a762e1
                                                0x7ff600a762ee
                                                0x7ff600a762fd
                                                0x7ff600a76307
                                                0x7ff600a76315
                                                0x7ff600a76317
                                                0x7ff600a76324
                                                0x7ff600a76326
                                                0x7ff600a76331
                                                0x7ff600a76333
                                                0x7ff600a76345
                                                0x7ff600a76354
                                                0x7ff600a7635e
                                                0x7ff600a76367
                                                0x7ff600a7636a
                                                0x7ff600a76378
                                                0x7ff600a7637a
                                                0x7ff600a7637f
                                                0x7ff600a76388
                                                0x7ff600a7638d
                                                0x7ff600a76392
                                                0x7ff600a763b4
                                                0x7ff600a763c1
                                                0x7ff600a763c8
                                                0x7ff600a763d8
                                                0x7ff600a763dd
                                                0x7ff600a763e0
                                                0x7ff600a763f7
                                                0x7ff600a763fa
                                                0x7ff600a76403
                                                0x7ff600a76409
                                                0x7ff600a76419
                                                0x7ff600a7641b
                                                0x7ff600a76426
                                                0x7ff600a7642c
                                                0x7ff600a76432
                                                0x7ff600a7643a
                                                0x7ff600a76442
                                                0x7ff600a7645c
                                                0x7ff600a76464
                                                0x7ff600a7646a
                                                0x7ff600a76472
                                                0x7ff600a76477
                                                0x7ff600a7647e
                                                0x7ff600a7648f
                                                0x7ff600a764a2
                                                0x7ff600a764aa
                                                0x7ff600a764b8
                                                0x7ff600a764be
                                                0x7ff600a764cf
                                                0x7ff600a764e2
                                                0x7ff600a764ea
                                                0x7ff600a764f8
                                                0x7ff600a764fe
                                                0x7ff600a7650f
                                                0x7ff600a76522
                                                0x7ff600a7652a
                                                0x7ff600a76538
                                                0x7ff600a7653e
                                                0x7ff600a7654f
                                                0x7ff600a76562
                                                0x7ff600a7656a
                                                0x7ff600a76574
                                                0x7ff600a76576
                                                0x7ff600a76587
                                                0x7ff600a7659c
                                                0x7ff600a765a4
                                                0x7ff600a765b4
                                                0x7ff600a765b6
                                                0x7ff600a765c1
                                                0x7ff600a765c3
                                                0x7ff600a765d5
                                                0x7ff600a765e1
                                                0x7ff600a765ef
                                                0x7ff600a765fd
                                                0x7ff600a76609
                                                0x7ff600a76617
                                                0x7ff600a76625
                                                0x7ff600a76634
                                                0x7ff600a7663c
                                                0x7ff600a76657
                                                0x7ff600a76659
                                                0x7ff600a76661
                                                0x7ff600a76680
                                                0x7ff600a7669c
                                                0x7ff600a766a1
                                                0x7ff600a766a3
                                                0x7ff600a766ae
                                                0x7ff600a766b0
                                                0x7ff600a766c0
                                                0x7ff600a766c6
                                                0x7ff600a766cf
                                                0x7ff600a766d9
                                                0x7ff600a766e3
                                                0x7ff600a766ec
                                                0x7ff600a76701

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Process$CurrentFile$Handle$Close$ErrorLastWrite$CreateMutexView$LocalMappingOpenRelease$AllocConnectDuplicateFreeObjectPortSingleUnmapWait
                                                • String ID: *** SendIpcMessage: ProcessID was not filled in by server$0$SendIpcMessage: *** LpcPortThread did not fill in the process ID$SendIpcMessage: NtConnectPort complete
                                                • API String ID: 3869424166-267596419
                                                • Opcode ID: 7843fc8c7483470dc4237f84eaa5698369a53d46d10683fd118106c7960ee17b
                                                • Instruction ID: b1d42bf303f6dabdc0bbbae7952c0549c8708307f217dccd8552674254db2950
                                                • Opcode Fuzzy Hash: 7843fc8c7483470dc4237f84eaa5698369a53d46d10683fd118106c7960ee17b
                                                • Instruction Fuzzy Hash: 52022932A0CBC296E775CB11E8447AAB3A4FB85784F604035EA8D82B9DCF7DD644CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8E320 Relevance: 51.1, APIs: 25, Strings: 4, Instructions: 349memoryfilethreadCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E00007FF67FF600A8E320(long long __rcx, void* __r9, void* _a8) {
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v32;
				signed char _v40;
				long long _v48;
				void* _v56;
				void* _v64;
				void* _v72;
				void* _v75;
				void* _v76;
				signed long long _v80;
				void* _v84;
				signed long long _v88;
				char _v96;
				signed char _v104;
				signed char* _v112;
				void* _v120;
				void* _v128;
				void* _v132;
				void* _v136;
				void* _v140;
				long long _v144;
				void* _v152;
				short _v304;
				short _v306;
				short _v308;
				short _v310;
				short _v312;
				void* _v320;
				long long _v328;
				void* _v336;
				intOrPtr* _v344;
				long long _v352;
				long long _v360;
				void* _t213;
				void* _t214;
				signed char _t215;
				signed char _t216;
				long _t217;
				signed char _t219;
				long _t220;
				signed char _t221;
				void* _t222;
				WCHAR* _t241;
				intOrPtr* _t243;
				intOrPtr* _t288;
				intOrPtr* _t297;
				void* _t339;
				void* _t340;
				short _t341;

				_a8 = __rcx;
				asm("pop es");
				 *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x40)) + 0x1d - 0x77)) =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x40)) + 0x1d - 0x77)) + _t221;
				if (_v328 == 0) goto 0xa8e95f;
				_v312 = 0x5c;
				_v310 = 0x5c;
				_v308 = 0x2e;
				_v306 = 0x5c;
				_v304 = 0;
				_t241 = _a8;
				_t341 =  *_t241;
				E00007FF67FF600ACF3AC(_t241, 0x40, 0x50, _t341);
				_v352 = 0;
				_v360 = 0x40000000;
				 *((long long*)(_t340 + 0x20)) = 3;
				r9d = 0;
				r8d = 3;
				_t213 = CreateFileW(_t241, _t241, ??, ??, ??);
				 *(_t340 + 0xf0) = _t241;
				if ( *(_t340 + 0xf0) == 0xffffffff) goto 0xa8e954;
				r8d = 0x14;
				_t214 = E00007FF67FF600AA7EF0(_t213, _t222, _t340 + 0xf8, 0, _t341);
				_t243 =  *((intOrPtr*)(_t340 + 0x190)) + 0x18;
				r8d = 0x20;
				_t297 = _t243;
				_t215 = E00007FF67FF600AA7EF0(_t214, _t222, _t297, 0, _t341);
				r9d = 0;
				r8d = 0;
				_t216 = _t215 ^ 0x0000008f;
				asm("pop es");
				 *((intOrPtr*)(_t243 - 0x75)) =  *((intOrPtr*)(_t243 - 0x75)) + _t221;
				 *((intOrPtr*)(_t243 + 0x57ff24cc00000004)) = fs;
				 *_t243 =  *_t243 + _t243;
				 *(_t243 - 0x77) =  *(_t243 - 0x77) + _t221;
				 *(_t341 - 0x75) =  *(_t341 - 0x75) ^ _t221;
				 *_t243 =  *_t243 + _t243;
				 *((intOrPtr*)(_t243 - 0x75)) =  *((intOrPtr*)(_t243 - 0x75)) + _t221;
				 *(_t243 - 0x77) =  *(_t243 - 0x77) ^ _t221;
				 *_t243 =  *_t243 + _t243;
				 *((intOrPtr*)(_t243 - 0x75)) =  *((intOrPtr*)(_t243 - 0x75)) + _t221;
				 *_t243 =  *_t243 + _t243;
				 *((intOrPtr*)(_t243 - 0x75)) =  *((intOrPtr*)(_t243 - 0x75)) + _t221;
				 *_t243 =  *_t243 + _t243;
				sil = sil + _t216;
				 *_t243 =  *_t243 + _t243;
				 *_t297 =  *_t297 + _t216;
				if (0 == 1) goto 0xa8e926;
				 *_v344 =  *((intOrPtr*)( *((intOrPtr*)(_t340 + 0x190)) + 0x40)) + 0x1d;
				 *((long long*)(_v344 + 0x18)) = _v144;
				 *(_v344 + 0x1c) = _t221;
				_v56 = _v344 + 0x1d;
				E00007FF67FF600AA7840();
				_t217 = GetCurrentThreadId();
				_v96 = _v56;
				_v112 = _v344 + 0x18;
				_v104 = 0;
				goto 0xa8e51a;
				_v104 = _v104 + 1;
				if (_v104 -  *_v344 - 0x18 >= 0) goto 0xa8e57d;
				 *_v112 = _t217;
				_v112 =  &(_v112[1]);
				goto 0xa8e509;
				_v48 = _v344 + 0x18;
				E00007FF67FF600A8D780(_t222, _v48, _v344 + 4);
				_v112 = _v344 + 0x18;
				_v104 = 0;
				goto 0xa8e5e6;
				_v104 = _v104 + 1;
				if (_v104 -  *_v344 - 0x18 >= 0) goto 0xa8e66f;
				asm("cdq");
				_t219 = _v104;
				 *(_t340 + 0x13d) = _t219;
				 *_v112 = _t219;
				_v112 =  &(_v112[1]);
				goto 0xa8e5d5;
				_v352 =  *((intOrPtr*)(_t340 + 0x190)) + 0x18;
				_v360 =  &_v96;
				 *((long long*)(_t340 + 0x28)) = 0x14;
				 *((long long*)(_t340 + 0x20)) = _t340 + 0xf8;
				_t288 = _v344;
				r9d =  *_t288;
				asm("lock add [eax], al");
				dil = dil + dil;
				asm("adc eax, 0x78d46");
				if (_t288 != 0) goto 0xa8e6d3;
				_v40 = 1;
				goto 0xa8e6de;
				_v40 = 0;
				 *(_t340 + 0x13c) = _t219;
				_t220 = GetLastError();
				if ((_v40 & 0x000000ff) == 0x3e5) goto 0xa8e707;
				 *((long long*)(_t340 + 0x174)) = 1;
				goto 0xa8e712;
				 *((long long*)(_t340 + 0x174)) = 0;
				 *(_t340 + 0x134) = _t220;
				if (( *(_t340 + 0x13c) & 0x000000ff) == 0) goto 0xa8e73e;
				if (( *(_t340 + 0x134) & 0x000000ff) == 0) goto 0xa8e73e;
				goto 0xa8e926;
				r9d = 0xffffffff;
				r8d = 0;
				asm("pop es");
				 *((intOrPtr*)(_t339 - 0x16fa8b40)) =  *((intOrPtr*)(_t339 - 0x16fa8b40)) + _t220;
				return _t220;
				 *__rax =  *__rax + __rax;
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + __cl;
				 *__rax =  *__rax + __rax;
				 *((intOrPtr*)(__rax - 0x7d)) =  *((intOrPtr*)(__rax - 0x7d)) + __cl;
				asm("rcr byte [eax], 0x45");
				__rcx = 0;
				__r8 =  &_v96;
				__rdx = __rax;
				__rcx =  *((intOrPtr*)(__rsp + 0xf0));
				__eax = GetOverlappedResult(??, ??, ??, ??);
				if (__rax == 0) goto 0xa8e90f;
				__rdx = 0x10000;
				dil = dil + dil;
				asm("adc eax, 0x78a95");
				_v88 = __rax;
				__rdx = 0x10000;
				dil = dil + dil;
				asm("adc eax, 0x78a7d");
				_v80 = __rax;
				if (_v88 == 0) goto 0xa8e7e7;
				r8w = 0x8000;
				__rdx = _v88;
				__rcx =  *((intOrPtr*)(__rsp + 0xf8));
				__eax = E00007FF67FF600A7D120(__ecx, _v88);
				r8d =  *((intOrPtr*)(__rsp + 0xf8));
				__rdx = 0;
				__rcx = 0x410;
				asm("pop es");
				 *((intOrPtr*)(__rax - 0x77)) =  *((intOrPtr*)(__rax - 0x77)) + __cl;
				 *__rax =  *__rax + __rax;
				 *((intOrPtr*)(__rax - 0x7d)) =  *((intOrPtr*)(__rax - 0x7d)) + __cl;
				__rsp = 0x15024;
				__rcx =  *0x5674000000015174;
				__eax = E00007FF67FF600A731A0( *0x5674000000015174);
				if (__rax == 0) goto 0xa8e831;
				 *0x5674000000015128 =  *0x5674000000015128 | 0x00000004;
				 *0x5674000000015128 =  *0x5674000000015128 | 0x00000004;
				if ( *((long long*)(0x567400000001516c)) == 0) goto 0xa8e857;
				r8d = 0x8000;
				__rdx =  *((intOrPtr*)(0x567400000001516c));
				__rcx =  *((intOrPtr*)(0x5674000000015174));
				__eax = E00007FF67FF600A7D1E0(__ecx, __edx,  *((intOrPtr*)(0x5674000000015174)),  *((intOrPtr*)(0x567400000001516c)), __r8);
				__rcx =  *((intOrPtr*)(0x5674000000015174));
				__eax = CloseHandle(??);
				__rax =  *((intOrPtr*)(0x567400000001516c));
				 *0x5674000000015054 =  *((intOrPtr*)(0x567400000001516c));
				__rax =  *0x5674000000015164;
				 *0x567400000001504C =  *0x5674000000015164;
				__rax =  *0x5674000000015128;
				 *0x5674000000015044 =  *0x5674000000015128;
				r9d =  *0x5674000000015124;
				r8d =  *0x5674000000015120;
				__rdx =  *((intOrPtr*)(0x567400000001511c));
				__rax =  *0x56740000000151B4;
				__rcx =  *((intOrPtr*)( *0x56740000000151B4 + 0x10));
				__rax =  *((intOrPtr*)(0x56740000000151b4));
				__eax =  *((intOrPtr*)(__rax + 8))();
				if (__rax == 0) goto 0xa8e8c6;
				 *0x567400000001519C = 1;
				goto 0xa8e8ce;
				 *0x567400000001519C = 0;
				__rax =  *0x567400000001519C & 0x000000ff;
				 *0x5674000000015134 = __al;
				if ( *((long long*)(0x5674000000015164)) == 0) goto 0xa8e8f6;
				__rcx =  *((intOrPtr*)(0x5674000000015164));
				__eax = LocalFree(??);
				if ( *((long long*)(0x567400000001516c)) == 0) goto 0xa8e90f;
				__rcx =  *((intOrPtr*)(0x567400000001516c));
				__eax = LocalFree(??);
				__rax =  *((intOrPtr*)(0x56740000000151b4));
				__rcx =  *((intOrPtr*)( *((intOrPtr*)(0x56740000000151b4)) + 0x30));
				__eax = ResetEvent(??);
				goto 0xa8e460;
				__rcx =  *((intOrPtr*)(0x5674000000015114));
				__eax = CancelIo(??);
				__rax =  *((intOrPtr*)(0x56740000000151b4));
				__rcx =  *((intOrPtr*)( *((intOrPtr*)(0x56740000000151b4)) + 0x30));
				__eax = CloseHandle(??);
				__rcx =  *((intOrPtr*)(0x5674000000015114));
				__eax = CloseHandle(??);
				__rcx =  *((intOrPtr*)(0x5674000000015064));
				__eax = LocalFree(??);
				__rax =  *((intOrPtr*)(0x56740000000151b4));
				__rcx =  *((intOrPtr*)(__rax + 0x38));
				__eax = CloseHandle(??);
				 *0x567400000001506C = 0;
				__rcx = 0xb350e0;
				EnterCriticalSection(??);
				 *((long long*)(0x15024 + 0x158)) = 0;
				goto 0xa8e9a6;
				 *0x567400000001517C =  *0x567400000001517C + 1;
				 *0x567400000001517C =  *0x567400000001517C + 1;
				__rax =  *0xb35120; // 0x0
				if ( *0x567400000001517C - __rax >= 0) goto 0xa8ea27;
				__rax =  *0x567400000001517C;
				__rcx =  *0xb35118; // 0x0
				__rdx =  *((intOrPtr*)(0x56740000000151b4));
				if ( *((intOrPtr*)(__rcx +  *0x567400000001517C * 8)) !=  *((intOrPtr*)(0x56740000000151b4))) goto 0xa8ea22;
				__rax =  *0xb35120; // 0x0
				__rax = __rax - 1;
				__rcx =  *0x567400000001517C;
				__rdx =  *0xb35118; // 0x0
				__r8 =  *0xb35118; // 0x0
				 *(__rdx +  *0x567400000001517C * 8) = __rax;
				__rax =  *0xb35120; // 0x0
				__rax = __rax - 1;
				__rcx =  *0xb35118; // 0x0
				 *((long long*)(__rcx + __rax * 8)) = 0;
				__rax =  *0xb35120; // 0x0
				 *0xb35120 = __rax;
				goto 0xa8e995;
				if ( *0xb35120 != 0) goto 0xa8ea3c;
				__rax =  *0xb35110; // 0x0
				 *0x567400000001506C = __rax;
				__rcx = 0xb350e0;
				LeaveCriticalSection(??);
				__rax =  *((intOrPtr*)(0x56740000000151b4));
				__rcx =  *((intOrPtr*)( *((intOrPtr*)(0x56740000000151b4))));
				__eax = LocalFree(??);
				__rcx =  *((intOrPtr*)(0x56740000000151b4));
				__eax = LocalFree(??);
				if ( *0x567400000001506C == 0) goto 0xa8ea7b;
				__rcx =  *0x567400000001506C;
				__eax = SetEvent(??);
				__rax = 0;
				return __eax;
			}






















































                                                0x7ff600a8e320
                                                0x7ff600a8e347
                                                0x7ff600a8e348
                                                0x7ff600a8e354
                                                0x7ff600a8e35a
                                                0x7ff600a8e361
                                                0x7ff600a8e368
                                                0x7ff600a8e36f
                                                0x7ff600a8e376
                                                0x7ff600a8e37d
                                                0x7ff600a8e385
                                                0x7ff600a8e392
                                                0x7ff600a8e397
                                                0x7ff600a8e3a0
                                                0x7ff600a8e3a8
                                                0x7ff600a8e3b0
                                                0x7ff600a8e3b3
                                                0x7ff600a8e3c3
                                                0x7ff600a8e3c9
                                                0x7ff600a8e3da
                                                0x7ff600a8e3e0
                                                0x7ff600a8e3f0
                                                0x7ff600a8e3fd
                                                0x7ff600a8e401
                                                0x7ff600a8e409
                                                0x7ff600a8e40c
                                                0x7ff600a8e411
                                                0x7ff600a8e414
                                                0x7ff600a8e420
                                                0x7ff600a8e422
                                                0x7ff600a8e423
                                                0x7ff600a8e426
                                                0x7ff600a8e429
                                                0x7ff600a8e42b
                                                0x7ff600a8e42e
                                                0x7ff600a8e435
                                                0x7ff600a8e437
                                                0x7ff600a8e43a
                                                0x7ff600a8e441
                                                0x7ff600a8e443
                                                0x7ff600a8e449
                                                0x7ff600a8e44b
                                                0x7ff600a8e455
                                                0x7ff600a8e457
                                                0x7ff600a8e45c
                                                0x7ff600a8e45e
                                                0x7ff600a8e465
                                                0x7ff600a8e47f
                                                0x7ff600a8e48d
                                                0x7ff600a8e49d
                                                0x7ff600a8e4c0
                                                0x7ff600a8e4d9
                                                0x7ff600a8e4de
                                                0x7ff600a8e4e4
                                                0x7ff600a8e4f4
                                                0x7ff600a8e4fc
                                                0x7ff600a8e507
                                                0x7ff600a8e513
                                                0x7ff600a8e52c
                                                0x7ff600a8e565
                                                0x7ff600a8e573
                                                0x7ff600a8e57b
                                                0x7ff600a8e59a
                                                0x7ff600a8e5b2
                                                0x7ff600a8e5c0
                                                0x7ff600a8e5c8
                                                0x7ff600a8e5d3
                                                0x7ff600a8e5df
                                                0x7ff600a8e5f8
                                                0x7ff600a8e601
                                                0x7ff600a8e60b
                                                0x7ff600a8e617
                                                0x7ff600a8e654
                                                0x7ff600a8e662
                                                0x7ff600a8e66a
                                                0x7ff600a8e67b
                                                0x7ff600a8e688
                                                0x7ff600a8e68d
                                                0x7ff600a8e69d
                                                0x7ff600a8e6a2
                                                0x7ff600a8e6a7
                                                0x7ff600a8e6b8
                                                0x7ff600a8e6bb
                                                0x7ff600a8e6bd
                                                0x7ff600a8e6c4
                                                0x7ff600a8e6c6
                                                0x7ff600a8e6d1
                                                0x7ff600a8e6d3
                                                0x7ff600a8e6e6
                                                0x7ff600a8e6ed
                                                0x7ff600a8e6f8
                                                0x7ff600a8e6fa
                                                0x7ff600a8e705
                                                0x7ff600a8e707
                                                0x7ff600a8e71a
                                                0x7ff600a8e72b
                                                0x7ff600a8e737
                                                0x7ff600a8e739
                                                0x7ff600a8e73e
                                                0x7ff600a8e744
                                                0x7ff600a8e758
                                                0x7ff600a8e759
                                                0x7ff600a8e75f
                                                0x7ff600a8e760
                                                0x7ff600a8e762
                                                0x7ff600a8e768
                                                0x7ff600a8e76a
                                                0x7ff600a8e76d
                                                0x7ff600a8e770
                                                0x7ff600a8e772
                                                0x7ff600a8e77a
                                                0x7ff600a8e77d
                                                0x7ff600a8e785
                                                0x7ff600a8e78d
                                                0x7ff600a8e793
                                                0x7ff600a8e79c
                                                0x7ff600a8e79e
                                                0x7ff600a8e7a3
                                                0x7ff600a8e7ab
                                                0x7ff600a8e7b4
                                                0x7ff600a8e7b6
                                                0x7ff600a8e7bb
                                                0x7ff600a8e7cc
                                                0x7ff600a8e7ce
                                                0x7ff600a8e7d3
                                                0x7ff600a8e7db
                                                0x7ff600a8e7e2
                                                0x7ff600a8e7e7
                                                0x7ff600a8e7ef
                                                0x7ff600a8e7f1
                                                0x7ff600a8e7fa
                                                0x7ff600a8e7fb
                                                0x7ff600a8e801
                                                0x7ff600a8e803
                                                0x7ff600a8e806
                                                0x7ff600a8e80f
                                                0x7ff600a8e817
                                                0x7ff600a8e81e
                                                0x7ff600a8e827
                                                0x7ff600a8e82a
                                                0x7ff600a8e83a
                                                0x7ff600a8e83c
                                                0x7ff600a8e842
                                                0x7ff600a8e84a
                                                0x7ff600a8e852
                                                0x7ff600a8e857
                                                0x7ff600a8e85f
                                                0x7ff600a8e865
                                                0x7ff600a8e86d
                                                0x7ff600a8e872
                                                0x7ff600a8e87a
                                                0x7ff600a8e87f
                                                0x7ff600a8e886
                                                0x7ff600a8e88a
                                                0x7ff600a8e892
                                                0x7ff600a8e89a
                                                0x7ff600a8e8a1
                                                0x7ff600a8e8a9
                                                0x7ff600a8e8ad
                                                0x7ff600a8e8b5
                                                0x7ff600a8e8ba
                                                0x7ff600a8e8bc
                                                0x7ff600a8e8c4
                                                0x7ff600a8e8c6
                                                0x7ff600a8e8ce
                                                0x7ff600a8e8d6
                                                0x7ff600a8e8e6
                                                0x7ff600a8e8e8
                                                0x7ff600a8e8f0
                                                0x7ff600a8e8ff
                                                0x7ff600a8e901
                                                0x7ff600a8e909
                                                0x7ff600a8e90f
                                                0x7ff600a8e917
                                                0x7ff600a8e91b
                                                0x7ff600a8e921
                                                0x7ff600a8e926
                                                0x7ff600a8e92e
                                                0x7ff600a8e934
                                                0x7ff600a8e93c
                                                0x7ff600a8e940
                                                0x7ff600a8e946
                                                0x7ff600a8e94e
                                                0x7ff600a8e954
                                                0x7ff600a8e959
                                                0x7ff600a8e95f
                                                0x7ff600a8e967
                                                0x7ff600a8e96b
                                                0x7ff600a8e971
                                                0x7ff600a8e97a
                                                0x7ff600a8e981
                                                0x7ff600a8e988
                                                0x7ff600a8e993
                                                0x7ff600a8e99c
                                                0x7ff600a8e99f
                                                0x7ff600a8e9a6
                                                0x7ff600a8e9b3
                                                0x7ff600a8e9b5
                                                0x7ff600a8e9bc
                                                0x7ff600a8e9c3
                                                0x7ff600a8e9cf
                                                0x7ff600a8e9d1
                                                0x7ff600a8e9d7
                                                0x7ff600a8e9dc
                                                0x7ff600a8e9e3
                                                0x7ff600a8e9ea
                                                0x7ff600a8e9f5
                                                0x7ff600a8e9f9
                                                0x7ff600a8e9ff
                                                0x7ff600a8ea04
                                                0x7ff600a8ea0b
                                                0x7ff600a8ea13
                                                0x7ff600a8ea1c
                                                0x7ff600a8ea22
                                                0x7ff600a8ea2e
                                                0x7ff600a8ea30
                                                0x7ff600a8ea37
                                                0x7ff600a8ea3c
                                                0x7ff600a8ea43
                                                0x7ff600a8ea49
                                                0x7ff600a8ea51
                                                0x7ff600a8ea54
                                                0x7ff600a8ea5a
                                                0x7ff600a8ea62
                                                0x7ff600a8ea6e
                                                0x7ff600a8ea70
                                                0x7ff600a8ea75
                                                0x7ff600a8ea7b
                                                0x7ff600a8ea84

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$Free$CloseHandle$AllocEvent$CreateCriticalSection$CancelControlCurrentDeviceEnterErrorFileLastLeaveMultipleObjectsOpenOverlappedProcessResetResultThreadWait
                                                • String ID: .$\$\$\
                                                • API String ID: 49079501-3136547729
                                                • Opcode ID: d70a304d6c2a965d83c567b5d0b7522c1c6d92f0091c9bf1e2ce3ee489590558
                                                • Instruction ID: 11684697f164809419148dbe047674bb05e4330f94abebfd425bc1e0dbea660d
                                                • Opcode Fuzzy Hash: d70a304d6c2a965d83c567b5d0b7522c1c6d92f0091c9bf1e2ce3ee489590558
                                                • Instruction Fuzzy Hash: 78120936A1CAC1D6E771CB19E4543AAB7A0FB89B44F600135DA8E87BA9DF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8DB40 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 234registryserviceCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 21%
                                                			E00007FF67FF600A8DB40(void* __ecx, void* __eflags, intOrPtr* __rax, long long __rcx, void* __r8, void* __r9, long long _a8) {
				long long _v16;
				long long _v20;
				signed char _v24;
				signed long long _v28;
				long long _v32;
				long long _v40;
				short _v46;
				signed short _v48;
				long long _v56;
				char _v60;
				signed long long _v64;
				char _v72;
				char _v200;
				short _v726;
				char _v728;
				char _v792;
				char _v808;
				long long _v836;
				void* _v840;
				signed long long _v848;
				signed int _v856;
				signed long long _v864;
				signed char _v872;
				char _v880;
				char _v904;
				long long _v920;
				long long _v928;
				long long _v936;
				long long _v944;
				long long _v952;
				void* _t101;
				signed char _t102;
				void* _t105;
				int _t107;
				void* _t119;
				void* _t120;
				void* _t123;
				void* _t124;
				void* _t125;
				short _t127;
				signed int _t129;
				long _t138;
				void* _t139;
				void* _t140;
				void* _t141;
				void* _t142;
				signed long long _t162;
				long long _t165;
				long long _t166;
				long long _t167;
				intOrPtr* _t168;
				long long _t173;
				signed long long _t175;
				signed long long _t177;
				intOrPtr* _t195;
				intOrPtr* _t197;

				_t247 = __r9;
				_t179 = __rcx;
				_t141 = __ecx;
				_a8 = __rcx;
				_v856 = 0;
				_v872 = 0;
				_t101 = E00007FF67FF600A7A260(__rax);
				_v904 = 0x19;
				_v880 = 1;
				_v952 = 0;
				r9d = 0;
				asm("loopne 0x5");
				 *__rax =  *__rax + _t101;
				_t102 = E00007FF67FF600A8D7E0(_t142, __rax, _t179,  &_v904, __r9);
				if (__rax == 0) goto 0xa8db9e;
				_v24 = 1;
				goto 0xa8dba9;
				_v24 = 0;
				_t162 = _v24 & 0x000000ff;
				_v872 = _t102;
				r8d = 0xf003f;
				OpenSCManagerW(??, ??, ??);
				_v864 = _t162;
				if (_v864 != 0) goto 0xa8dbe4;
				r8d = 0;
				OpenSCManagerW(??, ??, ??);
				_v864 = _t162;
				if (_v864 == 0) goto 0xa8e045;
				r8d = 0xf01ff;
				_t105 = OpenServiceW(??, ??, ??);
				_v848 = _t162;
				if (_v848 == 0) goto 0xa8dc90;
				 *_t162 = _t105;
				 *_t162 =  *_t162 + _t105;
				ControlService(??, ??, ??);
				_t107 = QueryServiceStatus(??, ??);
				if (_t162 == 0) goto 0xa8dc68;
				if (_v836 != 1) goto 0xa8dc68;
				_v20 = 1;
				goto 0xa8dc73;
				_v20 = 0;
				_v856 = _t107;
				CloseServiceHandle(??);
				CloseServiceHandle(??);
				if ((_v856 & 0x000000ff) != 0) goto 0xa8e045;
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09b00,  &_v792);
				E00007FF67FF600A7C8C0(_v856 & 0x000000ff,  &_v728);
				_t165 =  &_v72;
				_v952 = _t165;
				r9d = 0xf003f;
				r8d = 0;
				RegOpenKeyExW(??, ??, ??, ??, ??);
				if (_t165 != 0) goto 0xa8e045;
				_t166 =  &_v808;
				_v952 = _t166;
				r9d = 0x20019;
				r8d = 0;
				RegOpenKeyExW(??, ??, ??, ??, ??);
				if (_t166 == 0) goto 0xa8dff5;
				_v920 = 0;
				_t167 =  &_v808;
				_v928 = _t167;
				_v936 = 0;
				_v944 = 0xf003f;
				_v952 = 0;
				r9d = 0;
				r8d = 0;
				RegCreateKeyExW(??, ??, ??, ??, ??, ??, ??, ??, ??);
				if (_t167 != 0) goto 0xa8dff3;
				_v60 = 1;
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09ad0,  &_v792);
				E00007FF67FF600A7C8C0(_t167,  &_v200);
				_v944 = 4;
				_t168 =  &_v60;
				_v952 = _t168;
				r9d = 4;
				r8d = 0;
				RegSetValueExW(??, ??, ??, ??, ??, ??);
				if (_t168 != 0) goto 0xa8dfb6;
				_v728 = 0x5c;
				_v726 = 0;
				r8d = 0x40;
				E00007FF67FF600A7C440("\'02<&!\',\t846=<;0U",  &_v792);
				_t195 = _t168;
				_t119 = E00007FF67FF600A7C8C0(_t195,  &_v200);
				 *_t195 =  *_t195 + _t119;
				 *_t168 =  *_t168 + _t119;
				_t120 = E00007FF67FF600ACF3AC(_t168, _t195, 0x105,  &_v200);
				 *_t195 =  *_t195 + _t120;
				 *_t168 =  *_t168 + _t120;
				E00007FF67FF600ACF3AC(_t168, _t195, 0x105, "\\");
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09b00,  &_v792);
				_t197 = _t168;
				_t123 = E00007FF67FF600A7C8C0(_t197,  &_v200);
				 *_t197 =  *_t197 + _t123;
				 *_t168 =  *_t168 + _t123;
				_t124 = E00007FF67FF600ACF3AC(_t168, _t197, 0x105,  &_v200);
				 *_t197 =  *_t197 + _t124;
				 *_t168 =  *_t168 + _t124;
				_t125 = E00007FF67FF600ACF3AC(_t168, _t197, 0x105, "\\");
				 *_t197 =  *_t197 + _t125;
				 *_t168 =  *_t168 + _t125;
				E00007FF67FF600ACF3AC(_t168, _t197, 0x105, _a8);
				_v40 =  &_v728;
				_t127 = E00007FF67FF600ACF020(_t140,  &_v728,  &_v728, _t247);
				_v48 = _t127;
				_t173 = (_v48 & 0x0000ffff) + 2;
				_v46 = _t127;
				E00007FF67FF600A7C6A0(_t141, _t142, _t173, 0xb09aa8);
				_v56 = _t173;
				if (_v56 == 0) goto 0xa8dfb6;
				_t129 = _v56();
				_v32 = _t173;
				if (_v32 < 0) goto 0xa8df72;
				_v16 = 1;
				goto 0xa8df7d;
				_v16 = 0;
				_v856 = _t129;
				_t175 = _v856 & 0x000000ff;
				if (_t175 == 0) goto 0xa8dfa2;
				SetLastError(??);
				goto 0xa8dfb6;
				E00007FF67FF600A89750(_t141, _t175);
				SetLastError(??);
				GetLastError();
				_v64 = _t175;
				RegCloseKey(??);
				E00007FF67FF600A89690(_v72, _a8);
				SetLastError(??);
				goto 0xa8e01d;
				GetLastError();
				_v64 = _t175;
				RegCloseKey(??);
				SetLastError(??);
				GetLastError();
				_v64 = _t175;
				RegCloseKey(??);
				SetLastError(??);
				if ((_v856 & 0x000000ff) != 0) goto 0xa8e09b;
				_t177 = _v872 & 0x000000ff;
				if (_t177 == 0) goto 0xa8e09b;
				_t138 = GetLastError();
				_v28 = _t177;
				_v880 = 0;
				_v952 = 0;
				r9d = 0;
				asm("loopne 0x5");
				 *_t177 =  *_t177 + _t138;
				_t139 = E00007FF67FF600A8D7E0(_t142, _t177, _v64,  &_v904, _t247);
				SetLastError(??);
				return _t139;
			}



























































                                                0x7ff600a8db40
                                                0x7ff600a8db40
                                                0x7ff600a8db40
                                                0x7ff600a8db40
                                                0x7ff600a8db4c
                                                0x7ff600a8db54
                                                0x7ff600a8db59
                                                0x7ff600a8db5e
                                                0x7ff600a8db66
                                                0x7ff600a8db6b
                                                0x7ff600a8db73
                                                0x7ff600a8db84
                                                0x7ff600a8db86
                                                0x7ff600a8db88
                                                0x7ff600a8db8f
                                                0x7ff600a8db91
                                                0x7ff600a8db9c
                                                0x7ff600a8db9e
                                                0x7ff600a8dba9
                                                0x7ff600a8dbb1
                                                0x7ff600a8dbb5
                                                0x7ff600a8dbbf
                                                0x7ff600a8dbc5
                                                0x7ff600a8dbd0
                                                0x7ff600a8dbd2
                                                0x7ff600a8dbd9
                                                0x7ff600a8dbdf
                                                0x7ff600a8dbea
                                                0x7ff600a8dbf0
                                                0x7ff600a8dc03
                                                0x7ff600a8dc09
                                                0x7ff600a8dc1a
                                                0x7ff600a8dc2d
                                                0x7ff600a8dc2f
                                                0x7ff600a8dc31
                                                0x7ff600a8dc47
                                                0x7ff600a8dc4f
                                                0x7ff600a8dc59
                                                0x7ff600a8dc5b
                                                0x7ff600a8dc66
                                                0x7ff600a8dc68
                                                0x7ff600a8dc7b
                                                0x7ff600a8dc8a
                                                0x7ff600a8dc95
                                                0x7ff600a8dca5
                                                0x7ff600a8dcab
                                                0x7ff600a8dcc0
                                                0x7ff600a8dcd0
                                                0x7ff600a8dcd5
                                                0x7ff600a8dcdd
                                                0x7ff600a8dce2
                                                0x7ff600a8dce8
                                                0x7ff600a8dcfa
                                                0x7ff600a8dd02
                                                0x7ff600a8dd08
                                                0x7ff600a8dd10
                                                0x7ff600a8dd15
                                                0x7ff600a8dd1b
                                                0x7ff600a8dd2d
                                                0x7ff600a8dd35
                                                0x7ff600a8dd3b
                                                0x7ff600a8dd44
                                                0x7ff600a8dd4c
                                                0x7ff600a8dd51
                                                0x7ff600a8dd5a
                                                0x7ff600a8dd62
                                                0x7ff600a8dd6a
                                                0x7ff600a8dd6d
                                                0x7ff600a8dd80
                                                0x7ff600a8dd88
                                                0x7ff600a8dd8e
                                                0x7ff600a8dd99
                                                0x7ff600a8ddae
                                                0x7ff600a8ddbe
                                                0x7ff600a8ddc3
                                                0x7ff600a8ddcb
                                                0x7ff600a8ddd3
                                                0x7ff600a8ddd8
                                                0x7ff600a8ddde
                                                0x7ff600a8ddf1
                                                0x7ff600a8ddf9
                                                0x7ff600a8ddff
                                                0x7ff600a8de09
                                                0x7ff600a8de13
                                                0x7ff600a8de28
                                                0x7ff600a8de35
                                                0x7ff600a8de38
                                                0x7ff600a8de4e
                                                0x7ff600a8de50
                                                0x7ff600a8de52
                                                0x7ff600a8de67
                                                0x7ff600a8de69
                                                0x7ff600a8de6b
                                                0x7ff600a8de70
                                                0x7ff600a8de85
                                                0x7ff600a8de92
                                                0x7ff600a8de95
                                                0x7ff600a8deab
                                                0x7ff600a8dead
                                                0x7ff600a8deaf
                                                0x7ff600a8dec4
                                                0x7ff600a8dec6
                                                0x7ff600a8dec8
                                                0x7ff600a8dede
                                                0x7ff600a8dee0
                                                0x7ff600a8dee2
                                                0x7ff600a8deef
                                                0x7ff600a8deff
                                                0x7ff600a8df09
                                                0x7ff600a8df19
                                                0x7ff600a8df1c
                                                0x7ff600a8df2d
                                                0x7ff600a8df32
                                                0x7ff600a8df43
                                                0x7ff600a8df4d
                                                0x7ff600a8df54
                                                0x7ff600a8df63
                                                0x7ff600a8df65
                                                0x7ff600a8df70
                                                0x7ff600a8df72
                                                0x7ff600a8df85
                                                0x7ff600a8df8c
                                                0x7ff600a8df96
                                                0x7ff600a8df9a
                                                0x7ff600a8dfa0
                                                0x7ff600a8dfa9
                                                0x7ff600a8dfb0
                                                0x7ff600a8dfb6
                                                0x7ff600a8dfbc
                                                0x7ff600a8dfcb
                                                0x7ff600a8dfe1
                                                0x7ff600a8dfed
                                                0x7ff600a8dff3
                                                0x7ff600a8dff5
                                                0x7ff600a8dffb
                                                0x7ff600a8e00a
                                                0x7ff600a8e017
                                                0x7ff600a8e01d
                                                0x7ff600a8e023
                                                0x7ff600a8e032
                                                0x7ff600a8e03f
                                                0x7ff600a8e04f
                                                0x7ff600a8e051
                                                0x7ff600a8e058
                                                0x7ff600a8e05a
                                                0x7ff600a8e060
                                                0x7ff600a8e067
                                                0x7ff600a8e06c
                                                0x7ff600a8e074
                                                0x7ff600a8e085
                                                0x7ff600a8e087
                                                0x7ff600a8e089
                                                0x7ff600a8e095
                                                0x7ff600a8e0aa

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CloseOpenService$CreateHandleManager$AllocControlCurrentFileLocalQueryStatusThreadValue
                                                • String ID: '02<&!',846=<;0U$?$\
                                                • API String ID: 1558769067-128437696
                                                • Opcode ID: 250f99346cb3a167203aa5c8155da0e64a07889cf6e38f7d30468b4019aeb8aa
                                                • Instruction ID: aa54ef10b54288e7e06627f7e1bc2e5f20f24f64ebd83288c7e88a5cd910d8ad
                                                • Opcode Fuzzy Hash: 250f99346cb3a167203aa5c8155da0e64a07889cf6e38f7d30468b4019aeb8aa
                                                • Instruction Fuzzy Hash: 54D14C32A1C6C1A6E7719B20E4543EAB764FB85744F604036D6CE86B9EDFBDD648CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A77AF0 Relevance: 46.7, APIs: 31, Instructions: 238synchronizationthreadnativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseCriticalHandleObjectSectionSingleTerminateThreadWait$ConnectEnterFreeLeaveLocalPortReleaseSemaphore
                                                • String ID:
                                                • API String ID: 669645938-0
                                                • Opcode ID: 63a9484c54ad9cc4185ab0345f608910558a490f9513732ecb869514dd8b8946
                                                • Instruction ID: 7ef02dd8159b3345a68eb92031f3fcfbe24480f2de71d952600cecd9457b4ae0
                                                • Opcode Fuzzy Hash: 63a9484c54ad9cc4185ab0345f608910558a490f9513732ecb869514dd8b8946
                                                • Instruction Fuzzy Hash: D9E1AC36A0CA8596E760DB15E99436EB760FBC5B44F604032DA8E837ADDF7DE449CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8F42F Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 234registrymemorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$Value$AllocFree$CloseCreateCriticalEventQuerySection$ErrorLastThread$DeleteEnterFileHandleInitializeLeaveModuleNameResetResume
                                                • String ID: DLL %03d
                                                • API String ID: 2617247980-4281766797
                                                • Opcode ID: a9e98ccd89dd11fb185dde0b7e15dfb6171fc2b3ac1eb8d615207238677f1731
                                                • Instruction ID: bb4bbcc8911a5f87fd5f132bdce808572f847e91de4f7dde616e7b3a83209ce7
                                                • Opcode Fuzzy Hash: a9e98ccd89dd11fb185dde0b7e15dfb6171fc2b3ac1eb8d615207238677f1731
                                                • Instruction Fuzzy Hash: 00D12D32A1CAC2A6E770CB15E45476AB3A0FB89784F604035DA8E97B6DDF7DE544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A85400 Relevance: 38.9, APIs: 20, Strings: 2, Instructions: 439fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CreateCurrentErrorLastMappingProcessView
                                                • String ID: %s$%x$2
                                                • API String ID: 1805850106-1294985516
                                                • Opcode ID: c2bfe31063ec7dd87fecac851384265b19e1e08bf11919df17084e0efa1ff8b0
                                                • Instruction ID: 3efebe7d77c4a1c4943395c9d6a0b4c796c6c7126c953b37ff162a23b96a11b2
                                                • Opcode Fuzzy Hash: c2bfe31063ec7dd87fecac851384265b19e1e08bf11919df17084e0efa1ff8b0
                                                • Instruction Fuzzy Hash: 0242F936A0DBC195EB708B15E4983AAB7A0FBC5740F604136DA8E87BA9DF7DD544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7C9A0 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 351memoryCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 22%
                                                			E00007FF67FF600A7C9A0(short __ecx, long long __rdx, void* __r8, signed int _a8, void* _a16, signed int _a24, signed char _a32) {
				long long _v24;
				long long _v32;
				void* _v48;
				long long _v56;
				signed long long _v64;
				signed int _v72;
				signed int* _v80;
				signed int _v88;
				void* _v616;
				long long _v620;
				short _v624;
				char _v632;
				long long _v640;
				signed int _v648;
				long long _v656;
				signed int _v664;
				signed char _v668;
				signed int _v672;
				signed int* _v680;
				signed int* _v688;
				signed int* _v696;
				signed long long _v704;
				signed int* _v708;
				long long _v712;
				long long _v728;
				signed char _t205;
				signed char _t207;
				int _t211;
				int _t212;
				signed char _t216;
				void* _t223;
				void* _t225;
				void* _t226;
				signed char _t227;
				signed char _t228;
				void* _t232;
				short _t233;
				void* _t234;
				long long _t272;
				signed long long _t275;
				signed int* _t276;
				signed long long _t301;
				long long _t304;
				long long _t310;
				signed int _t311;
				signed int _t312;
				signed long long _t327;
				signed int* _t329;
				signed int* _t332;
				void* _t344;
				signed int _t345;
				intOrPtr* _t426;
				void* _t428;

				_t233 = __ecx;
				_a32 = r9b;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = _t345;
				_v708 = 0;
				GetLastError();
				_v712 = _t272;
				 *_a16 = 0x3f;
				 *((short*)(_a16 + 2)) = 0;
				if (_a8 == 0) goto 0xa7ceb7;
				_t275 =  *0xb34fa8 & 0x000000ff;
				if (_t275 != 0) goto 0xa7ca1c;
				_t205 = E00007FF67FF600A7C5E0(__ecx, _t234, _t275, 0xb09580, 0, __r8);
				 *0xb34fa0 = _t275;
				 *0xb34fa8 = 1;
				if ( *0xb34fa0 == 0) goto 0xa7caa3;
				r8d = _a8;
				 *_t275 =  *_t275 | _t205;
				_v704 = _t275;
				if (_v704 != 0) goto 0xa7ca62;
				r8d = _a8;
				 *_t275 =  *_t275 | _t205;
				_v704 = _t275;
				if (_v704 == 0) goto 0xa7ca9e;
				_t276 = _a24;
				_v696 = _t276;
				 *0xb34fa0();
				_v708 = _t276;
				_t207 = CloseHandle(??);
				goto 0xa7ceb7;
				r8d = _a8;
				 *_t276 =  *_t276 | _t207;
				_v688 = _t276;
				if (_v688 == 0) goto 0xa7ceb7;
				E00007FF67FF600A71400(_t276, _v688);
				_v680 = _t276;
				if (_v680 == 0) goto 0xa7ceac;
				_v668 = 0;
				_v672 = 0;
				_v728 =  &_v632;
				r9d = 8;
				ReadProcessMemory(??, ??, ??, ??, ??);
				if ( &(_v680[8]) == 0) goto 0xa7ccbc;
				if (_v632 != 8) goto 0xa7ccbc;
				if (_v656 == 0) goto 0xa7ccbc;
				_v728 =  &_v632;
				r9d = 4;
				ReadProcessMemory(??, ??, ??, ??, ??);
				if (_v656 + 8 == 0) goto 0xa7ccbc;
				if (_v632 != 4) goto 0xa7ccbc;
				_v728 =  &_v632;
				r9d = 0x10;
				_t211 = ReadProcessMemory(??, ??, ??, ??, ??);
				if (_v656 + 0x60 == 0) goto 0xa7ccbc;
				if (_v632 != 0x10) goto 0xa7ccbc;
				if ((_v648 & 0x0000ffff) == 0) goto 0xa7ccbc;
				if (_v640 == 0) goto 0xa7ccbc;
				if ((_v648 & 0x0000ffff) - _a24 + _a24 < 0) goto 0xa7cc2e;
				_v640 = _v640 + (_v648 & 0x0000ffff) - _a24 + _a24 - 2;
				_v648 = _t211;
				if ((_v664 & 0x00000001) != 0) goto 0xa7cc4e;
				_v640 = _v640 + _v656;
				_v728 =  &_v632;
				_t212 = ReadProcessMemory(??, ??, ??, ??, ??);
				if ((_v648 & 0x0000ffff) == 0) goto 0xa7cc9b;
				if (_v632 != (_v648 & 0x0000ffff)) goto 0xa7cc9b;
				_v32 = 1;
				goto 0xa7cca6;
				_v32 = 0;
				_v668 = _t212;
				_v672 = _t212;
				if ((_v668 & 0x000000ff) == 0) goto 0xa7ceac;
				asm("cdq");
				_t301 = (_v672 & 0x0000ffff) - _v640 >> 1;
				 *((short*)(_a16 + _t301 * 2)) = 0;
				_v624 = _t301;
				_t304 = _a16;
				 *((short*)(_t304 + 8)) = 0;
				E00007FF67FF600ACE450(_t304, L"\\??\\");
				_v620 = _t304;
				 *((short*)(_a16 + 8)) = _t233;
				if (_v620 != 0) goto 0xa7cd6c;
				E00007FF67FF600AA7840();
				goto 0xa7cea4;
				_v624 = (_v672 & 0x0000ffff) - 6;
				_t310 = _a16;
				 *((short*)(_t310 + 0x18)) = 0;
				_t216 = E00007FF67FF600ACE450(_t310, L"\\SystemRoot\\");
				_v620 = _t310;
				_t311 = _a16;
				 *((short*)(_t311 + 0x18)) = _t233;
				if (_v620 != 0) goto 0xa7cea4;
				_t312 = _t311;
				 *_t312 =  *_t312 + _t216;
				dil = dil + dil;
				asm("adc eax, 0x8a5ca");
				_v88 = _t312;
				 *((intOrPtr*)(_t428 + 0x3bf60844)) =  *((intOrPtr*)(_t428 + 0x3bf60844)) + _t233;
				 *0x00000032 =  *((intOrPtr*)(0x32)) + sil;
				_v672 = (_t216 & 0x000000a0) +  *(_v672 & 0x0000ffff);
				asm("cdq");
				 *((short*)(_a16 + ((_v672 & 0x0000ffff) >> 1) * 2)) = 0;
				_v24 = _a16 + _v88 * 2;
				E00007FF67FF600AA7840();
				E00007FF67FF600AA7840();
				_v708 = 1;
				CloseHandle(??);
				if (_v708 != 0) goto 0xa7d0d3;
				_t327 = _a32 & 0x000000ff;
				if (_t327 == 0) goto 0xa7d0d3;
				_t223 = E00007FF67FF600A7C6A0(_t233, _t234, _t327, 0xb09560);
				_v64 = _t327;
				_v72 = 0;
				r8d = 0;
				 *((intOrPtr*)(_t327 - 0x39)) =  *((intOrPtr*)(_t327 - 0x39)) + _t233;
				_t225 = _t223 +  *_t327 +  *_t327;
				 *_t327 =  *_t327 + _t225;
				 *_t327 =  *_t327 + _t225;
				 *((intOrPtr*)(_t344 + 0x2b024bc)) =  *((intOrPtr*)(_t344 + 0x2b024bc)) + _t225;
				 *_t327 =  *_t327 + _t225;
				 *_t426 =  *_t426 + _t233;
				_t226 = _t225 +  *_t327;
				 *_t327 =  *_t327 + _t226;
				 *0x5 =  *0x5 + _t226;
				 *((intOrPtr*)(_t344 + 0x2b02484)) =  *((intOrPtr*)(_t344 + 0x2b02484)) + _t233;
				 *_t327 =  *_t327 + _t226;
				_v72 = _t327 << 1;
				_t227 = LocalFree(??);
				_t329 = _v72;
				 *_t329 =  *_t329 | _t227;
				_v80 = _t329;
				r9d = 0;
				r8d = _v72;
				_t228 = _t227 +  *_t329;
				 *0xB82494FF02C02489 =  *((intOrPtr*)(0xb82494ff02c02489)) + _t233;
				 *_t329 =  *_t329 + _t228;
				if (_v56 == 0) goto 0xa7cfa9;
				if (_v72 != 0x400000) goto 0xa7cf31;
				goto 0xa7cffe;
				_v72 = _v72 << 1;
				_t332 = _v72;
				 *_t332 =  *_t332 | _t228;
				_v80 = _t332;
				r9d = 0;
				r8d = _v72;
				 *((intOrPtr*)(0xb82494ff02c02489)) =  *((intOrPtr*)(0xb82494ff02c02489)) + _t233;
				 *_t332 =  *_t332 + _t228 +  *_t332;
				if (_v56 != 0) goto 0xa7d0c3;
				_v48 = _v80;
				if (0 == 1) goto 0xa7d0c3;
				if ( *((intOrPtr*)(_v48 + 0x50)) != _a8) goto 0xa7d08f;
				if ( *((long long*)(_v48 + 0x40)) == 0) goto 0xa7d06f;
				E00007FF67FF600ACF944(_a24, _a16, _a24,  *((intOrPtr*)(_v48 + 0x40)));
				goto 0xa7d08d;
				E00007FF67FF600ACF944(_a24, _a16, _a24, L"[System Process]");
				goto 0xa7d0c3;
				if ( *_v48 != 0) goto 0xa7d09e;
				goto 0xa7d0c3;
				_v48 = _v48 +  *_v48;
				goto 0xa7d01c;
				_t232 = LocalFree(??);
				goto 0xa7d0d3;
				SetLastError(??);
				return _t232;
			}
























































                                                0x7ff600a7c9a0
                                                0x7ff600a7c9a0
                                                0x7ff600a7c9a5
                                                0x7ff600a7c9aa
                                                0x7ff600a7c9af
                                                0x7ff600a7c9ba
                                                0x7ff600a7c9c2
                                                0x7ff600a7c9c8
                                                0x7ff600a7c9d4
                                                0x7ff600a7c9e1
                                                0x7ff600a7c9ef
                                                0x7ff600a7c9f5
                                                0x7ff600a7c9fe
                                                0x7ff600a7ca09
                                                0x7ff600a7ca0e
                                                0x7ff600a7ca15
                                                0x7ff600a7ca24
                                                0x7ff600a7ca26
                                                0x7ff600a7ca39
                                                0x7ff600a7ca3b
                                                0x7ff600a7ca46
                                                0x7ff600a7ca48
                                                0x7ff600a7ca5b
                                                0x7ff600a7ca5d
                                                0x7ff600a7ca68
                                                0x7ff600a7ca6a
                                                0x7ff600a7ca71
                                                0x7ff600a7ca89
                                                0x7ff600a7ca8f
                                                0x7ff600a7ca98
                                                0x7ff600a7ca9e
                                                0x7ff600a7caa3
                                                0x7ff600a7cab6
                                                0x7ff600a7cab8
                                                0x7ff600a7cac3
                                                0x7ff600a7cace
                                                0x7ff600a7cad3
                                                0x7ff600a7cade
                                                0x7ff600a7cae4
                                                0x7ff600a7cae9
                                                0x7ff600a7cb01
                                                0x7ff600a7cb06
                                                0x7ff600a7cb19
                                                0x7ff600a7cb21
                                                0x7ff600a7cb30
                                                0x7ff600a7cb3c
                                                0x7ff600a7cb53
                                                0x7ff600a7cb58
                                                0x7ff600a7cb6b
                                                0x7ff600a7cb73
                                                0x7ff600a7cb82
                                                0x7ff600a7cb99
                                                0x7ff600a7cb9e
                                                0x7ff600a7cbb1
                                                0x7ff600a7cbb9
                                                0x7ff600a7cbc8
                                                0x7ff600a7cbd5
                                                0x7ff600a7cbe1
                                                0x7ff600a7cbf7
                                                0x7ff600a7cc19
                                                0x7ff600a7cc29
                                                0x7ff600a7cc37
                                                0x7ff600a7cc49
                                                0x7ff600a7cc5b
                                                0x7ff600a7cc75
                                                0x7ff600a7cc7d
                                                0x7ff600a7cc8c
                                                0x7ff600a7cc8e
                                                0x7ff600a7cc99
                                                0x7ff600a7cc9b
                                                0x7ff600a7ccae
                                                0x7ff600a7ccb7
                                                0x7ff600a7ccc3
                                                0x7ff600a7ccce
                                                0x7ff600a7ccd1
                                                0x7ff600a7ccdd
                                                0x7ff600a7ccef
                                                0x7ff600a7ccf7
                                                0x7ff600a7ccff
                                                0x7ff600a7cd14
                                                0x7ff600a7cd19
                                                0x7ff600a7cd30
                                                0x7ff600a7cd3c
                                                0x7ff600a7cd62
                                                0x7ff600a7cd67
                                                0x7ff600a7cd78
                                                0x7ff600a7cd80
                                                0x7ff600a7cd88
                                                0x7ff600a7cd9d
                                                0x7ff600a7cda2
                                                0x7ff600a7cda9
                                                0x7ff600a7cdb9
                                                0x7ff600a7cdc5
                                                0x7ff600a7cdd4
                                                0x7ff600a7cdd5
                                                0x7ff600a7cdd7
                                                0x7ff600a7cdd9
                                                0x7ff600a7cdde
                                                0x7ff600a7cdf9
                                                0x7ff600a7ce04
                                                0x7ff600a7ce1a
                                                0x7ff600a7ce24
                                                0x7ff600a7ce33
                                                0x7ff600a7ce63
                                                0x7ff600a7ce7c
                                                0x7ff600a7ce9f
                                                0x7ff600a7cea4
                                                0x7ff600a7ceb1
                                                0x7ff600a7cebc
                                                0x7ff600a7cec2
                                                0x7ff600a7cecc
                                                0x7ff600a7cedb
                                                0x7ff600a7cee0
                                                0x7ff600a7cee8
                                                0x7ff600a7cefb
                                                0x7ff600a7cf0b
                                                0x7ff600a7cf11
                                                0x7ff600a7cf13
                                                0x7ff600a7cf15
                                                0x7ff600a7cf17
                                                0x7ff600a7cf1d
                                                0x7ff600a7cf1f
                                                0x7ff600a7cf2a
                                                0x7ff600a7cf2c
                                                0x7ff600a7cf2e
                                                0x7ff600a7cf30
                                                0x7ff600a7cf36
                                                0x7ff600a7cf3a
                                                0x7ff600a7cf49
                                                0x7ff600a7cf4f
                                                0x7ff600a7cf62
                                                0x7ff600a7cf64
                                                0x7ff600a7cf6c
                                                0x7ff600a7cf6f
                                                0x7ff600a7cf88
                                                0x7ff600a7cf8a
                                                0x7ff600a7cf90
                                                0x7ff600a7cf9a
                                                0x7ff600a7cfa7
                                                0x7ff600a7cfa9
                                                0x7ff600a7cfb4
                                                0x7ff600a7cfbb
                                                0x7ff600a7cfce
                                                0x7ff600a7cfd0
                                                0x7ff600a7cfd8
                                                0x7ff600a7cfdb
                                                0x7ff600a7cff6
                                                0x7ff600a7cffc
                                                0x7ff600a7d006
                                                0x7ff600a7d014
                                                0x7ff600a7d021
                                                0x7ff600a7d039
                                                0x7ff600a7d048
                                                0x7ff600a7d068
                                                0x7ff600a7d06d
                                                0x7ff600a7d088
                                                0x7ff600a7d08d
                                                0x7ff600a7d09a
                                                0x7ff600a7d09c
                                                0x7ff600a7d0b6
                                                0x7ff600a7d0be
                                                0x7ff600a7d0cb
                                                0x7ff600a7d0d1
                                                0x7ff600a7d0d7
                                                0x7ff600a7d0e8

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Process$LocalMemoryRead$Open$AllocCloseErrorFreeHandleLast$DirectoryWindows
                                                • String ID: [System Process]$\??\$\SystemRoot\
                                                • API String ID: 535225777-911814108
                                                • Opcode ID: 2365fcc391477b7850bbe72249125d69923615a212cd1a8562e68af676f5d331
                                                • Instruction ID: 13bd4caa426eb53b42b53b26d83a2f3e11e66a9e3f78aeaf3a95a97f3f925d2c
                                                • Opcode Fuzzy Hash: 2365fcc391477b7850bbe72249125d69923615a212cd1a8562e68af676f5d331
                                                • Instruction Fuzzy Hash: 0C120B32A0D6C196E7708B15E8543AAB7A4FB85B94F104139EACD83BADDF7CD485CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AAA224 Relevance: 19.7, Strings: 15, Instructions: 913COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 82%
                                                			E00007FF67FF600AAA224(long long __rbx, signed int* __rcx, intOrPtr* __rdx) {
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* __r14;
				signed char _t440;
				void* _t448;
				signed char _t450;
				signed char _t467;
				signed char _t487;
				void* _t490;
				signed char _t491;
				void* _t497;
				signed char _t509;
				signed char _t514;
				void* _t523;
				signed char _t524;
				signed int _t526;
				signed int _t527;
				void* _t538;
				signed int _t550;
				void* _t555;
				void* _t560;
				void* _t564;
				void* _t593;
				void* _t630;
				signed int _t646;
				intOrPtr _t647;
				signed long long _t648;
				signed int* _t653;
				signed long long _t661;
				signed long long _t667;
				signed long long _t681;
				intOrPtr _t683;
				signed long long _t684;
				signed int* _t687;
				signed long long _t688;
				long long _t692;
				long long _t693;
				unsigned long long _t696;
				unsigned long long _t697;
				unsigned long long _t699;
				signed long long _t701;
				signed long long _t702;
				signed long long _t712;
				signed long long _t719;
				signed long long _t721;
				signed long long _t724;
				signed long long _t725;
				intOrPtr* _t728;
				unsigned long long _t730;
				signed long long _t753;
				signed long long _t776;
				long long _t779;
				signed long long _t782;
				long long _t783;
				signed long long _t785;
				signed long long _t814;
				signed long long _t818;
				signed long long _t824;
				unsigned long long _t826;
				signed long long _t831;
				void* _t972;
				void* _t989;
				signed long long _t990;
				void* _t992;
				long long* _t993;
				void* _t995;
				void* _t996;
				void* _t998;
				void* _t999;
				void* _t1027;
				void* _t1028;
				void* _t1029;
				void* _t1031;
				void* _t1033;
				void* _t1035;
				intOrPtr* _t1036;

				 *((long long*)(_t998 + 8)) = __rbx;
				_t996 = _t998 - 0x20;
				_t999 = _t998 - 0x120;
				_t647 =  *0xb35868; // 0x0
				_t648 = _t647 -  *0xb35870;
				_t1036 = __rdx;
				 *(_t999 + 0x40) =  *(_t999 + 0x40) & 0x00000000;
				_t993 = __rcx;
				 *(_t996 - 0x68) = _t648;
				 *(_t999 + 0x48) = 0;
				E00007FF67FF600AB0A40(__rcx, _t1027, _t1028);
				_t990 = _t648;
				if ( *__rdx == 0) goto 0xaaa283;
				if (( *(__rdx + 8) & 0x00000200) == 0) goto 0xaaa283;
				 *(_t996 + 0x78) = 1;
				goto 0xaaa286;
				 *(_t996 + 0x78) =  *(_t996 + 0x78) & 0;
				if (_t990 != 0xffff) goto 0xaaa29d;
				__rcx[2] = __rcx[2] & 0;
				 *__rcx =  *__rcx & 0;
				__rcx[2] = 2;
				goto 0xaab0ab;
				if (_t990 != 0xfffe) goto 0xaaa2ca;
				 *(_t999 + 0x58) =  *(_t999 + 0x58) & 0;
				_t1001 = __rdx;
				 *(_t999 + 0x50) = 0xb117b0;
				E00007FF67FF600AA9D8C(_t999 + 0x50, __rcx, __rdx);
				goto 0xaab0ab;
				_t555 = _t990 - 0xfffd;
				if (_t555 != 0) goto 0xaaa2de;
				 *_t993 = 0xb117b0;
				goto 0xaab0a8;
				r14d = _t550;
				 *0xb117b0 =  *0xb117b0 +  *((intOrPtr*)(_t1036 + 8));
				r14d = r14d & 0x00008000;
				if (_t555 == 0) goto 0xaaab75;
				r12d = _t550;
				r12d = r12d & 0x00001800;
				_t527 = _t526 & 0xffffff00 | r12d == 0x00000800;
				r13d = 0x1000;
				 *((long long*)(_t996 + 0x70)) = 0;
				 *((long long*)(_t996 + 0x68)) = 0;
				r13d =  ==  ? _t538 : r13d;
				r13d = r13d & _t550;
				 *(_t996 - 0x6c) = r13d;
				if (r12d == 0x800) goto 0xaaa358;
				_t30 = (_t990 & 0x00001b00) - 0x1000; // -4096
				_t652 = _t30;
				if ((_t30 & 0xfffffcff) != 0) goto 0xaaa358;
				_t560 = (_t990 & 0x00001b00) - 0x1300;
				if (_t560 != 0) goto 0xaaab6f;
				asm("bt edi, 0xe");
				if (_t560 >= 0) goto 0xaaa3cf;
				if ((_t527 & 0x00000001) == 0) goto 0xaaa3bc;
				E00007FF67FF600AAB93C(_t527, _t550, _t527 & 0x00000001, _t652, 0, _t999 + 0x30, _t993, _t1001, _t1035);
				 *(_t999 + 0x70) =  *(_t999 + 0x70) & 0x00000000;
				 *(_t999 + 0x78) =  *(_t999 + 0x78) & 0x00000000;
				E00007FF67FF600AAB164(0x20, _t652, _t652, _t999 + 0x70);
				E00007FF67FF600AA9D8C(_t999 + 0x70, _t999 + 0x50, _t652);
				_t653 =  *(_t999 + 0x50);
				 *(_t999 + 0x40) = _t653;
				goto 0xaaa3cb;
				E00007FF67FF600AAB93C(_t527, _t550, _t527 & 0x00000001, _t653,  *(_t999 + 0x58), _t999 + 0x70, _t993, _t652, _t1033);
				if (_t653[2] - 1 <= 0) goto 0xaaa3cf;
				 *(_t999 + 0x48) = _t653[2] & 0x000000ff;
				if (r13d == 0) goto 0xaaa55b;
				_t564 = r12d - 0x1800;
				if (_t564 != 0) goto 0xaaa55b;
				r8b = 0x7b;
				E00007FF67FF600AA9DB8(_t1036, _t999 + 0x50);
				E00007FF67FF600AACF2C(0x20, _t653, _t999 + 0x30, _t990, _t993, _t1027, _t1028, _t1033);
				E00007FF67FF600AA9D8C(_t653, _t999 + 0x70, _t999 + 0x30);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t653, _t999 + 0x30);
				 *_t653 =  *_t653 | E00007FF67FF600AB0FFC(_t999 + 0x30);
				if (_t564 != 0) goto 0xaaa4a7;
				 *(_t999 + 0x70) =  *(_t999 + 0x70) & 0x00000000;
				 *(_t999 + 0x78) =  *(_t999 + 0x78) & 0x00000000;
				 *(_t999 + 0x50) = "}\' ";
				r13d = 3;
				 *(_t999 + 0x58) = r13d;
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x50], xmm0");
				E00007FF67FF600AAB164(0x2c, "}\' ", 0x1000, _t999 + 0x70);
				_t63 = _t996 - 0x50; // -77
				E00007FF67FF600AA9D8C(_t999 + 0x70, _t63, _t999 + 0x30);
				_t66 = _t996 - 0x40; // -61
				_t67 = _t996 - 0x50; // -77
				E00007FF67FF600AA9D60(_t67, _t66, _t999 + 0x50);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, "}\' ", _t999 + 0x50);
				 *(_t999 + 0x58) = 2;
				 *(_t999 + 0x50) = "}\'";
				asm("movaps xmm0, [esp+0x50]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9E54(0x2c, _t550, "}\'", 0x1000, _t999 + 0x40, _t999 + 0x30, _t993);
				_t440 = E00007FF67FF600AAC120(0x1000, _t999 + 0x30, _t990, _t993, _t1031, _t1029);
				_t814 =  *0xb35878; // 0x0
				if ((_t440 & 0x00000001) == 0) goto 0xaaa553;
				_t661 =  !(_t814 >> 4);
				if ((_t440 & 0x00000001) == 0) goto 0xaaa553;
				if ((0x00001000 & _t814) != 0) goto 0xaaa553;
				 *(_t999 + 0x70) =  *(_t999 + 0x70) & 0x00000000;
				 *(_t999 + 0x78) =  *(_t999 + 0x78) & 0x00000000;
				E00007FF67FF600AAB164(0x20, _t661, 0x1000, _t999 + 0x70);
				E00007FF67FF600AA9D8C(_t999 + 0x70, _t999 + 0x50, _t999 + 0x30);
				r8b = 0x20;
				_t88 = _t996 - 0x50; // -77
				E00007FF67FF600AA9DB8(_t999 + 0x50, _t88);
				_t818 = _t661;
				_t91 = _t996 - 0x40; // -61
				E00007FF67FF600AA9D8C(_t818, _t91, _t999 + 0x40);
				goto 0xaaadd5;
				_t773 =  *((intOrPtr*)(_t996 + 0x68));
				goto 0xaaade4;
				 *(_t996 - 0x40) = _t818;
				 *(_t996 - 0x38) = _t818;
				 *(_t996 - 0x50) = _t818;
				 *(_t996 - 0x48) = _t818;
				 *(_t996 - 0x60) = _t818;
				 *(_t996 - 0x58) = _t818;
				 *(_t999 + 0x70) = _t818;
				 *(_t999 + 0x78) = _t818;
				 *(_t996 - 0x30) = _t818;
				 *(_t996 - 0x28) = _t818;
				if (r13d == 0) goto 0xaaa61d;
				if (r12d != 0x800) goto 0xaaa5fd;
				if ((_t990 & 0x00000700) != 0x600) goto 0xaaa5da;
				E00007FF67FF600AACF2C(1,  *((intOrPtr*)(_t996 + 0x68)), _t999 + 0x50, _t990, _t993, _t1027, _t1028, _t1033);
				 *(_t996 - 0x40) =  *(_t999 + 0x50);
				 *(_t996 - 0x38) =  *(_t999 + 0x58);
				E00007FF67FF600AACF2C(1,  *((intOrPtr*)(_t996 + 0x68)), _t999 + 0x50, _t990, _t993, _t1027, _t1028, _t1033);
				 *(_t996 - 0x50) =  *(_t999 + 0x50);
				_t667 =  *(_t999 + 0x58);
				 *(_t996 - 0x48) = _t667;
				goto 0xaaa5e1;
				if (_t667 != 0x500) goto 0xaaa5fd;
				E00007FF67FF600AACF2C(1,  *((intOrPtr*)(_t996 + 0x68)), _t999 + 0x50, _t990, _t993, _t1027, _t1028, _t1033);
				 *(_t996 - 0x60) =  *(_t999 + 0x50);
				 *(_t996 - 0x58) =  *(_t999 + 0x58);
				_t448 = E00007FF67FF600AACF2C(1,  *((intOrPtr*)(_t996 + 0x68)), _t999 + 0x50, _t990, _t993, _t1027, _t1028, _t1033);
				 *(_t999 + 0x70) =  *(_t999 + 0x50);
				 *(_t999 + 0x78) =  *(_t999 + 0x58);
				if (r12d != 0x800) goto 0xaaa6ab;
				if ((_t990 & 0x00000700) == 0x200) goto 0xaaa6ab;
				r8d = 0;
				 *(_t999 + 0x50) = 0;
				 *(_t999 + 0x58) = 0;
				 *((long long*)(_t999 + 0x20)) = 1;
				if (_t448 == 0x60) goto 0xaaa682;
				 *(_t996 - 0x80) = 0;
				 *(_t996 - 0x78) = 0;
				_t130 = _t996 - 0x80; // 0xf80
				_t824 = _t999 + 0x30;
				E00007FF67FF600AAC260(_t550,  *((intOrPtr*)(_t996 + 0x68)), _t824, _t130, _t990, _t993, _t999 + 0x50);
				 *(_t996 - 0x30) =  *(_t999 + 0x30);
				goto 0xaaa6a8;
				 *(_t999 + 0x30) = _t824;
				 *(_t999 + 0x38) = _t824;
				_t139 = _t996 - 0x80; // 0xf80
				_t450 = E00007FF67FF600AAC260(_t550,  *((intOrPtr*)(_t996 + 0x68)), _t139, _t999 + 0x50, _t990, _t993, _t999 + 0x30);
				if ( *(_t996 - 0x78) - 1 <= 0) goto 0xaaa6ab;
				 *(_t996 - 0x28) =  *(_t996 - 0x78) & 0x000000ff;
				_t826 =  *0xb35878; // 0x0
				r13d = 3;
				_t681 =  !(_t826 >> 1);
				if ((_t450 & 0x00000001) == 0) goto 0xaaa776;
				if ((_t527 & 0x00000001) == 0) goto 0xaaa74d;
				E00007FF67FF600AAC120(_t773, _t999 + 0x30, _t990, _t993, _t989, _t992);
				E00007FF67FF600AA9D8C(_t681, _t999 + 0x50, _t999 + 0x40);
				_t831 =  *_t681;
				 *(_t999 + 0x40) = _t831;
				 *(_t999 + 0x48) =  *((intOrPtr*)(_t681 + 8));
				_t683 =  *_t1036;
				if (_t683 == 0) goto 0xaaa78a;
				if (_t831 == 0) goto 0xaaa77d;
				if (( *0xb35878 & 0x00001000) != 0) goto 0xaaa77d;
				 *(_t996 - 0x80) = 0;
				_t156 = _t996 - 0x80; // -125
				 *(_t996 - 0x78) = 0;
				E00007FF67FF600AAB164(0x20, _t683, 0, _t156);
				_t159 = _t996 - 0x80; // -125
				E00007FF67FF600AA9D8C(_t159, _t999 + 0x30, _t1036);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t999 + 0x30, _t1036);
				goto 0xaaa78a;
				E00007FF67FF600AAC120(0, _t999 + 0x40, _t990, _t993);
				if ( *(_t999 + 0x48) == r13b) goto 0xaaa6fa;
				if ( *(_t683 + 8) - 1 <= 0) goto 0xaaa6fa;
				_t684 =  *(_t683 + 8) & 0x000000ff;
				_t776 = 0 | _t684;
				 *(_t999 + 0x48) = _t776;
				goto 0xaaa6fa;
				goto 0xaaa74d;
				 *(_t999 + 0x40) = _t684;
				 *(_t999 + 0x48) = _t684;
				 *(_t996 - 0x80) = _t776;
				 *(_t996 - 0x70) = _t776;
				if ( *(_t996 + 0x78) == _t776) goto 0xaaa8a8;
				_t174 = _t996 - 0x10; // -13
				E00007FF67FF600AAF3C8(_t550, _t174, _t990);
				 *(_t999 + 0x50) =  *(_t999 + 0x50) & _t776;
				 *(_t999 + 0x58) =  *(_t999 + 0x58) & r15d;
				E00007FF67FF600AAB164(0x20, _t684, _t684, _t999 + 0x50);
				E00007FF67FF600AA9D8C(_t999 + 0x50, _t999 + 0x30, _t684);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t999 + 0x30, _t684);
				if (( *0xb35878 & 0x00001000) != 0) goto 0xaab09c;
				if ( *(_t996 - 0x6c) == 0) goto 0xaaa9bb;
				if (r12d != 0x800) goto 0xaaa950;
				if ((_t990 & 0x00000700) != 0x600) goto 0xaaa8ea;
				 *(_t999 + 0x38) = 0xc;
				_t687 = "`vtordispex{";
				 *(_t999 + 0x30) = _t687;
				asm("movaps xmm0, [esp+0x30]");
				_t190 = _t996 - 0x10; // -13
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810(_t687, _t190, _t999 + 0x30);
				_t191 = _t996 - 0x40; // -61
				E00007FF67FF600AA9D8C(_t687, _t999 + 0x30, _t191);
				r8b = 0x2c;
				E00007FF67FF600AA9DB8(_t999 + 0x30, _t999 + 0x50);
				_t195 = _t996 - 0x50; // -77
				E00007FF67FF600AA9D8C(_t687, _t996, _t195);
				r8b = 0x2c;
				_t196 = _t996 + 0x10; // 0x13
				E00007FF67FF600AA9DB8(_t687, _t196);
				_t197 = _t996 - 0x60; // -93
				_t198 = _t996 - 0x20; // -29
				_t467 = E00007FF67FF600AA9D8C(_t687, _t198, _t197);
				goto 0xaaa939;
				asm("scasd");
				 *_t687 =  *_t687 | _t467;
				E00007FF67FF600AADEE8(_t687, 0, _t687, 0x10, _t993, _t995);
				if (_t687 == 0) goto 0xaaa8c9;
				 *_t687 = 0;
				_t687[2] = 0;
				goto 0xaaa8cc;
				_t201 = _t996 - 0x10; // -13
				E00007FF67FF600AAF3C8(_t550, _t201, _t990);
				_t688 = _t687[2];
				 *(_t996 - 0x80) =  *_t687;
				 *(_t996 - 0x70) = _t688;
				goto 0xaaa7f4;
				if (_t688 != 0x500) goto 0xaaa950;
				 *(_t999 + 0x38) = 0xa;
				 *(_t999 + 0x30) = "`vtordisp{";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810("`vtordisp{", _t999 + 0x60, _t999 + 0x30);
				_t209 = _t996 - 0x60; // -93
				E00007FF67FF600AA9D8C("`vtordisp{", _t999 + 0x30, _t209);
				_t211 = _t996 - 0x20; // -29
				r8b = 0x2c;
				E00007FF67FF600AA9DB8(_t999 + 0x30, _t211);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, "`vtordisp{", _t209);
				goto 0xaaa97e;
				 *(_t999 + 0x38) = 0xa;
				 *(_t999 + 0x30) = "`adjustor{";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9E54(0x20, _t550, "`adjustor{", 0, _t999 + 0x40, _t999 + 0x30, _t993);
				 *(_t999 + 0x38) = r13d;
				 *(_t999 + 0x30) = "}\' ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9D60(_t999 + 0x70, _t999 + 0x60, _t999 + 0x30);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, "}\' ", _t999 + 0x30);
				if ( *0xb3588c != 1) goto 0xaaa9d6;
				_t692 =  *0xb35888; // 0x0
				_t693 =  ==  ?  *(_t996 - 0x68) : _t692;
				 *0xb35888 = _t693;
				E00007FF67FF600AAB434(0, _t999 + 0x60, "}\' ", _t993, _t999 + 0x30);
				 *(_t999 + 0x50) =  *(_t999 + 0x50) & 0x00000000;
				 *(_t999 + 0x58) =  *(_t999 + 0x58) & 0x00000000;
				_t779 = _t693;
				E00007FF67FF600AAB164(0x28, _t693, _t779, _t999 + 0x50);
				_t1016 = _t779;
				E00007FF67FF600AA9D8C(_t999 + 0x50, _t999 + 0x30, _t779);
				r8b = 0x29;
				_t233 = _t996 - 0x20; // -29
				E00007FF67FF600AA9DB8(_t999 + 0x30, _t233);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t693, _t779);
				if (r12d != 0x800) goto 0xaaaa4f;
				_t593 = (_t990 & 0x00000700) - 0x200;
				if (_t593 == 0) goto 0xaaaa4f;
				_t236 = _t996 - 0x30; // -45
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t236, _t779);
				_t696 =  *0xb35878; // 0x0
				_t697 = _t696 >> 0x13;
				if (_t593 == 0) goto 0xaaaa7c;
				E00007FF67FF600AAF1FC(_t524, _t527, _t550, 0x1, _t999 + 0x60, _t990, _t993);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t697, _t779);
				goto 0xaaaaa1;
				E00007FF67FF600AAF1FC(_t524, _t527, _t550, 0x1, _t999 + 0x40, _t990, _t993);
				if ( *(_t999 + 0x48) == r13b) goto 0xaaaaa1;
				if ( *(_t697 + 8) - _t524 <= 0) goto 0xaaaaa1;
				 *(_t999 + 0x48) =  *(_t999 + 0x48) & 0xffffff00 |  *(_t697 + 8) & 0x000000ff;
				E00007FF67FF600AADF8C(_t999 + 0x60);
				_t487 = E00007FF67FF600AA9ED4(_t527, _t999 + 0x40,  *(_t697 + 8) & 0x000000ff, _t779);
				_t699 =  *0xb35878; // 0x0
				_t701 =  !(_t699 >> 8);
				if ((_t524 & _t487) == 0) goto 0xaaaae0;
				E00007FF67FF600AB0A1C(_t999 + 0x60);
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, _t701, _t779);
				goto 0xaaab05;
				_t490 = E00007FF67FF600AB0A1C(_t999 + 0x40);
				if ( *(_t999 + 0x48) == r13b) goto 0xaaab05;
				if ( *(_t701 + 8) - _t524 <= 0) goto 0xaaab05;
				_t702 =  *(_t701 + 8) & 0x000000ff;
				 *(_t999 + 0x48) =  *(_t999 + 0x48) & 0xffffff00 | _t702;
				_t491 = E00007FF67FF600AAD078(_t490, _t999 + 0x60);
				if ( *(_t999 + 0x48) == r13b) goto 0xaaab2f;
				if ( *(_t702 + 8) - _t524 <= 0) goto 0xaaab2f;
				 *(_t999 + 0x48) =  *(_t999 + 0x48) & 0xffffff00 |  *(_t702 + 8) & 0x000000ff;
				if ((_t524 & _t491) == 0) goto 0xaaa553;
				if (0 == 0) goto 0xaaa553;
				 *((long long*)(0)) =  *(_t999 + 0x40);
				 *0x00000008 = _t491;
				 *(_t999 + 0x40) =  *(_t996 - 0x80);
				goto 0xaaade0;
				r13d = 0x6000;
				E00007FF67FF600AA9ED4(_t527, _t999 + 0x40, 0, _t1016);
				r9d = 0x7c00;
				if (r14d != 0) goto 0xaaac20;
				_t272 = _t990 - 0x6800; // -26624
				if ((_t272 & 0xfffff7ff) != 0) goto 0xaaabb5;
				E00007FF67FF600AB12D4(0x28, _t550,  *((intOrPtr*)(_t996 + 0x68)), _t993, _t999 + 0x40, _t990, _t993, _t1016, _t1027, _t1028, _t1029);
				goto 0xaab0ab;
				if ((_t527 & r9d) != r13d) goto 0xaaac20;
				_t712 = "}\'";
				 *(_t999 + 0x38) = 2;
				 *(_t999 + 0x30) = _t712;
				asm("movaps xmm0, [esp+0x30]");
				r8b = 0x7b;
				asm("movdqa [esp+0x50], xmm0");
				E00007FF67FF600AA9DB8(_t999 + 0x40, _t999 + 0x60);
				_t782 = _t712;
				E00007FF67FF600AACF2C(0x28, _t782, _t999 + 0x30, _t990, _t993, _t1027, _t1028, _t1033);
				_t282 = _t996 - 0x20; // 0x5fe0
				E00007FF67FF600AA9D8C(_t782, _t282, _t999 + 0x30);
				_t497 = E00007FF67FF600AA9D60(_t712, _t993, _t999 + 0x50);
				goto 0xaab0ab;
				if (_t497 != r9d) goto 0xaaac3e;
				E00007FF67FF600AB1258(_t527 & r9d, 0x28, _t550, _t497 - r9d, _t993, _t999 + 0x40, _t990, _t993, _t999 + 0x50, _t1027, _t1028, _t1029);
				goto 0xaab0ab;
				r12d = _t550;
				r12d = r12d & 0x00001800;
				r15d = 0x1200;
				 *((long long*)(_t996 + 0x70)) = 0;
				r13d = 0x1100;
				_t716 =  !=  ? 0 : _t782;
				_t717 =  ~( !=  ? 0 : _t782);
				asm("sbb edx, edx");
				if (r14d == 0) goto 0xaaad44;
				r8d = _t550;
				r8d = r8d & 0x00001b00;
				_t718 =  ~( ~( !=  ? 0 : _t782));
				asm("sbb eax, eax");
				if ((0 &  ~( ~( !=  ? 0 : _t782))) == 0) goto 0xaaacdd;
				 *(_t999 + 0x38) = 0x20;
				_t719 = "`local static destructor helper\'";
				 *(_t999 + 0x30) = _t719;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9E54(0x28, _t550, _t719, _t782, _t999 + 0x40, _t999 + 0x30, _t993);
				goto 0xaaad5d;
				asm("sbb eax, eax");
				if ((0 &  ~_t719) == 0) goto 0xaaad20;
				_t721 = "`template static data member constructor helper\'";
				 *(_t999 + 0x38) = 0x30;
				 *(_t999 + 0x30) = _t721;
				_t972 = _t999 + 0x30;
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9E54(0x28, _t550, _t721, _t782, _t999 + 0x40, _t972, _t993);
				goto 0xaaad8b;
				asm("sbb eax, eax");
				if ((0 &  ~_t721) == 0) goto 0xaaad44;
				 *(_t999 + 0x38) = 0x2f;
				goto 0xaaacff;
				if (r14d != 0) goto 0xaaad59;
				_t724 = _t990;
				if (_t724 == 0x7800) goto 0xaab09c;
				if (_t972 == 0) goto 0xaaadc6;
				_t725 =  ~_t724;
				asm("sbb eax, eax");
				if ((0 & _t725) != 0) goto 0xaaad8b;
				asm("sbb eax, eax");
				if ((0 &  ~_t725) == 0) goto 0xaaadc6;
				 *(_t999 + 0x50) =  *(_t999 + 0x50) & 0x00000000;
				 *(_t999 + 0x58) =  *(_t999 + 0x58) & 0x00000000;
				E00007FF67FF600AAB164(0x20,  ~_t725, _t782, _t999 + 0x50);
				E00007FF67FF600AA9D8C(_t999 + 0x50, _t999 + 0x30, _t999 + 0x40);
				 *(_t999 + 0x40) =  *(_t999 + 0x30);
				_t728 =  *(_t999 + 0x38);
				goto 0xaaade0;
				_t509 = E00007FF67FF600AAD610(_t550, _t728, _t782, _t999 + 0x60, _t999 + 0x40, _t993, _t999 + 0x40);
				 *(_t999 + 0x40) =  *_t728;
				 *(_t999 + 0x48) =  *((intOrPtr*)(_t728 + 8));
				r13d = 0xb;
				_t783 =  !=  ?  *((intOrPtr*)(_t996 + 0x70)) : _t782;
				 *((long long*)(_t996 + 0x68)) = _t783;
				r15d = _t1031 - 3;
				if (_t783 == 0) goto 0xaaafda;
				_t730 =  *0xb35878; // 0x0
				if ((_t509 & 0x00000001) == 0) goto 0xaaaf05;
				_t785 = _t990 & 0x00000700;
				_t733 =  !=  ? 0 :  !(_t730 >> 9);
				_t628 =  !=  ? 0 :  !(_t730 >> 9);
				if (( !=  ? 0 :  !(_t730 >> 9)) == 0) goto 0xaaae88;
				 *(_t999 + 0x38) = 7;
				 *(_t999 + 0x30) = "static ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810("static ", _t999 + 0x60, _t999 + 0x30);
				E00007FF67FF600AA9D8C("static ", _t999 + 0x30, _t999 + 0x40);
				 *(_t999 + 0x40) =  *(_t999 + 0x30);
				 *(_t999 + 0x48) =  *(_t999 + 0x38);
				if (r14d == 0) goto 0xaaae95;
				_t630 = _t785 - 0x100;
				if (_t630 == 0) goto 0xaaaeb0;
				asm("bt edi, 0xa");
				if (_t630 >= 0) goto 0xaaaeff;
				_t355 = _t785 - 0x400; // 0xe00
				if ((_t355 & 0xfffffcff) != 0) goto 0xaaaeff;
				if (_t785 == 0x700) goto 0xaaaeff;
				 *(_t999 + 0x38) = r15d;
				 *(_t999 + 0x30) = "virtual ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810("virtual ", _t999 + 0x60, _t999 + 0x30);
				_t514 = E00007FF67FF600AA9D8C("virtual ", _t999 + 0x30, _t999 + 0x40);
				 *(_t999 + 0x40) =  *(_t999 + 0x30);
				 *(_t999 + 0x48) =  *(_t999 + 0x38);
				if ((_t514 & 0x00000001) == 0) goto 0xaaafda;
				_t906 =  !=  ? 0 :  *((intOrPtr*)(_t996 + 0x70));
				_t636 =  !=  ? 0 :  *((intOrPtr*)(_t996 + 0x70));
				if (( !=  ? 0 :  *((intOrPtr*)(_t996 + 0x70))) == 0) goto 0xaaaf43;
				 *(_t999 + 0x38) = 9;
				goto 0xaaaf97;
				_t747 =  !=  ? 0 : 0;
				_t640 =  !=  ? 0 : 0;
				if (( !=  ? 0 : 0) == 0) goto 0xaaaf72;
				 *(_t999 + 0x38) = r13d;
				goto 0xaaaf97;
				_t750 =  !=  ? 0 : 0;
				_t644 =  !=  ? 0 : 0;
				if (( !=  ? 0 : 0) == 0) goto 0xaaafda;
				 *(_t999 + 0x38) = r15d;
				 *(_t999 + 0x30) = "public: ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810("public: ", _t999 + 0x60, _t999 + 0x30);
				E00007FF67FF600AA9D8C("public: ", _t999 + 0x30, _t999 + 0x40);
				 *(_t999 + 0x40) =  *(_t999 + 0x30);
				_t753 =  *(_t999 + 0x38);
				 *(_t999 + 0x48) = _t753;
				asm("sbb eax, eax");
				if ((_t990 & (_t753 & 0xfffff400) + 0x00001000) == 0) goto 0xaab047;
				_t646 =  *0xb35878 & 0x00001000;
				if (_t646 != 0) goto 0xaab047;
				 *(_t999 + 0x38) = r15d;
				 *(_t999 + 0x30) = "[thunk]:";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810("[thunk]:", _t999 + 0x60, _t999 + 0x30);
				E00007FF67FF600AA9D8C("[thunk]:", _t999 + 0x30, _t999 + 0x40);
				 *(_t999 + 0x40) =  *(_t999 + 0x30);
				 *(_t999 + 0x48) =  *(_t999 + 0x38);
				asm("bt edi, 0x10");
				if (_t646 >= 0) goto 0xaab09c;
				 *(_t999 + 0x38) = r13d;
				 *(_t999 + 0x30) = "extern \"C\" ";
				asm("movaps xmm0, [esp+0x30]");
				asm("movdqa [esp+0x30], xmm0");
				E00007FF67FF600AA9810("extern \"C\" ", _t999 + 0x60, _t999 + 0x30);
				_t523 = E00007FF67FF600AA9D8C("extern \"C\" ", _t999 + 0x30, _t999 + 0x40);
				 *(_t999 + 0x40) =  *(_t999 + 0x30);
				 *(_t999 + 0x48) =  *(_t999 + 0x38);
				 *_t993 =  *(_t999 + 0x40);
				 *((long long*)(_t993 + 8)) =  *(_t999 + 0x48);
				return _t523;
			}
















































































                                                0x7ff600aaa224
                                                0x7ff600aaa234
                                                0x7ff600aaa239
                                                0x7ff600aaa240
                                                0x7ff600aaa248
                                                0x7ff600aaa24e
                                                0x7ff600aaa251
                                                0x7ff600aaa257
                                                0x7ff600aaa25a
                                                0x7ff600aaa25d
                                                0x7ff600aaa261
                                                0x7ff600aaa266
                                                0x7ff600aaa26e
                                                0x7ff600aaa278
                                                0x7ff600aaa27a
                                                0x7ff600aaa281
                                                0x7ff600aaa283
                                                0x7ff600aaa28c
                                                0x7ff600aaa28e
                                                0x7ff600aaa291
                                                0x7ff600aaa294
                                                0x7ff600aaa298
                                                0x7ff600aaa2a3
                                                0x7ff600aaa2a5
                                                0x7ff600aaa2b0
                                                0x7ff600aaa2b3
                                                0x7ff600aaa2c0
                                                0x7ff600aaa2c5
                                                0x7ff600aaa2ca
                                                0x7ff600aaa2d0
                                                0x7ff600aaa2d2
                                                0x7ff600aaa2d9
                                                0x7ff600aaa2de
                                                0x7ff600aaa2ea
                                                0x7ff600aaa2ec
                                                0x7ff600aaa2f3
                                                0x7ff600aaa2fd
                                                0x7ff600aaa300
                                                0x7ff600aaa30e
                                                0x7ff600aaa314
                                                0x7ff600aaa31a
                                                0x7ff600aaa327
                                                0x7ff600aaa32a
                                                0x7ff600aaa32e
                                                0x7ff600aaa331
                                                0x7ff600aaa335
                                                0x7ff600aaa33f
                                                0x7ff600aaa33f
                                                0x7ff600aaa34a
                                                0x7ff600aaa34c
                                                0x7ff600aaa352
                                                0x7ff600aaa358
                                                0x7ff600aaa35c
                                                0x7ff600aaa379
                                                0x7ff600aaa37b
                                                0x7ff600aaa380
                                                0x7ff600aaa38b
                                                0x7ff600aaa395
                                                0x7ff600aaa3a7
                                                0x7ff600aaa3ac
                                                0x7ff600aaa3b5
                                                0x7ff600aaa3ba
                                                0x7ff600aaa3bc
                                                0x7ff600aaa3c5
                                                0x7ff600aaa3cb
                                                0x7ff600aaa3d4
                                                0x7ff600aaa3da
                                                0x7ff600aaa3e1
                                                0x7ff600aaa3e7
                                                0x7ff600aaa3f2
                                                0x7ff600aaa401
                                                0x7ff600aaa413
                                                0x7ff600aaa420
                                                0x7ff600aaa438
                                                0x7ff600aaa43a
                                                0x7ff600aaa43c
                                                0x7ff600aaa449
                                                0x7ff600aaa453
                                                0x7ff600aaa458
                                                0x7ff600aaa45e
                                                0x7ff600aaa465
                                                0x7ff600aaa46a
                                                0x7ff600aaa470
                                                0x7ff600aaa47a
                                                0x7ff600aaa483
                                                0x7ff600aaa48d
                                                0x7ff600aaa491
                                                0x7ff600aaa495
                                                0x7ff600aaa4a2
                                                0x7ff600aaa4ae
                                                0x7ff600aaa4b6
                                                0x7ff600aaa4c0
                                                0x7ff600aaa4ca
                                                0x7ff600aaa4d0
                                                0x7ff600aaa4da
                                                0x7ff600aaa4df
                                                0x7ff600aaa4ed
                                                0x7ff600aaa4f4
                                                0x7ff600aaa4f8
                                                0x7ff600aaa4fc
                                                0x7ff600aaa4fe
                                                0x7ff600aaa509
                                                0x7ff600aaa510
                                                0x7ff600aaa524
                                                0x7ff600aaa529
                                                0x7ff600aaa52c
                                                0x7ff600aaa535
                                                0x7ff600aaa53f
                                                0x7ff600aaa542
                                                0x7ff600aaa546
                                                0x7ff600aaa54e
                                                0x7ff600aaa553
                                                0x7ff600aaa556
                                                0x7ff600aaa55b
                                                0x7ff600aaa55f
                                                0x7ff600aaa562
                                                0x7ff600aaa566
                                                0x7ff600aaa569
                                                0x7ff600aaa56d
                                                0x7ff600aaa570
                                                0x7ff600aaa575
                                                0x7ff600aaa579
                                                0x7ff600aaa57d
                                                0x7ff600aaa583
                                                0x7ff600aaa590
                                                0x7ff600aaa59e
                                                0x7ff600aaa5a7
                                                0x7ff600aaa5b6
                                                0x7ff600aaa5c0
                                                0x7ff600aaa5c3
                                                0x7ff600aaa5cd
                                                0x7ff600aaa5d1
                                                0x7ff600aaa5d5
                                                0x7ff600aaa5d8
                                                0x7ff600aaa5df
                                                0x7ff600aaa5e8
                                                0x7ff600aaa5f2
                                                0x7ff600aaa5fa
                                                0x7ff600aaa604
                                                0x7ff600aaa610
                                                0x7ff600aaa619
                                                0x7ff600aaa624
                                                0x7ff600aaa636
                                                0x7ff600aaa63e
                                                0x7ff600aaa644
                                                0x7ff600aaa649
                                                0x7ff600aaa64d
                                                0x7ff600aaa657
                                                0x7ff600aaa659
                                                0x7ff600aaa662
                                                0x7ff600aaa665
                                                0x7ff600aaa669
                                                0x7ff600aaa66e
                                                0x7ff600aaa678
                                                0x7ff600aaa680
                                                0x7ff600aaa682
                                                0x7ff600aaa68c
                                                0x7ff600aaa695
                                                0x7ff600aaa699
                                                0x7ff600aaa6a2
                                                0x7ff600aaa6a8
                                                0x7ff600aaa6ab
                                                0x7ff600aaa6b1
                                                0x7ff600aaa6bb
                                                0x7ff600aaa6bf
                                                0x7ff600aaa6d2
                                                0x7ff600aaa6d4
                                                0x7ff600aaa6e6
                                                0x7ff600aaa6eb
                                                0x7ff600aaa6f1
                                                0x7ff600aaa6f6
                                                0x7ff600aaa6fa
                                                0x7ff600aaa702
                                                0x7ff600aaa70b
                                                0x7ff600aaa717
                                                0x7ff600aaa71b
                                                0x7ff600aaa71f
                                                0x7ff600aaa723
                                                0x7ff600aaa726
                                                0x7ff600aaa733
                                                0x7ff600aaa737
                                                0x7ff600aaa746
                                                0x7ff600aaa74b
                                                0x7ff600aaa74d
                                                0x7ff600aaa75c
                                                0x7ff600aaa762
                                                0x7ff600aaa764
                                                0x7ff600aaa76e
                                                0x7ff600aaa770
                                                0x7ff600aaa774
                                                0x7ff600aaa77b
                                                0x7ff600aaa77d
                                                0x7ff600aaa786
                                                0x7ff600aaa78d
                                                0x7ff600aaa791
                                                0x7ff600aaa797
                                                0x7ff600aaa79f
                                                0x7ff600aaa7a3
                                                0x7ff600aaa7a8
                                                0x7ff600aaa7b2
                                                0x7ff600aaa7bc
                                                0x7ff600aaa7ce
                                                0x7ff600aaa7dd
                                                0x7ff600aaa7ec
                                                0x7ff600aaa7f7
                                                0x7ff600aaa804
                                                0x7ff600aaa816
                                                0x7ff600aaa81c
                                                0x7ff600aaa824
                                                0x7ff600aaa82b
                                                0x7ff600aaa835
                                                0x7ff600aaa83a
                                                0x7ff600aaa83e
                                                0x7ff600aaa844
                                                0x7ff600aaa849
                                                0x7ff600aaa855
                                                0x7ff600aaa85a
                                                0x7ff600aaa867
                                                0x7ff600aaa86c
                                                0x7ff600aaa877
                                                0x7ff600aaa87c
                                                0x7ff600aaa87f
                                                0x7ff600aaa886
                                                0x7ff600aaa88b
                                                0x7ff600aaa892
                                                0x7ff600aaa896
                                                0x7ff600aaa8a3
                                                0x7ff600aaa8b1
                                                0x7ff600aaa8b2
                                                0x7ff600aaa8b4
                                                0x7ff600aaa8bf
                                                0x7ff600aaa8c1
                                                0x7ff600aaa8c4
                                                0x7ff600aaa8c7
                                                0x7ff600aaa8cf
                                                0x7ff600aaa8d3
                                                0x7ff600aaa8db
                                                0x7ff600aaa8de
                                                0x7ff600aaa8e2
                                                0x7ff600aaa8e5
                                                0x7ff600aaa8ef
                                                0x7ff600aaa8f1
                                                0x7ff600aaa900
                                                0x7ff600aaa90a
                                                0x7ff600aaa914
                                                0x7ff600aaa91a
                                                0x7ff600aaa91f
                                                0x7ff600aaa92b
                                                0x7ff600aaa930
                                                0x7ff600aaa939
                                                0x7ff600aaa93c
                                                0x7ff600aaa949
                                                0x7ff600aaa94e
                                                0x7ff600aaa950
                                                0x7ff600aaa95f
                                                0x7ff600aaa969
                                                0x7ff600aaa973
                                                0x7ff600aaa979
                                                0x7ff600aaa97e
                                                0x7ff600aaa98a
                                                0x7ff600aaa994
                                                0x7ff600aaa9a3
                                                0x7ff600aaa9a9
                                                0x7ff600aaa9b6
                                                0x7ff600aaa9c2
                                                0x7ff600aaa9c4
                                                0x7ff600aaa9cc
                                                0x7ff600aaa9d0
                                                0x7ff600aaa9db
                                                0x7ff600aaa9e0
                                                0x7ff600aaa9eb
                                                0x7ff600aaa9f2
                                                0x7ff600aaa9f5
                                                0x7ff600aaa9fa
                                                0x7ff600aaaa07
                                                0x7ff600aaaa0c
                                                0x7ff600aaaa0f
                                                0x7ff600aaaa18
                                                0x7ff600aaaa25
                                                0x7ff600aaaa31
                                                0x7ff600aaaa3a
                                                0x7ff600aaaa3f
                                                0x7ff600aaaa41
                                                0x7ff600aaaa4a
                                                0x7ff600aaaa4f
                                                0x7ff600aaaa5a
                                                0x7ff600aaaa66
                                                0x7ff600aaaa68
                                                0x7ff600aaaa75
                                                0x7ff600aaaa7a
                                                0x7ff600aaaa7c
                                                0x7ff600aaaa86
                                                0x7ff600aaaa8b
                                                0x7ff600aaaa9d
                                                0x7ff600aaaaa6
                                                0x7ff600aaaab3
                                                0x7ff600aaaab8
                                                0x7ff600aaaac6
                                                0x7ff600aaaaca
                                                0x7ff600aaaacc
                                                0x7ff600aaaad9
                                                0x7ff600aaaade
                                                0x7ff600aaaae0
                                                0x7ff600aaaaea
                                                0x7ff600aaaaef
                                                0x7ff600aaaaf5
                                                0x7ff600aaab01
                                                0x7ff600aaab0a
                                                0x7ff600aaab14
                                                0x7ff600aaab19
                                                0x7ff600aaab2b
                                                0x7ff600aaab3c
                                                0x7ff600aaab45
                                                0x7ff600aaab53
                                                0x7ff600aaab5a
                                                0x7ff600aaab62
                                                0x7ff600aaab6a
                                                0x7ff600aaab6f
                                                0x7ff600aaab7d
                                                0x7ff600aaab82
                                                0x7ff600aaab8b
                                                0x7ff600aaab96
                                                0x7ff600aaaba1
                                                0x7ff600aaabab
                                                0x7ff600aaabb0
                                                0x7ff600aaabb8
                                                0x7ff600aaabba
                                                0x7ff600aaabc1
                                                0x7ff600aaabc9
                                                0x7ff600aaabd3
                                                0x7ff600aaabdd
                                                0x7ff600aaabe0
                                                0x7ff600aaabe6
                                                0x7ff600aaabf2
                                                0x7ff600aaabf5
                                                0x7ff600aaac02
                                                0x7ff600aaac06
                                                0x7ff600aaac16
                                                0x7ff600aaac1b
                                                0x7ff600aaac2a
                                                0x7ff600aaac34
                                                0x7ff600aaac39
                                                0x7ff600aaac40
                                                0x7ff600aaac43
                                                0x7ff600aaac4a
                                                0x7ff600aaac5d
                                                0x7ff600aaac60
                                                0x7ff600aaac6e
                                                0x7ff600aaac71
                                                0x7ff600aaac73
                                                0x7ff600aaac83
                                                0x7ff600aaac8b
                                                0x7ff600aaac8e
                                                0x7ff600aaaca2
                                                0x7ff600aaaca4
                                                0x7ff600aaaca8
                                                0x7ff600aaacaa
                                                0x7ff600aaacb2
                                                0x7ff600aaacb9
                                                0x7ff600aaacc3
                                                0x7ff600aaaccd
                                                0x7ff600aaacd3
                                                0x7ff600aaacd8
                                                0x7ff600aaacea
                                                0x7ff600aaacee
                                                0x7ff600aaacf0
                                                0x7ff600aaacf7
                                                0x7ff600aaacff
                                                0x7ff600aaad04
                                                0x7ff600aaad09
                                                0x7ff600aaad13
                                                0x7ff600aaad19
                                                0x7ff600aaad1e
                                                0x7ff600aaad2d
                                                0x7ff600aaad31
                                                0x7ff600aaad3a
                                                0x7ff600aaad42
                                                0x7ff600aaad47
                                                0x7ff600aaad49
                                                0x7ff600aaad53
                                                0x7ff600aaad5b
                                                0x7ff600aaad70
                                                0x7ff600aaad72
                                                0x7ff600aaad76
                                                0x7ff600aaad85
                                                0x7ff600aaad89
                                                0x7ff600aaad8b
                                                0x7ff600aaad96
                                                0x7ff600aaad9d
                                                0x7ff600aaadb1
                                                0x7ff600aaadbb
                                                0x7ff600aaadc0
                                                0x7ff600aaadc4
                                                0x7ff600aaadd0
                                                0x7ff600aaaddb
                                                0x7ff600aaade0
                                                0x7ff600aaadea
                                                0x7ff600aaadf0
                                                0x7ff600aaadf3
                                                0x7ff600aaadf6
                                                0x7ff600aaadfc
                                                0x7ff600aaae02
                                                0x7ff600aaae0f
                                                0x7ff600aaae1d
                                                0x7ff600aaae2f
                                                0x7ff600aaae32
                                                0x7ff600aaae34
                                                0x7ff600aaae36
                                                0x7ff600aaae45
                                                0x7ff600aaae4f
                                                0x7ff600aaae59
                                                0x7ff600aaae5f
                                                0x7ff600aaae71
                                                0x7ff600aaae7b
                                                0x7ff600aaae84
                                                0x7ff600aaae8b
                                                0x7ff600aaae8d
                                                0x7ff600aaae93
                                                0x7ff600aaae95
                                                0x7ff600aaae99
                                                0x7ff600aaae9b
                                                0x7ff600aaaea6
                                                0x7ff600aaaeae
                                                0x7ff600aaaeb0
                                                0x7ff600aaaebc
                                                0x7ff600aaaec6
                                                0x7ff600aaaed0
                                                0x7ff600aaaed6
                                                0x7ff600aaaee8
                                                0x7ff600aaaef2
                                                0x7ff600aaaefb
                                                0x7ff600aaaf12
                                                0x7ff600aaaf2b
                                                0x7ff600aaaf2e
                                                0x7ff600aaaf30
                                                0x7ff600aaaf39
                                                0x7ff600aaaf41
                                                0x7ff600aaaf5d
                                                0x7ff600aaaf60
                                                0x7ff600aaaf62
                                                0x7ff600aaaf6b
                                                0x7ff600aaaf70
                                                0x7ff600aaaf84
                                                0x7ff600aaaf87
                                                0x7ff600aaaf89
                                                0x7ff600aaaf92
                                                0x7ff600aaaf97
                                                0x7ff600aaafa1
                                                0x7ff600aaafab
                                                0x7ff600aaafb1
                                                0x7ff600aaafc3
                                                0x7ff600aaafcd
                                                0x7ff600aaafd2
                                                0x7ff600aaafd6
                                                0x7ff600aaafdc
                                                0x7ff600aaafea
                                                0x7ff600aaafec
                                                0x7ff600aaaff6
                                                0x7ff600aaaff8
                                                0x7ff600aab004
                                                0x7ff600aab00e
                                                0x7ff600aab018
                                                0x7ff600aab01e
                                                0x7ff600aab030
                                                0x7ff600aab03a
                                                0x7ff600aab043
                                                0x7ff600aab047
                                                0x7ff600aab04b
                                                0x7ff600aab04d
                                                0x7ff600aab059
                                                0x7ff600aab063
                                                0x7ff600aab06d
                                                0x7ff600aab073
                                                0x7ff600aab085
                                                0x7ff600aab08f
                                                0x7ff600aab098
                                                0x7ff600aab0a1
                                                0x7ff600aab0a8
                                                0x7ff600aab0c8

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                                                • API String ID: 0-2884338863
                                                • Opcode ID: d7883c65af395eade7f5d79792e84f2d83ff7163e7641fe2ddcb8ef175423564
                                                • Instruction ID: 2364f9ceca577b095b67a4b342e772e85cdad7581c5ddcc8a249087faae3024f
                                                • Opcode Fuzzy Hash: d7883c65af395eade7f5d79792e84f2d83ff7163e7641fe2ddcb8ef175423564
                                                • Instruction Fuzzy Hash: 16923233A18782A6EB51CB24E4802AEB7A0FB95354F705135E68E86BDEDF7CD544CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A89310 Relevance: 18.1, APIs: 12, Instructions: 111serviceCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 24%
                                                			E00007FF67FF600A89310(void* __ecx, void* __edx, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v20;
				signed long long _v24;
				void* _v28;
				signed long long _v32;
				long long _v40;
				long long _v48;
				signed int _v56;
				long long _v64;
				char _v104;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				long long _v176;
				long long _v184;
				void* _t63;
				void* _t69;
				int _t73;
				signed int _t79;
				void* _t83;
				long long _t93;
				long long _t94;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;

				_t83 = __ecx;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v56 = 0;
				_t93 = _a16;
				_v48 = _t93;
				_t63 = E00007FF67FF600A753A0(_t93);
				if (_t93 == 0) goto 0xa8935c;
				_t94 = _a24;
				_v48 = _t94;
				E00007FF67FF600A7E080(_t63,  &_v104);
				E00007FF67FF600A9F290(_t94, _v48,  &_v104);
				if (_t94 != 0) goto 0xa8939d;
				_v28 = 0;
				E00007FF67FF600A7E460( &_v104);
				_t95 = _v28;
				goto 0xa895b1;
				E00007FF67FF600A7A260(_t95);
				r8d = 0xf003f;
				OpenSCManagerW(??, ??, ??);
				_v64 = _t95;
				if (_v64 == 0) goto 0xa89591;
				r8d = 0xf01ff;
				_t69 = OpenServiceW(??, ??, ??);
				_v40 = _t95;
				if (_v40 == 0) goto 0xa89451;
				E00007FF67FF600A7F640(_t69,  &_v104);
				r9d = 0;
				_v56 = E00007FF67FF600A89070(_t95, _a8, _t95, _a32);
				GetLastError();
				_v32 = _t95;
				_t73 = CloseServiceHandle(??);
				SetLastError(??);
				goto 0xa894f2;
				E00007FF67FF600A7F640(_t73,  &_v104);
				_v120 = 0;
				_v128 = 0;
				_v136 = 0;
				_v144 = 0;
				_v152 = 0;
				_v160 = _t95;
				_v168 = 1;
				_v176 = 1;
				_v184 = 1;
				r9d = 0x1f01ff;
				CreateServiceW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				_v40 = _t95;
				if (_v40 == 0) goto 0xa894f2;
				_v56 = 1;
				CloseServiceHandle(??);
				GetLastError();
				_v32 = _t95;
				CloseServiceHandle(??);
				SetLastError(??);
				_t96 = _v56 & 0x000000ff;
				if (_t96 == 0) goto 0xa89591;
				_t79 = E00007FF67FF600A8E0B0(_t83, _t96, _t96, _a8);
				if (_t96 == 0) goto 0xa89544;
				_v20 = 1;
				goto 0xa8954f;
				_v20 = 0;
				_v56 = _t79;
				_t98 = _v56 & 0x000000ff;
				if (_t98 != 0) goto 0xa89591;
				GetLastError();
				_v32 = _t98;
				E00007FF67FF600A895C0(_t83, _t98, _t98, _a8);
				SetLastError(??);
				_v24 = _v56 & 0x000000ff;
				return E00007FF67FF600A7E460( &_v104);
			}































                                                0x7ff600a89310
                                                0x7ff600a89310
                                                0x7ff600a89315
                                                0x7ff600a8931a
                                                0x7ff600a8931f
                                                0x7ff600a8932b
                                                0x7ff600a89333
                                                0x7ff600a8933b
                                                0x7ff600a89343
                                                0x7ff600a8934a
                                                0x7ff600a8934c
                                                0x7ff600a89354
                                                0x7ff600a89361
                                                0x7ff600a89373
                                                0x7ff600a8937a
                                                0x7ff600a8937c
                                                0x7ff600a8938c
                                                0x7ff600a89391
                                                0x7ff600a89398
                                                0x7ff600a8939d
                                                0x7ff600a893a2
                                                0x7ff600a893ac
                                                0x7ff600a893b2
                                                0x7ff600a893c3
                                                0x7ff600a893c9
                                                0x7ff600a893df
                                                0x7ff600a893e5
                                                0x7ff600a893f6
                                                0x7ff600a893fd
                                                0x7ff600a89402
                                                0x7ff600a8941d
                                                0x7ff600a89424
                                                0x7ff600a8942a
                                                0x7ff600a89439
                                                0x7ff600a89446
                                                0x7ff600a8944c
                                                0x7ff600a89456
                                                0x7ff600a8945b
                                                0x7ff600a89464
                                                0x7ff600a8946d
                                                0x7ff600a89476
                                                0x7ff600a8947f
                                                0x7ff600a89488
                                                0x7ff600a8948d
                                                0x7ff600a89495
                                                0x7ff600a8949d
                                                0x7ff600a894a5
                                                0x7ff600a894c3
                                                0x7ff600a894c9
                                                0x7ff600a894da
                                                0x7ff600a894dc
                                                0x7ff600a894ec
                                                0x7ff600a894f2
                                                0x7ff600a894f8
                                                0x7ff600a89507
                                                0x7ff600a89514
                                                0x7ff600a8951a
                                                0x7ff600a89524
                                                0x7ff600a8952e
                                                0x7ff600a89535
                                                0x7ff600a89537
                                                0x7ff600a89542
                                                0x7ff600a89544
                                                0x7ff600a89557
                                                0x7ff600a8955e
                                                0x7ff600a89568
                                                0x7ff600a8956a
                                                0x7ff600a89570
                                                0x7ff600a8957f
                                                0x7ff600a8958b
                                                0x7ff600a89599
                                                0x7ff600a895b8

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Service$ErrorLast$Open$CloseConfigHandleQuery$Manager$AllocChangeCreateLocalStartStatus
                                                • String ID:
                                                • API String ID: 458694468-0
                                                • Opcode ID: 694c86c91c267e9a9d41eb1789851dd97a603c32f6a92677cce72a11fcbea06c
                                                • Instruction ID: b369e09e85fd5d6217a8bb60a7445986df4f853e417c86aadd90f69ea50525bc
                                                • Opcode Fuzzy Hash: 694c86c91c267e9a9d41eb1789851dd97a603c32f6a92677cce72a11fcbea06c
                                                • Instruction Fuzzy Hash: 5E61D532A0CBC196E7709B21E4543ABB7A0FB85744F244535DA8E86BAEDF7DD448CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A895C0 Relevance: 13.5, APIs: 9, Instructions: 42serviceCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastService$CloseHandleOpen$DeleteManager
                                                • String ID:
                                                • API String ID: 325488369-0
                                                • Opcode ID: 3daa4005f3406cc6f921de684798b1a64b48edfc3fb0e494b9136c63ee69a029
                                                • Instruction ID: a9426b2bf382c18006e902253bac11803956a3da11053025d2b2a1c1d0feb1ca
                                                • Opcode Fuzzy Hash: 3daa4005f3406cc6f921de684798b1a64b48edfc3fb0e494b9136c63ee69a029
                                                • Instruction Fuzzy Hash: 47212C3292C68196D3609B21E84433ABB60FB85795F245135FA8F82BADDF7DE548CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF1440 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 434COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 52%
                                                			E00007FF67FF600AF1440(void* __ecx, long long* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long _a8, void* _a16, long long _a24, intOrPtr _a26, long long _a32) {
				long long _v72;
				intOrPtr _v80;
				intOrPtr* _v88;
				long long _v96;
				long long _v104;
				void* _t34;
				signed long long _t59;
				signed long long _t62;
				long long _t64;
				long long _t65;
				long long _t66;
				long long _t74;
				void* _t79;
				void* _t86;
				long long _t102;
				signed long long _t109;
				intOrPtr _t126;
				void* _t128;
				void* _t129;
				signed long long _t132;
				intOrPtr* _t133;
				intOrPtr* _t138;

				_a8 = __rbx;
				_a16 = __rdx;
				if (__rdx != 0) goto 0xaf147c;
				E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x16;
				_t34 = E00007FF67FF600ACE12C();
				goto 0xaf161c;
				asm("xorps xmm0, xmm0");
				 *((long long*)(__rdx)) = 0;
				_t59 =  *((intOrPtr*)(__rcx));
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = 0;
				if (_t59 == 0) goto 0xaf14e9;
				_a24 = 0x3f2a;
				_a26 = dil;
				E00007FF67FF600AFF790();
				if (_t59 != 0) goto 0xaf14c1;
				r8d = 0;
				0xaf1a18();
				goto 0xaf14cd;
				0xaf1d2c();
				if (_t59 != 0) goto 0xaf14dc;
				goto 0xaf148e;
				goto 0xaf15e1;
				_t138 = _v88;
				_t126 = _v80;
				_a24 = 0;
				_t62 = _t126 - _t138;
				_t132 = (_t62 >> 3) + 1;
				_t86 =  >  ? 0 : _t62 + 7 >> 3;
				_t109 = _t59 | 0xffffffff;
				if (_t86 == 0) goto 0xaf154b;
				_t64 = _t109 + 1;
				if ( *((intOrPtr*)( *_t138 + _t64)) != dil) goto 0xaf152c;
				if (1 != _t86) goto 0xaf1526;
				_a24 = 1;
				r8d = 1;
				E00007FF67FF600AE2E2C(_t34, _t132, 1 + _t64, 1);
				_t74 = _t64;
				if (_t64 == 0) goto 0xaf15da;
				_t102 = _t64 + _t132 * 8;
				_t133 = _t138;
				_v96 = _t102;
				_t65 = _t102;
				_a32 = _t102;
				if (_t138 == _t126) goto 0xaf15d1;
				_v104 = _t74 - _t138;
				_t128 = _t109 + 1;
				if ( *((intOrPtr*)( *_t133 + _t128)) != dil) goto 0xaf158b;
				_t129 = _t128 + 1;
				E00007FF67FF600AFF618(_t65, _t74, _t65, _t102 - _t65 + _a24,  *_t133, _t129);
				if (_t65 != 0) goto 0xaf1634;
				_t66 = _a32;
				 *((long long*)(_v104 + _t133)) = _t66;
				_a32 = _t66 + _t129;
				if (_t133 + 8 != _t126) goto 0xaf1585;
				 *_a16 = _t74;
				E00007FF67FF600AE8E1C(_a16, 0);
				_t79 =  >  ? 0 : _t126 - _t138 + 7 >> 3;
				if (_t79 == 0) goto 0xaf1612;
				E00007FF67FF600AE8E1C(_a16,  *_t138);
				if (1 != _t79) goto 0xaf15fe;
				return E00007FF67FF600AE8E1C(_a16, _t138);
			}

























                                                0x7ff600af1440
                                                0x7ff600af1445
                                                0x7ff600af1464
                                                0x7ff600af1466
                                                0x7ff600af146e
                                                0x7ff600af1470
                                                0x7ff600af1477
                                                0x7ff600af147c
                                                0x7ff600af147f
                                                0x7ff600af1482
                                                0x7ff600af1485
                                                0x7ff600af148a
                                                0x7ff600af1491
                                                0x7ff600af1497
                                                0x7ff600af14a0
                                                0x7ff600af14a4
                                                0x7ff600af14af
                                                0x7ff600af14b5
                                                0x7ff600af14ba
                                                0x7ff600af14bf
                                                0x7ff600af14c8
                                                0x7ff600af14d1
                                                0x7ff600af14da
                                                0x7ff600af14e4
                                                0x7ff600af14e9
                                                0x7ff600af14f0
                                                0x7ff600af14fa
                                                0x7ff600af14fe
                                                0x7ff600af150b
                                                0x7ff600af1519
                                                0x7ff600af151d
                                                0x7ff600af1524
                                                0x7ff600af152c
                                                0x7ff600af1533
                                                0x7ff600af1545
                                                0x7ff600af1547
                                                0x7ff600af154b
                                                0x7ff600af1557
                                                0x7ff600af155c
                                                0x7ff600af1562
                                                0x7ff600af1564
                                                0x7ff600af1568
                                                0x7ff600af156b
                                                0x7ff600af156f
                                                0x7ff600af1572
                                                0x7ff600af1579
                                                0x7ff600af1581
                                                0x7ff600af158b
                                                0x7ff600af1592
                                                0x7ff600af1597
                                                0x7ff600af15a4
                                                0x7ff600af15ab
                                                0x7ff600af15b1
                                                0x7ff600af15bd
                                                0x7ff600af15c8
                                                0x7ff600af15cf
                                                0x7ff600af15d7
                                                0x7ff600af15dc
                                                0x7ff600af15f5
                                                0x7ff600af15fc
                                                0x7ff600af1601
                                                0x7ff600af1610
                                                0x7ff600af1633

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                • String ID: *?
                                                • API String ID: 1010374628-2564092906
                                                • Opcode ID: 6e229128aafec0b797f58bc2a5d2e59209762b13775a7aee2de24d0b4805e30f
                                                • Instruction ID: f0a45399dfb07f29b3d51d32054c048848bc22cffb9377d53e9e44bfdfe67edc
                                                • Opcode Fuzzy Hash: 6e229128aafec0b797f58bc2a5d2e59209762b13775a7aee2de24d0b4805e30f
                                                • Instruction Fuzzy Hash: 1BF12763B58A96D1EF20DFA298005BA63A8FB44BD4F644535DE4E87B8AEF3CD441C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA66D8 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 31%
                                                			E00007FF67FF600AA66D8(void* __ecx, void* __rax, long long __rbx) {
				void* _t35;
				void* _t36;
				long _t40;
				signed int _t42;
				void* _t45;
				void* _t50;
				long long _t54;
				long long _t56;
				struct _EXCEPTION_POINTERS** _t61;
				void* _t74;
				void* _t79;
				void* _t81;
				void* _t82;
				void* _t84;

				_t50 = __rax;
				 *((long long*)(_t81 + 8)) = __rbx;
				_t79 = _t81 - 0x4c0;
				_t82 = _t81 - 0x5c0;
				asm("push es");
				 *((intOrPtr*)(_t79 - 0x74fb8b40)) =  *((intOrPtr*)(_t79 - 0x74fb8b40)) + _t35;
				asm("retf");
				asm("int 0x29");
				asm("ror byte [eax-0x73], cl");
				asm("dec ebp");
				_t36 = E00007FF67FF600AA7EF0(_t35, _t45, 0x3, _t74, _t84);
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t50 == 0) goto 0xaa6782;
				 *(_t82 + 0x38) =  *(_t82 + 0x38) & 0x00000000;
				 *((long long*)(_t82 + 0x30)) = _t79 + 0x4e0;
				 *((long long*)(_t82 + 0x28)) = _t79 + 0x4e8;
				 *((long long*)(_t82 + 0x20)) = _t79 - 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t79 + 0xe8)) =  *((intOrPtr*)(_t79 + 0x4c8));
				r8d = 0x98;
				 *((long long*)(_t79 + 0x88)) = _t79 + 0x4d0;
				E00007FF67FF600AA7EF0(_t36, _t45, _t82 + 0x50, 0,  *((intOrPtr*)(_t79 + 0xe8)));
				_t54 =  *((intOrPtr*)(_t79 + 0x4c8));
				 *((long long*)(_t82 + 0x60)) = _t54;
				 *((long long*)(_t82 + 0x50)) = 0x40000015;
				 *((long long*)(_t82 + 0x54)) = 1;
				IsDebuggerPresent();
				 *((long long*)(_t82 + 0x40)) = _t82 + 0x50;
				_t56 = _t79 - 0x10;
				 *((long long*)(_t82 + 0x48)) = _t56;
				SetUnhandledExceptionFilter(??);
				_t40 = UnhandledExceptionFilter( *_t61);
				if (_t56 != 0) goto 0xaa6812;
				if ((_t42 & 0xffffff00 | _t54 == 0x00000001) != 0) goto 0xaa6812;
				return E00007FF67FF600AA66D0(_t40);
			}

















                                                0x7ff600aa66d8
                                                0x7ff600aa66d8
                                                0x7ff600aa66de
                                                0x7ff600aa66e6
                                                0x7ff600aa66f8
                                                0x7ff600aa66f9
                                                0x7ff600aa66ff
                                                0x7ff600aa6700
                                                0x7ff600aa670d
                                                0x7ff600aa6710
                                                0x7ff600aa6718
                                                0x7ff600aa6721
                                                0x7ff600aa6738
                                                0x7ff600aa673b
                                                0x7ff600aa6744
                                                0x7ff600aa6746
                                                0x7ff600aa675d
                                                0x7ff600aa676c
                                                0x7ff600aa6775
                                                0x7ff600aa677c
                                                0x7ff600aa678e
                                                0x7ff600aa679e
                                                0x7ff600aa67a8
                                                0x7ff600aa67af
                                                0x7ff600aa67b4
                                                0x7ff600aa67bb
                                                0x7ff600aa67c0
                                                0x7ff600aa67c8
                                                0x7ff600aa67d0
                                                0x7ff600aa67de
                                                0x7ff600aa67e3
                                                0x7ff600aa67ea
                                                0x7ff600aa67f1
                                                0x7ff600aa67fc
                                                0x7ff600aa6804
                                                0x7ff600aa6808
                                                0x7ff600aa6822

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                • String ID:
                                                • API String ID: 3140674995-0
                                                • Opcode ID: e1f81e30b322fb6d79e3ae1c10ae84bde1791f26c5e1219e1152c48b85fbc4c7
                                                • Instruction ID: cef1ebcfc142effb2661c2497055f8b6fedac726fe2e8dd3771bb12e0f363070
                                                • Opcode Fuzzy Hash: e1f81e30b322fb6d79e3ae1c10ae84bde1791f26c5e1219e1152c48b85fbc4c7
                                                • Instruction Fuzzy Hash: 22318173A18B8196EB608F60E8503ED7364FB95744F54443ADA4E87B99EF3CD648C710
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA1A60 Relevance: 10.6, APIs: 7, Instructions: 51serviceCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastService$CloseCreateHandleManagerOpen
                                                • String ID:
                                                • API String ID: 137349285-0
                                                • Opcode ID: 6aae68bf8b8692e7dbd4de79380603286136b64a94067211cc39150b127bb3b4
                                                • Instruction ID: 961ad50a2c192bde5117b7530c7cd9bcb1590b7d7dd54bde370f3935f2d6f0f7
                                                • Opcode Fuzzy Hash: 6aae68bf8b8692e7dbd4de79380603286136b64a94067211cc39150b127bb3b4
                                                • Instruction Fuzzy Hash: 4F21107194CB82A7E7108F51F950139B7A4FF4A790F304139D98E82BA8DF3EB0988B04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF8D24 Relevance: 9.2, APIs: 6, Instructions: 171COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00007FF67FF600AF8D24(void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, intOrPtr* __r8, void* __r9) {
				signed int _v72;
				long long _v80;
				long long _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t60;
				void* _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				signed long long _t93;
				signed long long _t94;
				intOrPtr* _t96;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr* _t99;
				intOrPtr* _t100;
				long long _t101;
				signed long long _t102;
				intOrPtr* _t103;
				void* _t105;
				intOrPtr* _t106;
				signed long long _t115;
				signed long long _t117;
				intOrPtr _t130;
				intOrPtr _t132;
				intOrPtr* _t143;
				void* _t144;
				signed long long _t145;
				void* _t148;
				void* _t155;
				long long _t156;
				intOrPtr* _t158;

				_t155 = __r9;
				_t108 = __rcx;
				_t67 = __edx;
				_t66 = __ecx;
				_t93 =  *0xb2fde8; // 0xc4f55cf73642
				_t94 = _t93 ^ _t148 - 0x00000040;
				_v72 = _t94;
				_t143 = __r8;
				_t158 = __rdx;
				_t156 = __rcx;
				E00007FF67FF600AEA310(_t94, _t105, __rcx, __rdx, _t144, __r9);
				_t145 = _t94;
				_v88 = 0;
				_v80 = 0;
				E00007FF67FF600AEA310(0, _t105, _t108, __rdx, _t145, __r9);
				r12d = 0;
				_t5 = _t145 + 0xa0; // 0xa0
				_t106 = _t5;
				 *0x000003A0 =  &_v88;
				_t96 = _t156 + 0x80;
				 *((long long*)(_t145 + 0x98)) = _t156;
				 *_t106 = _t96;
				if (_t96 == 0) goto 0xaf8dab;
				if ( *_t96 == r12w) goto 0xaf8dab;
				_t130 =  *0xb15450; // 0x17
				E00007FF67FF600AF8CA4(_t67, _t106, 0xb152e0, _t145, _t148, _t106);
				_v88 = r12d;
				_t97 =  *((intOrPtr*)(_t145 + 0x98));
				if (_t97 == 0) goto 0xaf8e34;
				if ( *_t97 == r12w) goto 0xaf8e34;
				_t98 =  *_t106;
				if (_t98 == 0) goto 0xaf8dda;
				if ( *_t98 == r12w) goto 0xaf8dda;
				E00007FF67FF600AF85F0(_t66, _t67, _t98, _t106,  &_v88, _t130 - 1, _t106, __r9);
				goto 0xaf8de3;
				E00007FF67FF600AF86C0(_t66, _t67, _t98, _t106,  &_v88, _t130 - 1, _t106);
				if (_v88 != r12d) goto 0xaf8eaa;
				_t132 =  *0xb152d0; // 0x41
				_t14 = _t145 + 0x98; // 0x98
				if (E00007FF67FF600AF8CA4(_t67, _t106, 0xb14ec0, _t145, _t148, _t14) == 0) goto 0xaf8ea0;
				_t99 =  *_t106;
				if (_t99 == 0) goto 0xaf8e29;
				if ( *_t99 == r12w) goto 0xaf8e29;
				E00007FF67FF600AF85F0(_t66, _t67, _t99, _t106,  &_v88, _t132 - 1, _t14, __r9);
				goto 0xaf8ea0;
				_t115 =  &_v88;
				E00007FF67FF600AF86C0(_t66, _t67, _t99, _t106, _t115, _t132 - 1, _t14);
				goto 0xaf8ea0;
				_t100 =  *_t106;
				if (_t100 == 0) goto 0xaf8e8d;
				if ( *_t100 == r12w) goto 0xaf8e8d;
				E00007FF67FF600AEA310(_t100, _t106, _t115, _t132 - 1, _t145, __r9);
				_t101 =  *((intOrPtr*)(_t100 + 0xa0));
				_t117 = (_t115 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t101 + _t117 * 2)) != r12w) goto 0xaf8e55;
				 *((long long*)(_t100 + 0xb4)) = _t101;
				 *_t101 =  *_t101 + (r12d & 0xffffff00 | _t117 == 0x00000003);
				if ((_v88 & 0x00000004) != 0) goto 0xaf8ea0;
				_v88 = r12d;
				goto 0xaf8ea0;
				_v88 = 0x104;
				GetUserDefaultLCID();
				_v80 = _t101;
				_v84 = _t101;
				if (_v88 == r12d) goto 0xaf8f85;
				_t102 = _t156 + 0x100;
				asm("dec eax");
				E00007FF67FF600AF8B24(_t106, 0x7ff600af8484 & _t102,  &_v88, _t145);
				if (_t102 == 0) goto 0xaf8f85;
				_t60 = IsValidCodePage(??);
				if (_t102 == 0) goto 0xaf8f85;
				 *_t102 =  *_t102 + _t60;
				if (_t102 == 0) goto 0xaf8f85;
				if (_t158 == 0) goto 0xaf8efc;
				 *_t158 = _t65;
				_t36 = _t145 + 0x2f0; // 0x2f0
				r9d = 0;
				_t37 = _t155 + 0x55; // 0x55
				_t68 = _t37;
				r8d = _t68;
				E00007FF67FF600AED5A0(_t66, _t158, _t102, _t102, _t36, _t145, _t148);
				if (_t143 == 0) goto 0xaf8f7e;
				r9d = 0;
				r8d = _t68;
				_t62 = E00007FF67FF600AED5A0(_t66, _t143, _t102, _t102, _t143 + 0x120, _t145, _t148);
				_t103 = _t143;
				 *_t103 =  *_t103 + _t62;
				if (_t103 == 0) goto 0xaf8f85;
				r9d = _t68;
				 *_t103 =  *_t103 + _t62;
				if (_t103 == 0) goto 0xaf8f85;
				r9d = 0x4cce8b440000000a;
				r8d = 0x4cce8b4400000010;
				return E00007FF67FF600AA5980(E00007FF67FF600B00EB0(_t66), _t66, _v72 ^ _t148 - 0x00000040);
			}







































                                                0x7ff600af8d24
                                                0x7ff600af8d24
                                                0x7ff600af8d24
                                                0x7ff600af8d24
                                                0x7ff600af8d36
                                                0x7ff600af8d3d
                                                0x7ff600af8d40
                                                0x7ff600af8d44
                                                0x7ff600af8d47
                                                0x7ff600af8d4a
                                                0x7ff600af8d4d
                                                0x7ff600af8d52
                                                0x7ff600af8d57
                                                0x7ff600af8d5b
                                                0x7ff600af8d5e
                                                0x7ff600af8d67
                                                0x7ff600af8d6a
                                                0x7ff600af8d6a
                                                0x7ff600af8d71
                                                0x7ff600af8d78
                                                0x7ff600af8d7f
                                                0x7ff600af8d86
                                                0x7ff600af8d8c
                                                0x7ff600af8d92
                                                0x7ff600af8d94
                                                0x7ff600af8da6
                                                0x7ff600af8dab
                                                0x7ff600af8daf
                                                0x7ff600af8db9
                                                0x7ff600af8dbf
                                                0x7ff600af8dc1
                                                0x7ff600af8dc7
                                                0x7ff600af8dcd
                                                0x7ff600af8dd3
                                                0x7ff600af8dd8
                                                0x7ff600af8dde
                                                0x7ff600af8de7
                                                0x7ff600af8ded
                                                0x7ff600af8df3
                                                0x7ff600af8e0a
                                                0x7ff600af8e10
                                                0x7ff600af8e16
                                                0x7ff600af8e1c
                                                0x7ff600af8e22
                                                0x7ff600af8e27
                                                0x7ff600af8e29
                                                0x7ff600af8e2d
                                                0x7ff600af8e32
                                                0x7ff600af8e34
                                                0x7ff600af8e3a
                                                0x7ff600af8e40
                                                0x7ff600af8e42
                                                0x7ff600af8e4e
                                                0x7ff600af8e55
                                                0x7ff600af8e5d
                                                0x7ff600af8e70
                                                0x7ff600af8e7f
                                                0x7ff600af8e85
                                                0x7ff600af8e87
                                                0x7ff600af8e8b
                                                0x7ff600af8e8d
                                                0x7ff600af8e94
                                                0x7ff600af8e9a
                                                0x7ff600af8e9d
                                                0x7ff600af8ea4
                                                0x7ff600af8eaa
                                                0x7ff600af8eb8
                                                0x7ff600af8ebe
                                                0x7ff600af8ec7
                                                0x7ff600af8ed0
                                                0x7ff600af8ed8
                                                0x7ff600af8eea
                                                0x7ff600af8eee
                                                0x7ff600af8ef7
                                                0x7ff600af8ef9
                                                0x7ff600af8eff
                                                0x7ff600af8f06
                                                0x7ff600af8f09
                                                0x7ff600af8f09
                                                0x7ff600af8f0d
                                                0x7ff600af8f10
                                                0x7ff600af8f18
                                                0x7ff600af8f24
                                                0x7ff600af8f27
                                                0x7ff600af8f2a
                                                0x7ff600af8f3b
                                                0x7ff600af8f46
                                                0x7ff600af8f4a
                                                0x7ff600af8f56
                                                0x7ff600af8f62
                                                0x7ff600af8f66
                                                0x7ff600af8f71
                                                0x7ff600af8f75
                                                0x7ff600af8fa1

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultEnumLocalesPageSystemUser
                                                • String ID:
                                                • API String ID: 2746600977-0
                                                • Opcode ID: b4c519383c6ccbb6aa9fcd308cb6c0e38ed246677aa1d5ece084019abede20fd
                                                • Instruction ID: 1ff018bfe563279ae3197639158002aa4f36abf3d58ec87038f9739e0c8a55da
                                                • Opcode Fuzzy Hash: b4c519383c6ccbb6aa9fcd308cb6c0e38ed246677aa1d5ece084019abede20fd
                                                • Instruction Fuzzy Hash: F5715B23F58642AAFB509BA4D8506BD23A9BF49B44F644035CA0E8779AEF3DE845C350
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ACDEE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 65%
                                                			E00007FF67FF600ACDEE4(void* __ecx, void* __edx, long long __rbx, long long __rdx, long long __rsi, void* __r8) {
				void* _t36;
				void* _t37;
				void* _t38;
				long _t42;
				signed long long _t54;
				long long _t57;
				long long _t61;
				void* _t65;
				_Unknown_base(*)()* _t84;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t91 = _t93 - 0x4f0;
				_t94 = _t93 - 0x5f0;
				_t54 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t91 + 0x4e0) = _t54 ^ _t94;
				if (_t65 == 0xffffffff) goto 0xacdf23;
				_t37 = E00007FF67FF600AA66D0(_t36);
				r8d = 0x98;
				_t38 = E00007FF67FF600AA7EF0(_t37, __edx, _t94 + 0x70, 0, __r8);
				r8d = 0x4d0;
				E00007FF67FF600AA7EF0(_t38, __edx, _t91 + 0x10, 0, __r8);
				 *((long long*)(_t94 + 0x48)) = _t94 + 0x70;
				_t57 = _t91 + 0x10;
				 *((long long*)(_t94 + 0x50)) = _t57;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t57 == 0) goto 0xacdfb6;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				 *((long long*)(_t94 + 0x30)) = _t94 + 0x58;
				 *((long long*)(_t94 + 0x28)) = _t94 + 0x60;
				 *((long long*)(_t94 + 0x20)) = _t91 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				 *((long long*)(_t94 + 0x70)) = __rdx;
				 *((long long*)(_t91 + 0xa8)) = _t91 + 0x510;
				_t61 =  *((intOrPtr*)(_t91 + 0x508));
				 *((long long*)(_t91 - 0x80)) = _t61;
				 *(_t94 + 0x74) = _t84;
				IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t84, _t90);
				_t42 = UnhandledExceptionFilter(_t100);
				if (_t61 != 0) goto 0xace018;
				if (_t61 != 0) goto 0xace018;
				if (_t65 == 0xffffffff) goto 0xace018;
				return E00007FF67FF600AA5980(E00007FF67FF600AA66D0(_t42), __ecx,  *(_t91 + 0x4e0) ^ _t94);
			}

















                                                0x7ff600acdee4
                                                0x7ff600acdee9
                                                0x7ff600acdef2
                                                0x7ff600acdefa
                                                0x7ff600acdf01
                                                0x7ff600acdf0b
                                                0x7ff600acdf1c
                                                0x7ff600acdf1e
                                                0x7ff600acdf2a
                                                0x7ff600acdf30
                                                0x7ff600acdf3b
                                                0x7ff600acdf41
                                                0x7ff600acdf4b
                                                0x7ff600acdf54
                                                0x7ff600acdf58
                                                0x7ff600acdf5d
                                                0x7ff600acdf72
                                                0x7ff600acdf75
                                                0x7ff600acdf7e
                                                0x7ff600acdf80
                                                0x7ff600acdf93
                                                0x7ff600acdfa0
                                                0x7ff600acdfa9
                                                0x7ff600acdfb0
                                                0x7ff600acdfbd
                                                0x7ff600acdfcf
                                                0x7ff600acdfd3
                                                0x7ff600acdfda
                                                0x7ff600acdfe1
                                                0x7ff600acdfe5
                                                0x7ff600acdfe9
                                                0x7ff600acdff3
                                                0x7ff600acdffe
                                                0x7ff600ace006
                                                0x7ff600ace00a
                                                0x7ff600ace00f
                                                0x7ff600ace03e

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                • String ID:
                                                • API String ID: 1239891234-0
                                                • Opcode ID: 8497bfe4c143a2f4e7d2cc787f86b38c6cbbcf9694b70631239772b193b8a064
                                                • Instruction ID: ab7766ecfaaff2c57fb4b5a16e56d5c2f80ac625a141f35d473c3d4366523420
                                                • Opcode Fuzzy Hash: 8497bfe4c143a2f4e7d2cc787f86b38c6cbbcf9694b70631239772b193b8a064
                                                • Instruction Fuzzy Hash: 2B318232A08F8196E720CF24E8406EE73A4FB85754F640136EA9D87B99DF3CD5458B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF203C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 78%
                                                			E00007FF67FF600AF203C(long long __rbx, void* __rcx, void* __rdx, intOrPtr* __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r15;
				void* _t20;
				void* _t33;
				signed short _t34;
				void* _t35;
				void* _t37;
				void* _t41;
				signed long long _t51;
				signed long long _t56;
				void* _t74;
				void* _t87;
				void* _t92;
				signed long long _t95;
				void* _t97;
				void* _t100;
				signed long long _t101;
				union _FINDEX_INFO_LEVELS _t111;
				WCHAR* _t114;

				 *((long long*)(_t100 + 0x20)) = __rbx;
				_t101 = _t100 - 0x290;
				_t51 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t101 + 0x280) = _t51 ^ _t101;
				if (__rdx == __rcx) goto 0xaf2095;
				_t37 = _t20 - 0x2f - 0x2d;
				if (_t37 > 0) goto 0xaf208c;
				asm("dec ecx");
				if (_t37 < 0) goto 0xaf2095;
				_t74 = __rdx - 2;
				if (_t74 != __rcx) goto 0xaf2076;
				if (_t33 != 0x3a) goto 0xaf20bc;
				if (_t74 == __rcx + 2) goto 0xaf20bc;
				r8d = 0;
				E00007FF67FF600AF1BA0(__rbx, __rcx, 0, _t92, 0x801, __r8);
				goto 0xaf21b0;
				_t34 = _t33 - 0x2f;
				_t41 = _t34 - 0x2d;
				if (_t41 > 0) goto 0xaf20d3;
				_t56 = _t34 & 0x0000ffff;
				asm("dec ecx");
				if (_t41 < 0) goto 0xaf20d6;
				 *((long long*)(_t101 + 0x28)) = 0;
				 *((long long*)(_t101 + 0x20)) = 0;
				asm("dec ebp");
				r9d = 0;
				FindFirstFileExW(_t114, _t111, _t87);
				if (_t56 != 0xffffffff) goto 0xaf2123;
				r8d = 0;
				E00007FF67FF600AF1BA0(_t56, __rcx, 0, _t92, _t101 + 0x30, __r8);
				goto 0xaf21ae;
				_t95 =  *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3;
				if ( *((short*)(_t101 + 0x5c)) != 0x2e) goto 0xaf214c;
				if ( *((intOrPtr*)(_t101 + 0x5e)) == _t35) goto 0xaf2163;
				if ( *((short*)(_t101 + 0x5e)) != 0x2e) goto 0xaf214c;
				if ( *((intOrPtr*)(_t101 + 0x60)) == _t35) goto 0xaf2163;
				E00007FF67FF600AF1BA0(_t56, _t101 + 0x5c, __rcx, _t95, _t114 & (0 - __rcx >> 0x00000001) + 0x00000001, __r8);
				if (_t56 != 0) goto 0xaf21a3;
				FindNextFileW(_t92);
				if (_t56 != 0) goto 0xaf212e;
				if (_t95 ==  *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) goto 0xaf21a5;
				r8d = 8;
				E00007FF67FF600AFF1B0(_t56,  *__r8 + _t95 * 8, ( *((intOrPtr*)(__r8 + 8)) -  *__r8 >> 3) - _t95, _t56, _t95, __rcx, _t114 & (0 - __rcx >> 0x00000001) + 0x00000001, 0x7ff600af0e0c, _t114 & (0 - __rcx >> 0x00000001) + 0x00000001);
				goto 0xaf21a5;
				return E00007FF67FF600AA5980(FindClose(_t97), _t34,  *(_t101 + 0x280) ^ _t101);
			}
























                                                0x7ff600af203c
                                                0x7ff600af2048
                                                0x7ff600af204f
                                                0x7ff600af2059
                                                0x7ff600af2074
                                                0x7ff600af207d
                                                0x7ff600af2081
                                                0x7ff600af2086
                                                0x7ff600af208a
                                                0x7ff600af208c
                                                0x7ff600af2093
                                                0x7ff600af209c
                                                0x7ff600af20a5
                                                0x7ff600af20aa
                                                0x7ff600af20b2
                                                0x7ff600af20b7
                                                0x7ff600af20bc
                                                0x7ff600af20c2
                                                0x7ff600af20c6
                                                0x7ff600af20c8
                                                0x7ff600af20cb
                                                0x7ff600af20d1
                                                0x7ff600af20d9
                                                0x7ff600af20e8
                                                0x7ff600af20f2
                                                0x7ff600af20f5
                                                0x7ff600af20fd
                                                0x7ff600af210a
                                                0x7ff600af210f
                                                0x7ff600af2117
                                                0x7ff600af211e
                                                0x7ff600af212a
                                                0x7ff600af2134
                                                0x7ff600af213b
                                                0x7ff600af2143
                                                0x7ff600af214a
                                                0x7ff600af215a
                                                0x7ff600af2161
                                                0x7ff600af216b
                                                0x7ff600af2173
                                                0x7ff600af2186
                                                0x7ff600af2196
                                                0x7ff600af219c
                                                0x7ff600af21a1
                                                0x7ff600af21d6

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Find$File$CloseFirstNext
                                                • String ID: .$.
                                                • API String ID: 3541575487-3769392785
                                                • Opcode ID: b65a878436f45092d17a024fa8a0c4bc75524cd139b83ec961511095a8e9f6a9
                                                • Instruction ID: fe7759cf1146cb6a9bdc09b99d59781b94f2fe4c9e7f26b2b7f8ec3a29a5e49d
                                                • Opcode Fuzzy Hash: b65a878436f45092d17a024fa8a0c4bc75524cd139b83ec961511095a8e9f6a9
                                                • Instruction Fuzzy Hash: 1D413B63F5954264FA609FA2A8043BAA395EB84BE0F648131DE0D877CEDE7CD8418708
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF8B24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00007FF67FF600AF8B24(long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rsi, intOrPtr* _a8, long long _a16, long long _a24) {
				void* _t13;
				void* _t14;
				void* _t16;
				intOrPtr* _t24;
				intOrPtr* _t25;

				_a16 = __rbx;
				_a24 = __rsi;
				if (__rcx == 0) goto 0xaf8b93;
				if ( *__rcx == _t16) goto 0xaf8b93;
				E00007FF67FF600ACF9F4( *__rcx - _t16, __rcx, L"ACP");
				if (_t24 == 0) goto 0xaf8b93;
				_t13 = E00007FF67FF600ACF9F4(_t24, __rcx, L"OCP");
				if (_t24 != 0) goto 0xaf8b89;
				r9d = 2;
				 *_t24 =  *_t24 + _t13;
				if (_t24 == 0) goto 0xaf8bb0;
				_t25 = _a8;
				goto 0xaf8bc2;
				_t14 = E00007FF67FF600AE89E8(__rcx);
				goto 0xaf8bc2;
				r9d = 2;
				 *_t25 =  *_t25 + _t14;
				if (_t25 != 0) goto 0xaf8bb4;
				goto 0xaf8bc2;
				if (_a8 != 0) goto 0xaf8bc2;
				return GetACP();
			}








                                                0x7ff600af8b24
                                                0x7ff600af8b29
                                                0x7ff600af8b3e
                                                0x7ff600af8b43
                                                0x7ff600af8b4c
                                                0x7ff600af8b53
                                                0x7ff600af8b5f
                                                0x7ff600af8b66
                                                0x7ff600af8b6b
                                                0x7ff600af8b7d
                                                0x7ff600af8b81
                                                0x7ff600af8b83
                                                0x7ff600af8b87
                                                0x7ff600af8b8c
                                                0x7ff600af8b91
                                                0x7ff600af8b9b
                                                0x7ff600af8baa
                                                0x7ff600af8bae
                                                0x7ff600af8bb2
                                                0x7ff600af8bba
                                                0x7ff600af8bd1

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID: ACP$OCP
                                                • API String ID: 2299586839-711371036
                                                • Opcode ID: 4ddad447231486cf4e7122d5156d7c2c668d997a7a39ba504edd20a3ff8f8023
                                                • Instruction ID: b4878b1873a586714f24d73209a5d4e981e6174d6c2d1b4b8ed1d89cb598aa37
                                                • Opcode Fuzzy Hash: 4ddad447231486cf4e7122d5156d7c2c668d997a7a39ba504edd20a3ff8f8023
                                                • Instruction Fuzzy Hash: 7C115162B4C643A2FA649B91E94057E6368FF45784F645431DA4EC374EDF2CE8418740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AFD384 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 72%
                                                			E00007FF67FF600AFD384(void* __eax, signed int __edx, void* __edi, void* __eflags, long long __rbx, long long __rcx, void* __rdx, signed char* __r8, long long __r11) {
				void* __rsi;
				void* __rbp;
				signed int _t188;
				signed int _t198;
				long _t205;
				signed char _t213;
				signed int _t216;
				signed long long _t256;
				long long _t261;
				signed long long _t263;
				long long _t267;
				void* _t268;
				signed int _t270;
				void* _t271;
				long long _t273;
				signed int _t277;
				long long _t280;
				long long _t284;
				long long _t288;
				signed int _t294;
				long long _t322;
				intOrPtr _t333;
				void* _t342;
				void* _t343;
				void* _t345;
				intOrPtr* _t346;
				long _t348;
				void* _t352;
				char _t355;
				void* _t356;
				void* _t357;
				void* _t359;
				DWORD* _t362;
				void* _t363;
				void* _t365;
				signed long long _t366;
				void* _t375;
				intOrPtr _t379;
				void* _t391;
				signed long long _t393;
				void* _t395;
				long long _t396;
				intOrPtr _t397;
				void* _t400;
				signed long long _t401;
				void* _t403;

				_t388 = __r11;
				_t280 = __rbx;
				 *((long long*)(_t365 + 8)) = __rbx;
				_t363 = _t365 - 0x27;
				_t366 = _t365 - 0x100;
				_t256 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t363 + 0x17) = _t256 ^ _t366;
				 *((long long*)(_t363 - 9)) = __rcx;
				 *(_t363 - 0x11) = __edx;
				r13d = r9d;
				_t396 = _t395 + __r8;
				 *((long long*)(_t363 - 0x21)) = __r8;
				 *((long long*)(_t363 - 0x51)) = _t396;
				_t393 = __edx >> 6;
				_t401 = (__edx & 0x0000003f) + (__edx & 0x0000003f) * 8;
				_t261 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8)) + 0x28 + _t401 * 8));
				 *((long long*)(_t363 - 0x49)) = _t261;
				GetConsoleOutputCP();
				 *((long long*)(_t363 - 0x59)) = _t261;
				E00007FF67FF600ABD240(_t261, __rbx, _t366 + 0x50, 0, __edx, _t403);
				_t294 =  *((intOrPtr*)(_t366 + 0x58));
				r11d = 0;
				 *(_t363 - 0x69) = r11d;
				 *((long long*)(_t363 - 0x65)) = _t280;
				_t322 =  *((intOrPtr*)(_t294 + 0xc));
				 *(_t366 + 0x40) = _t294;
				 *((long long*)(_t363 - 0x55)) = _t322;
				if (__r8 - _t396 >= 0) goto 0xafd815;
				_t263 = __edx >> 6;
				 *(_t363 - 0x19) = _t263;
				r15d = 1;
				 *((char*)(_t366 + 0x44)) =  *__r8;
				 *(_t366 + 0x48) = r11d;
				if (_t322 != 0xfde9) goto 0xafd5ce;
				_t216 = r11d;
				_t379 =  *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t263 * 8));
				if ( *((intOrPtr*)(_t379 + _t401 * 8 + __r11 + 0x3e)) == r11b) goto 0xafd489;
				_t352 = __r11 + 1;
				if (_t352 - 5 < 0) goto 0xafd477;
				if (_t352 <= 0) goto 0xafd572;
				r15d =  *((char*)(_t294 + 0x7ff600b30720));
				r15d = r15d + 1;
				r13d = r15d;
				r13d = r13d - _t216;
				if (r13d -  *((intOrPtr*)(_t363 - 0x51)) - __r8 > 0) goto 0xafd73d;
				 *((char*)(_t363 - 1 + __r11)) =  *((intOrPtr*)(_t363 - 1 + __r11 + _t379 - _t363 - 1 + _t401 * 8 + 0x3e));
				if (__r11 + 1 - _t352 < 0) goto 0xafd4d3;
				if (r13d <= 0) goto 0xafd503;
				E00007FF67FF600AA7840();
				r11d = 0;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8)) + __r11 + 0x3e + _t401 * 8)) = r11b;
				if (__r11 + 1 - _t352 < 0) goto 0xafd50d;
				_t267 = _t363 - 1;
				 *((long long*)(_t363 - 0x41)) = __r11;
				 *((long long*)(_t363 - 0x39)) = _t267;
				_t188 = r11d & 0xffffff00 | r15d == 0x00000004;
				_t268 = _t267 + 1;
				r8d = _t188;
				r15d = _t188;
				E00007FF67FF600AF98E8(_t268, _t280, _t366 + 0x48, _t363 - 0x39, 0x7ff600a70000, _t363 - 0x41);
				if (_t268 == 0xffffffff) goto 0xafd636;
				_t397 =  *((intOrPtr*)(_t363 - 0x51));
				goto 0xafd658;
				_t355 =  *((char*)(( *__r8 & 0x000000ff) + 0x7ff600b30720));
				_t270 =  *( *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8)) + 0x3e + _t401 * 8) & 0x000000ff;
				if (_t270 - _t397 - __r8 > 0) goto 0xafd777;
				 *((long long*)(_t363 - 0x31)) = __r11;
				 *((long long*)(_t363 - 0x29)) = __r8;
				_t271 = _t270 + 1;
				r8d = r11d & 0xffffff00 | _t355 + 0x00000001 == 0x00000004;
				E00007FF67FF600AF98E8(_t271, _t271, _t366 + 0x48, _t363 - 0x29, 0x7ff600a70000, _t363 - 0x31);
				if (_t271 == 0xffffffff) goto 0xafd636;
				_t356 = _t355 + __r8;
				r15d = r11d;
				goto 0xafd658;
				_t333 =  *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8));
				_t213 =  *(_t333 + 0x3d + _t401 * 8);
				if ((_t213 & 0x00000004) == 0) goto 0xafd602;
				 *((char*)(_t363 + 7)) =  *((intOrPtr*)(_t333 + 0x3e + _t401 * 8));
				 *(_t333 + 0x3d + _t401 * 8) = _t213 & 0x000000fb;
				 *((char*)(_t363 + 8)) =  *__r8;
				goto 0xafd621;
				E00007FF67FF600AEBF70(_t213 & 0x000000fb, _t216, 0x7ff600a70000, _t271, _t366 + 0x48, _t363 + 7, _t356, _t363 - 0x31);
				if ( *((intOrPtr*)(0x7ff600a70000 + ( *__r8 & 0x000000ff) * 2)) - _t216 >= 0) goto 0xafd63f;
				_t357 = _t356 + 1;
				if (_t357 - _t397 >= 0) goto 0xafd7d0;
				r8d = 2;
				E00007FF67FF600AE9744(_t213 & 0x000000fb, _t216, _t357 - _t397, 0x7ff600a70000, _t271, _t366 + 0x48, 0x7ff600a70000, _t400);
				if (0x7ff600a70000 != 0xffffffff) goto 0xafd658;
				goto 0xafd7ca;
				_t198 = E00007FF67FF600AE9744(_t213 & 0x000000fb, _t216,  *((char*)(_t363 - 0x71)), 0x7ff600a70000, _t271, _t366 + 0x48, 0x7ff600a70000, _t395);
				if (0x7ff600a70000 == 0xffffffff) goto 0xafd807;
				_t273 = _t363 + 0xf;
				_t375 = _t366 + 0x48;
				 *((long long*)(_t366 + 0x38)) = 0;
				_t345 = _t357 + 1;
				 *((long long*)(_t366 + 0x30)) = 0;
				r9d = r15d;
				 *((long long*)(_t366 + 0x28)) = 5;
				 *((long long*)(_t366 + 0x20)) = _t273;
				E00007FF67FF600AF41F8();
				if (_t273 == 0) goto 0xafd867;
				r8d = _t198;
				 *((long long*)(_t366 + 0x20)) = 0;
				WriteFile(_t391, _t343, _t348, _t362);
				r11d = 0;
				if (_t273 == 0) goto 0xafd85e;
				r15d =  *(_t366 + 0x40);
				_t284 = _t345 -  *((intOrPtr*)(_t363 - 0x21));
				 *((long long*)(_t363 - 0x65)) = _t284;
				if ( *((intOrPtr*)(_t366 + 0x4c)) - _t273 < 0) goto 0xafd7c6;
				if ( *((char*)(_t366 + 0x44)) != 0xa) goto 0xafd725;
				_t121 = _t388 + 0xd; // 0xd
				 *((short*)(_t366 + 0x44)) = _t121;
				_t124 = _t388 + 1; // 0x1
				r8d = _t124;
				 *((long long*)(_t366 + 0x20)) = __r11;
				WriteFile(??, ??, ??, ??, ??);
				r11d = 0;
				if (_t273 == 0) goto 0xafd7fe;
				if ( *((long long*)(_t366 + 0x4c)) - 1 < 0) goto 0xafd7c6;
				r15d = r15d + 1;
				 *(_t366 + 0x40) = r15d;
				 *((long long*)(_t363 - 0x65)) = _t284 + 1;
				_t359 = _t345;
				if (_t345 - _t397 >= 0) goto 0xafd811;
				goto 0xafd441;
				if (_t375 <= 0) goto 0xafd772;
				_t346 = _t345 - _t359;
				_t342 =  *((intOrPtr*)(_t363 - 0x55)) + 1;
				 *((char*)( *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8)) + _t359 + 0x3e + _t401 * 8)) =  *((intOrPtr*)(_t346 + _t359));
				if (r11d - _t375 < 0) goto 0xafd74f;
				goto 0xafd7c3;
				r9d = r11d;
				if (_t342 <= 0) goto 0xafd7c1;
				r13d = r13d & 0x0000003f;
				r9d = r9d + 1;
				 *((char*)( *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + ( *(_t363 - 0x11) >> 6) * 8)) + __r11 + 0x3e + ( *(_t363 - 0x11) * 8 +  *(_t363 - 0x11)) * 8)) =  *((intOrPtr*)(__r11 + _t346));
				if (r9d - _t342 < 0) goto 0xafd79c;
				r11d = 0;
				_t288 =  *((intOrPtr*)(_t363 - 0x65)) + _t342;
				 *((long long*)(_t363 - 0x65)) = _t288;
				goto 0xafd819;
				 *((long long*)(_t363 - 0x65)) = _t288 + 1;
				 *( *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8)) + 0x3e + _t401 * 8) =  *_t346;
				_t277 =  *((intOrPtr*)(0x7ff600a70000 + 0xc6360 + _t393 * 8));
				 *(_t277 + 0x3d + _t401 * 8) =  *(_t277 + 0x3d + _t401 * 8) | 0x00000004;
				goto 0xafd7ca;
				_t205 = GetLastError();
				 *(_t363 - 0x69) = _t277;
				goto 0xafd819;
				if ( *((intOrPtr*)(_t363 - 0x71)) == r11b) goto 0xafd827;
				 *( *((intOrPtr*)(_t366 + 0x50)) + 0x3a8) =  *( *((intOrPtr*)(_t366 + 0x50)) + 0x3a8) & 0xfffffffd;
				asm("movsd xmm0, [ebp-0x69]");
				asm("movsd [eax], xmm0");
				 *((long long*)( *((intOrPtr*)(_t363 - 9)) + 8)) =  *(_t366 + 0x40);
				return E00007FF67FF600AA5980(_t205, _t213 & 0x000000fb,  *(_t363 + 0x17) ^ _t366);
			}

















































                                                0x7ff600afd384
                                                0x7ff600afd384
                                                0x7ff600afd384
                                                0x7ff600afd394
                                                0x7ff600afd399
                                                0x7ff600afd3a0
                                                0x7ff600afd3aa
                                                0x7ff600afd3b7
                                                0x7ff600afd3bb
                                                0x7ff600afd3c9
                                                0x7ff600afd3cc
                                                0x7ff600afd3cf
                                                0x7ff600afd3d6
                                                0x7ff600afd3da
                                                0x7ff600afd3de
                                                0x7ff600afd3ea
                                                0x7ff600afd3ef
                                                0x7ff600afd3f3
                                                0x7ff600afd400
                                                0x7ff600afd403
                                                0x7ff600afd408
                                                0x7ff600afd40d
                                                0x7ff600afd410
                                                0x7ff600afd417
                                                0x7ff600afd41d
                                                0x7ff600afd423
                                                0x7ff600afd427
                                                0x7ff600afd42d
                                                0x7ff600afd439
                                                0x7ff600afd43d
                                                0x7ff600afd443
                                                0x7ff600afd449
                                                0x7ff600afd44d
                                                0x7ff600afd458
                                                0x7ff600afd465
                                                0x7ff600afd468
                                                0x7ff600afd47c
                                                0x7ff600afd480
                                                0x7ff600afd487
                                                0x7ff600afd48c
                                                0x7ff600afd4a7
                                                0x7ff600afd4b0
                                                0x7ff600afd4b3
                                                0x7ff600afd4b6
                                                0x7ff600afd4bf
                                                0x7ff600afd4e2
                                                0x7ff600afd4e7
                                                0x7ff600afd4ec
                                                0x7ff600afd4fb
                                                0x7ff600afd500
                                                0x7ff600afd51b
                                                0x7ff600afd523
                                                0x7ff600afd525
                                                0x7ff600afd529
                                                0x7ff600afd52d
                                                0x7ff600afd545
                                                0x7ff600afd548
                                                0x7ff600afd54a
                                                0x7ff600afd54d
                                                0x7ff600afd550
                                                0x7ff600afd559
                                                0x7ff600afd563
                                                0x7ff600afd56d
                                                0x7ff600afd57b
                                                0x7ff600afd587
                                                0x7ff600afd58d
                                                0x7ff600afd596
                                                0x7ff600afd59d
                                                0x7ff600afd5a8
                                                0x7ff600afd5ae
                                                0x7ff600afd5b8
                                                0x7ff600afd5c1
                                                0x7ff600afd5c3
                                                0x7ff600afd5c6
                                                0x7ff600afd5c9
                                                0x7ff600afd5d5
                                                0x7ff600afd5dd
                                                0x7ff600afd5e5
                                                0x7ff600afd5ef
                                                0x7ff600afd5f4
                                                0x7ff600afd5fd
                                                0x7ff600afd600
                                                0x7ff600afd602
                                                0x7ff600afd610
                                                0x7ff600afd612
                                                0x7ff600afd618
                                                0x7ff600afd621
                                                0x7ff600afd62c
                                                0x7ff600afd634
                                                0x7ff600afd63a
                                                0x7ff600afd64a
                                                0x7ff600afd652
                                                0x7ff600afd65b
                                                0x7ff600afd661
                                                0x7ff600afd666
                                                0x7ff600afd66b
                                                0x7ff600afd66f
                                                0x7ff600afd674
                                                0x7ff600afd677
                                                0x7ff600afd681
                                                0x7ff600afd686
                                                0x7ff600afd68f
                                                0x7ff600afd69e
                                                0x7ff600afd6a1
                                                0x7ff600afd6aa
                                                0x7ff600afd6b0
                                                0x7ff600afd6b5
                                                0x7ff600afd6bb
                                                0x7ff600afd6c2
                                                0x7ff600afd6c8
                                                0x7ff600afd6cf
                                                0x7ff600afd6da
                                                0x7ff600afd6e0
                                                0x7ff600afd6e9
                                                0x7ff600afd6ee
                                                0x7ff600afd6ee
                                                0x7ff600afd6f2
                                                0x7ff600afd6fc
                                                0x7ff600afd702
                                                0x7ff600afd707
                                                0x7ff600afd712
                                                0x7ff600afd718
                                                0x7ff600afd71d
                                                0x7ff600afd722
                                                0x7ff600afd725
                                                0x7ff600afd72b
                                                0x7ff600afd738
                                                0x7ff600afd743
                                                0x7ff600afd745
                                                0x7ff600afd752
                                                0x7ff600afd762
                                                0x7ff600afd76d
                                                0x7ff600afd775
                                                0x7ff600afd777
                                                0x7ff600afd77d
                                                0x7ff600afd789
                                                0x7ff600afd7a0
                                                0x7ff600afd7b1
                                                0x7ff600afd7bc
                                                0x7ff600afd7be
                                                0x7ff600afd7c1
                                                0x7ff600afd7c3
                                                0x7ff600afd7ce
                                                0x7ff600afd7e3
                                                0x7ff600afd7e6
                                                0x7ff600afd7eb
                                                0x7ff600afd7f3
                                                0x7ff600afd7fc
                                                0x7ff600afd7fe
                                                0x7ff600afd804
                                                0x7ff600afd80f
                                                0x7ff600afd819
                                                0x7ff600afd820
                                                0x7ff600afd82b
                                                0x7ff600afd830
                                                0x7ff600afd834
                                                0x7ff600afd85d

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorFileLastWrite$ConsoleOutput
                                                • String ID:
                                                • API String ID: 1443284424-0
                                                • Opcode ID: 0a20a5601e18889074e2b78132ef7a6ab9b774673a744fe9e9c0a98aa5b33e82
                                                • Instruction ID: 4087151564e937f3b798f8b91b5158a3e93073fb53c5481d827c717983a7ca9a
                                                • Opcode Fuzzy Hash: 0a20a5601e18889074e2b78132ef7a6ab9b774673a744fe9e9c0a98aa5b33e82
                                                • Instruction Fuzzy Hash: F9E10063F18681AAE702CFA4D4401BD7BB6FB45788F244136EE4E97B9ADE38D416C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF8220 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 222COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 70%
                                                			E00007FF67FF600AF8220(void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, signed int __r9) {
				int _t45;
				intOrPtr _t50;
				void* _t52;
				void* _t77;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t84;
				intOrPtr* _t85;
				intOrPtr* _t109;
				intOrPtr* _t112;
				long long _t115;
				void* _t116;
				void* _t119;
				signed long long _t132;
				void* _t133;
				void* _t134;
				int _t136;
				intOrPtr* _t137;
				void* _t139;
				intOrPtr* _t140;

				_t52 = __ecx;
				_t77 = _t119;
				 *((long long*)(_t77 + 8)) = __rbx;
				 *((long long*)(_t77 + 0x10)) = _t115;
				 *((long long*)(_t77 + 0x18)) = __rsi;
				 *((long long*)(_t77 + 0x20)) = __rdi;
				_push(_t134);
				_t116 = __r8;
				_t137 = __rdx;
				_t112 = __rcx;
				E00007FF67FF600AEA310(_t77, __rbx, __rcx, __rdx, __rcx, __r9, _t139);
				r12d = 0;
				_t5 = _t77 + 0x98; // 0x98
				_t84 = _t5;
				_t78 = _t112 + 0x80;
				 *((intOrPtr*)(_t84 + 0x10)) = r12d;
				_t8 = _t84 + 0x258; // 0x2f0
				_t140 = _t8;
				 *_t84 = _t112;
				_t9 = _t84 + 8; // 0xa0
				_t109 = _t9;
				 *_t140 = r12w;
				 *_t109 = _t78;
				if ( *_t78 == r12w) goto 0xaf8295;
				_t10 = _t134 + 0x16; // 0x16
				E00007FF67FF600AF8184(_t10, _t84, 0xb152e0, _t109, _t112, _t109);
				if ( *((intOrPtr*)( *_t84)) == r12w) goto 0xaf82eb;
				if ( *((intOrPtr*)( *_t109)) == r12w) goto 0xaf82ae;
				E00007FF67FF600AF7A6C(_t84, _t84, _t109, __r9);
				goto 0xaf82b3;
				E00007FF67FF600AF7B3C(_t84, _t84, _t109, __r9);
				if ( *((intOrPtr*)(_t84 + 0x10)) != r12d) goto 0xaf82fa;
				 *((long long*)(__r8 + 0x481f74c0)) =  *((long long*)(__r8 + 0x481f74c0)) + 1;
				_t80 =  *_t109;
				if ( *_t80 == r12w) goto 0xaf82e4;
				E00007FF67FF600AF7A6C(_t84, _t84, _t84, __r9);
				goto 0xaf82f0;
				E00007FF67FF600AF7B3C(_t84, _t84, _t84, __r9);
				goto 0xaf82f0;
				E00007FF67FF600AF79C4(_t52,  *_t80 - r12w, _t84, _t84, 0x40, _t84, __r9);
				if ( *((intOrPtr*)(_t84 + 0x10)) == r12d) goto 0xaf844d;
				if ( *_t112 != r12w) goto 0xaf8315;
				if ( *((intOrPtr*)(_t112 + 0x100)) != r12w) goto 0xaf8315;
				GetACP();
				goto 0xaf831d;
				E00007FF67FF600AF7FDC(_t52, _t80, _t84, _t112 + 0x100, _t84, _t112, __r8, __r9);
				_t85 = _t80;
				if (_t80 == 0) goto 0xaf844d;
				if (_t80 == 0xfde8) goto 0xaf844d;
				_t45 = IsValidCodePage(_t136);
				if (_t80 == 0) goto 0xaf844d;
				if (_t137 == 0) goto 0xaf834b;
				 *_t137 = _t50;
				if (_t116 == 0) goto 0xaf8446;
				 *((intOrPtr*)(_t116 + 0x120)) = r12w;
				_t132 = (__r9 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t140 + _t132 * 2)) != r12w) goto 0xaf8363;
				_t133 = _t132 + 1;
				spl = 0x86;
				asm("invalid");
				if (_t80 != 0) goto 0xaf846e;
				_t19 = _t80 + 0x40; // 0x40
				r9d = _t19;
				asm("sbb [edi-0x1], cl");
				 *((long long*)(_t116 - 0x567bf040)) =  *((long long*)(_t116 - 0x567bf040)) + 1;
				 *_t80 =  *_t80 + _t45;
				 *((intOrPtr*)(_t80 - 0x73)) =  *((intOrPtr*)(_t80 - 0x73)) + _t52;
				 *_t80 =  *_t80 + _t45;
				asm("repe dec esi");
				if (_t80 == 0) goto 0xaf844d;
				asm("cli");
				 *((long long*)(_t80 - 0x7b)) =  *((long long*)(_t80 - 0x7b)) - 1;
				 *0x40B94100000090 =  *0x40B94100000090 << 0x8d;
				_push(_t80);
				E00007FF67FF600AA84D0(_t10, _t109, _t133);
				if (_t80 == 0) goto 0xaf8404;
				r9d = 0x40;
				_t28 = _t133 - 0x39; // 0x7
				E00007FF67FF600AED2B4(_t28, _t80, _t80, _t85, _t116 + 0x120, _t116 + 0x120, 0x80, _t109);
				if (_t80 == 0) goto 0xaf844d;
				if (_t85 != 0xfde9) goto 0xaf8432;
				r9d = 5;
				E00007FF67FF600AF0A34(0x40b94100000180, _t85, 0x40b94100000180, 0x5f, L"utf8", _t133);
				if (0x40b94100000180 != 0) goto 0xaf846e;
				goto 0xaf8446;
				r9d = 0xa;
				_t31 = _t133 + 6; // 0x46
				r8d = _t31;
				return E00007FF67FF600B00EB0(_t52);
			}























                                                0x7ff600af8220
                                                0x7ff600af8220
                                                0x7ff600af8223
                                                0x7ff600af8227
                                                0x7ff600af822b
                                                0x7ff600af822f
                                                0x7ff600af8233
                                                0x7ff600af823d
                                                0x7ff600af8240
                                                0x7ff600af8243
                                                0x7ff600af8246
                                                0x7ff600af824b
                                                0x7ff600af8251
                                                0x7ff600af8251
                                                0x7ff600af8258
                                                0x7ff600af825f
                                                0x7ff600af8263
                                                0x7ff600af8263
                                                0x7ff600af826a
                                                0x7ff600af826d
                                                0x7ff600af826d
                                                0x7ff600af8271
                                                0x7ff600af8275
                                                0x7ff600af827c
                                                0x7ff600af8281
                                                0x7ff600af828d
                                                0x7ff600af829c
                                                0x7ff600af82a5
                                                0x7ff600af82a7
                                                0x7ff600af82ac
                                                0x7ff600af82ae
                                                0x7ff600af82b7
                                                0x7ff600af82cc
                                                0x7ff600af82d2
                                                0x7ff600af82db
                                                0x7ff600af82dd
                                                0x7ff600af82e2
                                                0x7ff600af82e4
                                                0x7ff600af82e9
                                                0x7ff600af82eb
                                                0x7ff600af82f4
                                                0x7ff600af8305
                                                0x7ff600af830b
                                                0x7ff600af830d
                                                0x7ff600af8313
                                                0x7ff600af8318
                                                0x7ff600af831d
                                                0x7ff600af8321
                                                0x7ff600af832c
                                                0x7ff600af8335
                                                0x7ff600af833d
                                                0x7ff600af8346
                                                0x7ff600af8348
                                                0x7ff600af834e
                                                0x7ff600af835f
                                                0x7ff600af8363
                                                0x7ff600af836b
                                                0x7ff600af836d
                                                0x7ff600af837c
                                                0x7ff600af837e
                                                0x7ff600af8382
                                                0x7ff600af8388
                                                0x7ff600af8388
                                                0x7ff600af8398
                                                0x7ff600af839b
                                                0x7ff600af83a1
                                                0x7ff600af83a3
                                                0x7ff600af83af
                                                0x7ff600af83bd
                                                0x7ff600af83c3
                                                0x7ff600af83d2
                                                0x7ff600af83d5
                                                0x7ff600af83d8
                                                0x7ff600af83dc
                                                0x7ff600af83e1
                                                0x7ff600af83e9
                                                0x7ff600af83eb
                                                0x7ff600af83f7
                                                0x7ff600af83fb
                                                0x7ff600af8402
                                                0x7ff600af8411
                                                0x7ff600af8413
                                                0x7ff600af8427
                                                0x7ff600af842e
                                                0x7ff600af8430
                                                0x7ff600af8432
                                                0x7ff600af843d
                                                0x7ff600af843d
                                                0x7ff600af846d

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF600AE5444), ref: 00007FF600AF830D
                                                • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF600AE5444), ref: 00007FF600AF8335
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CodePageValid
                                                • String ID: utf8
                                                • API String ID: 943130320-905460609
                                                • Opcode ID: a841db035ad55aac06ab7810c383a9821fde568278c54b32675e00d99910277e
                                                • Instruction ID: 99b811479cafce610d2ee242ae0daab827c8abdf7e8a566b10f46e47ba280468
                                                • Opcode Fuzzy Hash: a841db035ad55aac06ab7810c383a9821fde568278c54b32675e00d99910277e
                                                • Instruction Fuzzy Hash: 7691AD33A48B83A6EB649FA1D8412B923A8EF45B80F644131DE5E8779BDF3DE551C301
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AFB568 Relevance: 6.2, Strings: 4, Instructions: 1210COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00007FF67FF600AFB568(void* __edx, void* __rbx, unsigned int __rcx, void* __rdi, void* __rsi, long long __r8, long long __r9, signed int __r10, void* __r12, void* __r14, void* __r15) {
				void* _t15;
				intOrPtr _t16;
				signed char _t18;
				void* _t20;
				void* _t21;
				signed long long _t23;
				void* _t36;
				void* _t42;
				void* _t43;
				signed long long _t44;

				_t42 = _t43 - 0x6f0;
				_t44 = _t43 - 0x7f0;
				_t23 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t42 + 0x6e0) = _t23 ^ _t44;
				 *(_t44 + 0x38) = __rcx;
				 *((long long*)(_t42 - 0x80)) = __r9;
				 *((long long*)(_t42 - 0x70)) = __r8;
				_t15 = E00007FF67FF600B014BC(_t20, _t44 + 0x68, __r10);
				r15d = 1;
				_t26 =  *(_t44 + 0x68) & 0x0000001f;
				_t21 = _t15 - 0x1f;
				if (_t21 != 0) goto 0xafb5ca;
				 *((char*)(_t44 + 0x70)) = 0;
				goto 0xafb5d9;
				_t16 = E00007FF67FF600B01528(_t21, _t44 + 0x68, __rdi, _t36);
				 *((intOrPtr*)(_t44 + 0x70)) = r15b;
				if (_t21 == 0) goto 0xafb60d;
				 *(_t26 - 0x7b) =  *(( *(_t44 + 0x68) & 0x0000001f) - 0x7b) | _t18;
				asm("fisttp dword [ebp+0x480f0d4f]");
				asm("rol dword [ebp+0x33], 0xc0");
				 *((intOrPtr*)(__r8)) = _t16;
				E00007FF67FF600B01458(__edx, _t26, _t44 + 0x78);
				r10d = 0x7ff;
				if (( *(_t44 + 0x38) >> 0x00000034 & __r10) != 0) goto 0xafb65a;
			}













                                                0x7ff600afb573
                                                0x7ff600afb57b
                                                0x7ff600afb582
                                                0x7ff600afb58c
                                                0x7ff600afb593
                                                0x7ff600afb5a0
                                                0x7ff600afb5a7
                                                0x7ff600afb5ad
                                                0x7ff600afb5b6
                                                0x7ff600afb5bc
                                                0x7ff600afb5bf
                                                0x7ff600afb5c1
                                                0x7ff600afb5c3
                                                0x7ff600afb5c8
                                                0x7ff600afb5cf
                                                0x7ff600afb5d4
                                                0x7ff600afb5e7
                                                0x7ff600afb5e9
                                                0x7ff600afb5ec
                                                0x7ff600afb5f2
                                                0x7ff600afb5f8
                                                0x7ff600afb601
                                                0x7ff600afb609
                                                0x7ff600afb620

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                • API String ID: 0-2761157908
                                                • Opcode ID: ff1d529c93d5ff451b1e4fe1eb54b92287eaceb11048c4e5e07417daae5d669b
                                                • Instruction ID: 3621ccab0c952795420bbd25f88fef981eefc909fc20ff11405a278bfba21146
                                                • Opcode Fuzzy Hash: ff1d529c93d5ff451b1e4fe1eb54b92287eaceb11048c4e5e07417daae5d669b
                                                • Instruction Fuzzy Hash: B6B2E273A582869BE7648EA5D5407FD37A5FB44388F605135DA0AD7B8EDF38EA00CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA6538 Relevance: 6.0, APIs: 4, Instructions: 27timethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                • String ID:
                                                • API String ID: 2933794660-0
                                                • Opcode ID: 34c2b67bd052ce7c67f70e83c35053e828592a4e42091ecfbd1fb3d4dfd65b78
                                                • Instruction ID: 9b18184cc96f504758f6e704b9e0133dd84bd9739eca4e07c638a911cf51c6dd
                                                • Opcode Fuzzy Hash: 34c2b67bd052ce7c67f70e83c35053e828592a4e42091ecfbd1fb3d4dfd65b78
                                                • Instruction Fuzzy Hash: FDF03C32A08B419AEB10DF70D8452A833A4FB1D71CF400A31E62E86798DF38E165C380
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF8780 Relevance: 4.7, APIs: 3, Instructions: 169COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 53%
                                                			E00007FF67FF600AF8780(signed char __ecx, void* __edx, void* __ebp, long long __rbx, void* __rcx, void* __rdx, void* __r9) {
				void* __rsi;
				signed char _t50;
				void* _t54;
				void* _t56;
				signed char _t57;
				void* _t72;
				void* _t78;
				signed long long _t84;
				signed long long _t85;
				signed long long _t87;
				signed long long _t88;
				signed long long _t90;
				signed long long _t96;
				signed long long _t97;
				void* _t104;
				signed long long _t105;
				signed long long _t120;
				void* _t144;
				signed long long* _t145;
				int _t147;
				intOrPtr* _t148;
				signed long long _t150;
				signed long long _t151;
				signed long long _t152;
				void* _t154;
				signed long long _t155;
				void* _t164;

				_t162 = __r9;
				_t107 = __rcx;
				_t57 = __ecx;
				 *((long long*)(_t154 + 0x10)) = __rbx;
				 *(_t154 + 0x18) = _t150;
				_t155 = _t154 - 0x120;
				_t84 =  *0xb2fde8; // 0xc4f55cf73642
				_t85 = _t84 ^ _t155;
				 *(_t155 + 0x110) = _t85;
				_t104 = __rcx;
				E00007FF67FF600AEA310(_t85, __rcx, __rcx, __rdx, _t147, __r9, _t164);
				_t4 = _t85 + 0x98; // 0x98
				_t148 = _t4;
				E00007FF67FF600AEA310(_t85, _t104, _t107, __rdx, _t148, __r9, _t144);
				_t145 =  *((intOrPtr*)(_t85 + 0x3a0));
				E00007FF67FF600AF8AD4(_t104, __rdx);
				r9d = 0x78;
				_t105 = _t85;
				asm("sbb edx, edx");
				GetLocaleInfoW(_t147, ??, ??);
				r14d = 0;
				if (_t85 == 0) goto 0xaf899a;
				E00007FF67FF600ACE450(_t85,  *((intOrPtr*)(_t148 + 8)));
				_t151 = _t150 | 0xffffffff;
				if (_t85 != 0) goto 0xaf88cf;
				_t11 = _t164 + 0x78; // 0x78
				r9d = _t11;
				_t87 =  ~( *(_t148 + 0x18));
				asm("sbb edx, edx");
				GetLocaleInfoW(??, ??, ??, ??);
				if (_t87 == 0) goto 0xaf899a;
				E00007FF67FF600ACE450(_t87,  *_t148);
				if (_t87 != 0) goto 0xaf8861;
				_t145[0] = _t105;
				goto 0xaf88ca;
				if ((_t57 & 0x00000002) != 0) goto 0xaf88cf;
				_t88 =  *_t145 | 0x00000304;
				if ( *((intOrPtr*)(_t148 + 0x14)) == r14d) goto 0xaf88a9;
				_t50 = E00007FF67FF600B0109C(_t88,  *_t148);
				if (_t88 != 0) goto 0xaf88a7;
				_t145[1] = _t105;
				 *_t145 =  *_t145 | 0x00000002;
				_t120 =  *_t148;
				_t90 = _t151 + 1;
				if ( *((intOrPtr*)(_t120 + _t90 * 2)) != r14w) goto 0xaf8893;
				if (_t90 !=  *((intOrPtr*)(_t148 + 0x14))) goto 0xaf88cf;
				_t145[0] = _t105;
				goto 0xaf88cf;
				if ((_t50 & 0x00000001) != 0) goto 0xaf88cf;
				if (_t56 ==  *0xb15e98) goto 0xaf88cf;
				_t72 = _t155 + 0x21 - 0xa;
				if (_t72 < 0) goto 0xaf88b7;
				_t145[1] = _t105;
				 *_t145 = _t120 | 0x00000001;
				if (_t72 == 0) goto 0xaf898e;
				_t96 =  ~( *(_t148 + 0x18));
				r9d = 0x78;
				asm("sbb edx, edx");
				GetLocaleInfoW(??, ??, ??, ??);
				if (_t96 == 0) goto 0xaf899a;
				E00007FF67FF600ACE450(_t96,  *_t148);
				if (_t96 != 0) goto 0xaf8954;
				_t97 =  *_t145;
				asm("bts eax, 0x9");
				 *_t145 = _t97;
				if ( *(_t148 + 0x18) == r14d) goto 0xaf8935;
				asm("bts eax, 0x8");
				 *_t145 = _t97;
				goto 0xaf8985;
				if ( *((intOrPtr*)(_t148 + 0x14)) == r14d) goto 0xaf892d;
				_t152 = _t151 + 1;
				if ( *((intOrPtr*)( *_t148 + _t152 * 2)) != r14w) goto 0xaf893e;
				_t78 = _t152 -  *((intOrPtr*)(_t148 + 0x14));
				if (_t78 != 0) goto 0xaf892d;
				if (_t78 <= 0) goto 0xaf8970;
				if (_t78 != 0) goto 0xaf898e;
				if ( *((intOrPtr*)(_t148 + 0x14)) == r14d) goto 0xaf898e;
				E00007FF67FF600ACE450(_t97,  *_t148);
				if (_t97 != 0) goto 0xaf898e;
				_t54 = E00007FF67FF600AF8BF8(_t57, r14d, _t97, _t105, _t105, 0, _t148, _t162);
				if (_t97 == 0) goto 0xaf898e;
				asm("bts dword [edi], 0x8");
				if (_t145[0] != r14d) goto 0xaf898e;
				_t145[0] = _t105;
				goto 0xaf89a2;
				 *_t145 = r14d;
				asm("adc [ecx], al");
				 *0x1 =  *0x1 + _t54;
				return E00007FF67FF600AA5980(_t54, _t57, _t105 ^ _t155);
			}






























                                                0x7ff600af8780
                                                0x7ff600af8780
                                                0x7ff600af8780
                                                0x7ff600af8780
                                                0x7ff600af8785
                                                0x7ff600af878e
                                                0x7ff600af8795
                                                0x7ff600af879c
                                                0x7ff600af879f
                                                0x7ff600af87a7
                                                0x7ff600af87aa
                                                0x7ff600af87af
                                                0x7ff600af87af
                                                0x7ff600af87b6
                                                0x7ff600af87be
                                                0x7ff600af87c5
                                                0x7ff600af87d4
                                                0x7ff600af87dc
                                                0x7ff600af87de
                                                0x7ff600af87ec
                                                0x7ff600af87f2
                                                0x7ff600af87f7
                                                0x7ff600af8806
                                                0x7ff600af880b
                                                0x7ff600af8811
                                                0x7ff600af881a
                                                0x7ff600af881a
                                                0x7ff600af881e
                                                0x7ff600af8827
                                                0x7ff600af8835
                                                0x7ff600af883d
                                                0x7ff600af884b
                                                0x7ff600af8854
                                                0x7ff600af885c
                                                0x7ff600af885f
                                                0x7ff600af8864
                                                0x7ff600af8866
                                                0x7ff600af886c
                                                0x7ff600af887a
                                                0x7ff600af8883
                                                0x7ff600af8888
                                                0x7ff600af888b
                                                0x7ff600af8890
                                                0x7ff600af8893
                                                0x7ff600af889b
                                                0x7ff600af88a0
                                                0x7ff600af88a2
                                                0x7ff600af88a5
                                                0x7ff600af88ab
                                                0x7ff600af88ba
                                                0x7ff600af88c2
                                                0x7ff600af88c5
                                                0x7ff600af88ca
                                                0x7ff600af88cd
                                                0x7ff600af88da
                                                0x7ff600af88e8
                                                0x7ff600af88ea
                                                0x7ff600af88f2
                                                0x7ff600af8900
                                                0x7ff600af8908
                                                0x7ff600af8916
                                                0x7ff600af891d
                                                0x7ff600af891f
                                                0x7ff600af8921
                                                0x7ff600af8925
                                                0x7ff600af892b
                                                0x7ff600af892d
                                                0x7ff600af8931
                                                0x7ff600af8933
                                                0x7ff600af8939
                                                0x7ff600af893e
                                                0x7ff600af8946
                                                0x7ff600af8948
                                                0x7ff600af894b
                                                0x7ff600af8956
                                                0x7ff600af8958
                                                0x7ff600af895e
                                                0x7ff600af8968
                                                0x7ff600af896f
                                                0x7ff600af8978
                                                0x7ff600af897f
                                                0x7ff600af8981
                                                0x7ff600af8989
                                                0x7ff600af898b
                                                0x7ff600af8998
                                                0x7ff600af899a
                                                0x7ff600af89a6
                                                0x7ff600af89a8
                                                0x7ff600af89c9

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF600AF87EC
                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF600AF8835
                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF600AF8900
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: InfoLocale$ErrorLast
                                                • String ID:
                                                • API String ID: 661929714-0
                                                • Opcode ID: 01da6be91ebe30722fef1b110be771703b153dce30a7d47b3bf87b2aeddd599d
                                                • Instruction ID: 27f8681cde13b0d5319a7b992e63b4702b592ccb9f3fc58cc821bd3594202647
                                                • Opcode Fuzzy Hash: 01da6be91ebe30722fef1b110be771703b153dce30a7d47b3bf87b2aeddd599d
                                                • Instruction Fuzzy Hash: 2A619C33A48643A6EB349F51E5802B973A9FB84780F648135CB9EC379ADF7CE4518740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA0EE0 Relevance: 4.6, APIs: 3, Instructions: 53processCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseHandle$CreateSnapshotToolhelp32
                                                • String ID:
                                                • API String ID: 1198867131-0
                                                • Opcode ID: 44c55d39656c6af811e1948bb382838c61352c7569eed93ca735897aa8be55ea
                                                • Instruction ID: 6f5c7f0fd9fdd34c955bf7d7f119207f4c6260eab37059f9fcaec9e81bc484f9
                                                • Opcode Fuzzy Hash: 44c55d39656c6af811e1948bb382838c61352c7569eed93ca735897aa8be55ea
                                                • Instruction Fuzzy Hash: B7119A32E08A4265EA359B25E8103BAA390AF8ABA4F784130DD5D877CEDF3CE5458600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA618C Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(?,?,00000001,00007FF600AA628D,?,?,?,?,?,?,00007FF600ACE027), ref: 00007FF600AA6197
                                                • UnhandledExceptionFilter.KERNEL32(?,?,00000001,00007FF600AA628D,?,?,?,?,?,?,00007FF600ACE027), ref: 00007FF600AA61A0
                                                • GetCurrentProcess.KERNEL32(?,?,00000001,00007FF600AA628D,?,?,?,?,?,?,00007FF600ACE027), ref: 00007FF600AA61A6
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$CurrentProcess
                                                • String ID:
                                                • API String ID: 1249254920-0
                                                • Opcode ID: aada589c01d293a8b21f727f5a85d4b6fec36d52ef28c8cf91e88f20b4dcbf8d
                                                • Instruction ID: b22afdeb3a544fe80a475e1e27725e2dbbfe9aa405560dcaae380b1c27f40aa2
                                                • Opcode Fuzzy Hash: aada589c01d293a8b21f727f5a85d4b6fec36d52ef28c8cf91e88f20b4dcbf8d
                                                • Instruction Fuzzy Hash: 03D0C761E5C50697F71817616D150755211EB5EB45F251434C91FC5364DF3DB4854340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADB18C Relevance: 4.4, Strings: 2, Instructions: 1875COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 78%
                                                			E00007FF67FF600ADB18C(long long __rbx, signed int* __rcx, long long __rdx, void* __r11) {
				signed long long __rdi;
				signed long long __rsi;
				signed long long __rbp;
				signed long long __r12;
				signed long long __r13;
				void* __r14;
				signed int* __r15;
				signed long long _t928;
				signed long long _t929;
				long long _t931;
				long long _t934;
				signed long long _t937;
				signed long long _t945;
				signed long long _t947;
				void* _t952;
				void* _t953;
				signed long long _t954;
				long long _t956;
				signed char* _t961;
				void* _t967;

				 *((long long*)(_t953 + 0x18)) = __rbx;
				_t952 = _t953 - 0xa70;
				_t954 = _t953 - 0xb70;
				_t928 =  *0xb2fde8; // 0xc4f55cf73642
				_t929 = _t928 ^ _t954;
				 *(_t952 + 0xa60) = _t929;
				r10d =  *__rcx;
				 *((long long*)(_t954 + 0x60)) = __rdx;
				_t947 = __rcx[1];
				asm("sbb eax, eax");
				 *((long long*)(_t954 + 0x58)) = __rcx;
				_t931 = (_t929 & 0x0000001d) + 0x19;
				r11d = 0;
				 *((long long*)(_t954 + 0x50)) = _t931;
				 *(_t952 + 0x320) = r11d;
				r10d =  <  ? r11d : r10d;
				r14d = r11d;
				r15d = r11d;
				_t932 =  >=  ? _t947 : _t931;
				r13d = r11d;
				r10d = r10d - r10d;
				_t942 =  >=  ? _t947 : _t931;
				_t956 =  &(__rcx[2]) + ( >=  ? _t947 : _t931);
				 *(_t954 + 0x30) = r10d;
				 *((long long*)(_t954 + 0x78)) = _t956;
				_t934 =  &(__rcx[2]) + _t947;
				_t961 =  &(__rcx[2]);
				 *((long long*)(_t954 + 0x70)) = _t934;
				 *((long long*)(_t954 + 0x40)) = _t934;
				if (_t961 == _t956) goto 0xadb88b;
				if (r13d != 9) goto 0xadb33c;
				if (r14d == 0) goto 0xadb2cd;
				r8d = r11d;
				r9d = r11d;
				r9d = r9d + 1;
				 *(_t952 + 0x324 + _t947 * 4) =  *(_t952 + 0x324 + _t947 * 4) * 0x3b9aca00 +  *(_t952 + 0x324 + _t947 * 4);
				if (r9d != r14d) goto 0xadb259;
				if (r8d == 0) goto 0xadb2c1;
				if ( *(_t952 + 0x320) - 0x73 >= 0) goto 0xadb2b5;
				 *(_t952 + 0x324 +  *(_t952 + 0x320) * 4) = r8d;
				r14d =  *(_t952 + 0x320);
				r14d = r14d + 1;
				 *(_t952 + 0x320) = r14d;
				goto 0xadb2c8;
				r14d = r11d;
				 *(_t952 + 0x320) = r11d;
				goto 0xadb2c8;
				r14d =  *(_t952 + 0x320);
				if (r15d == 0) goto 0xadb336;
				if (r14d == 0) goto 0xadb303;
				_t945 = _t947;
				_t937 =  *(_t952 + 0x324 + _t945 * 4);
				 *(_t952 + 0x324 + _t945 * 4) = r15d;
				r14d =  *(_t952 + 0x320);
				if (r11d != r14d) goto 0xadb2da;
				if (r15d == 0) goto 0xadb336;
				if (r14d - 0x73 >= 0) goto 0xadb32c;
				 *(_t952 + 0x324 + _t937 * 4) = r15d;
				r14d =  *(_t952 + 0x320);
				r14d = r14d + 1;
				 *(_t952 + 0x320) = r14d;
				goto 0xadb336;
				r14d = r11d;
				 *(_t952 + 0x320) = r11d;
				r15d = r11d;
				r13d = r11d;
				r13d = r13d + 1;
				r15d = _t937 + _t945 * 2;
				if ( &(_t961[1]) !=  *((intOrPtr*)(_t954 + 0x78))) goto 0xadb244;
				if (r13d == 0) goto 0xadb88b;
				return  *_t961 & 0x000000ff;
				__rcx = __rcx +  *((intOrPtr*)(__rcx + 0x44382444));
				__rsp = 0xcccccccd;
				 *0x8BE5F741CCCCCD09 = 0xcccccccd;
				__eflags = 0xcccccccd;
				if (0xcccccccd == 0) goto 0xadb764;
				__eax = r12d;
				__eflags = r12d - __edi;
				__rax =  >  ? __rdi : __rax;
				__rdx = 0;
				 *0x8BE5F741CCCCCD01 = 0xcccccccd;
				__rax = __rax - 1;
				__rdi = 0xcccccccd;
				__rcx =  *0x2F985CFD33E45F06 & 0x000000ff;
				__rsi =  *(__rbx + 0xa2bd3 + __rax * 4) & 0x000000ff;
				__rbx = __rcx;
				__rbx = __rcx << 2;
				__r8 = __rbx;
				__rax = __rsi + __rcx;
				__rcx = __rbp + 0x6c4;
				 *(__rbp + 0x6c0) = __rax;
				__eax = E00007FF67FF600AA7EF0(r12d, __edx, __rbp + 0x6c4, 0, __rbx);
				__rcx = 0x7ff600a70000;
				__rsi = __rsi << 2;
				__rax =  *0x2F985CFD33E45F04 & 0x0000ffff;
				__rdx = 0x7ff600b122c0;
				__rcx = __rbp + 0x6c4;
				__r8 = __rsi;
				__rcx = __rbp + 0x6c4 + __rbx;
				__rdx = 0x7ff600b122c0 + ( *0x2F985CFD33E45F04 & 0x0000ffff) * 4;
				E00007FF67FF600AA7840();
				r10d =  *(__rbp + 0x6c0);
				__eflags = r10d - 1;
				if (r10d - 1 > 0) goto 0xadb4b3;
				__rax =  *((intOrPtr*)(__rbp + 0x6c4));
				r11d = 0;
				__eflags = __rax;
				if (__rax != 0) goto 0xadb41e;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				goto 0xadb73a;
				__eflags = __rax - 1;
				if (__rax == 1) goto 0xadb73a;
				__eflags = r14d;
				if (r14d == 0) goto 0xadb73a;
				r8d = r11d;
				r9d = r11d;
				__r10 = __rax;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x324 + __rdx * 4) =  *(__rbp + 0x324 + __rdx * 4) * __r10;
				__rcx =  *(__rbp + 0x324 + __rdx * 4) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x324 + __rdx * 4) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadb439;
				__eflags = r8d;
				if (r8d == 0) goto 0xadb4a7;
				__eflags =  *(__rbp + 0x320) - 0x73;
				if ( *(__rbp + 0x320) - 0x73 >= 0) goto 0xadb495;
				__rax =  *(__rbp + 0x320);
				 *(__rbp + 0x324 +  *(__rbp + 0x320) * 4) = r8d;
				r14d =  *(__rbp + 0x320);
				r14d = r14d + 1;
				 *(__rbp + 0x320) = r14d;
				goto 0xadb73a;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				__al = r11b;
				goto 0xadb73c;
				r14d =  *(__rbp + 0x320);
				goto 0xadb73a;
				__eflags = r14d - 1;
				if (r14d - 1 > 0) goto 0xadb571;
				__rbx =  *((intOrPtr*)(__rbp + 0x324));
				__r10 = __r10 << 2;
				r11d = 0;
				 *(__rbp + 0x320) = r10d;
				r14d = r10d;
				__eflags = __r10 << 2;
				if (__eflags == 0) goto 0xadb51f;
				0x1cc = 0x1cc +  *0x1cc;
				 *((intOrPtr*)(__rbx + 0x8be5f741cccccc8d)) =  *((intOrPtr*)(__rbx + 0x8be5f741cccccc8d)) + __cl;
				if (__eflags > 0) goto 0xadb4fb;
				__rdx = __rbp + 0x6c4;
				E00007FF67FF600AA7840();
				goto 0xadb515;
				__r8 = 0x1cc +  *0x1cc;
				__rdx = 0;
				E00007FF67FF600AA7EF0(r8d, r9d, __rcx, 0, 0x1cc +  *0x1cc) = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x22;
				__eax = E00007FF67FF600ACE12C();
				r14d =  *(__rbp + 0x320);
				r11d = 0;
				__eflags = __rbx;
				if (__rbx == 0) goto 0xadb40f;
				__eflags = __rbx - 1;
				if (__rbx == 1) goto 0xadb73a;
				__eflags = r14d;
				if (r14d == 0) goto 0xadb73a;
				r8d = r11d;
				r9d = r11d;
				__r10 = __rbx;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x324) =  *(__rbp + 0x324) * __r10;
				__rcx =  *(__rbp + 0x324) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x324) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadb542;
				goto 0xadb463;
				__eflags = r10d - r14d;
				__rdx = __rbp + 0x324;
				r12d = r14d;
				__rcx = __rbp + 0x6c4;
				__rcx =  >=  ? __rbp + 0x324 : __rbp + 0x6c4;
				__r8 = __rbp + 0x6c4;
				r12d =  <  ? r10d : r12d;
				 *0x8BE5F741CCCCCD35 = __rcx;
				__eax = r8d & 0xffffff00 | r10d - r14d > 0x00000000;
				__rdx = __rbp + 0x324;
				__rdx =  >=  ? __r8 : __rbp + 0x324;
				r11d = 0;
				__eflags = r11b;
				 *0x8BE5F741CCCCCD15 = __rdx;
				 *(__rbp + 0x4f0) = r11d;
				r9d = r11d;
				r10d =  !=  ? r14d : r10d;
				r14d = r11d;
				__eflags = r12d;
				if (r12d == 0) goto 0xadb6df;
				__eax = r9d;
				__rsi =  *((intOrPtr*)(__rcx + __rax * 4));
				__eflags = __rsi;
				if (__rsi != 0) goto 0xadb5f6;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadb6d3;
				_t115 = __r9 + 1; // 0x1
				r14d = _t115;
				 *(__rbp + 0x4f4 + __rax * 4) = r11d;
				 *(__rbp + 0x4f0) = r14d;
				goto 0xadb6d3;
				r8d = r9d;
				__eflags = r10d;
				if (r10d == 0) goto 0xadb6bc;
				__edi = r9d;
				__rdi =  ~0xcccccccd;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadb66a;
				__ebx = r8d;
				__eflags = r8d - r14d;
				if (r8d != r14d) goto 0xadb627;
				 *(__rbp + 0x4f4 + __rbx * 4) =  *(__rbp + 0x4f4 + __rbx * 4) & 0x00000000;
				_t126 = __r8 + 1; // 0x1
				__eax = _t126;
				 *(__rbp + 0x4f0) = __rax;
				__eax = 0xcccccccd + __r8;
				r8d = r8d + 1;
				__rdx =  *((intOrPtr*)(__rdx + __rax * 4));
				__eax = r11d;
				__rdx = __rdx * __rsi;
				__rdx = __rdx + __rax;
				__rax =  *(__rbp + 0x4f4 + __rbx * 4);
				__rdx = __rdx + __rax;
				__eax = 0xcccccccd + __r8;
				__r11 = __rdx;
				 *(__rbp + 0x4f4 + __rbx * 4) = __rdx;
				r14d =  *(__rbp + 0x4f0);
				__r11 = __rdx >> 0x20;
				__eflags = 0xcccccccd + __r8 - r10d;
				if (0xcccccccd + __r8 == r10d) goto 0xadb66a;
				__rdx =  *0x8BE5F741CCCCCD15;
				goto 0xadb607;
				__eflags = r11d;
				if (r11d == 0) goto 0xadb6bc;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadb7fe;
				__edx = r8d;
				__eflags = r8d - r14d;
				if (r8d != r14d) goto 0xadb693;
				 *(__rbp + 0x4f4 + __rdx * 4) =  *(__rbp + 0x4f4 + __rdx * 4) & 0x00000000;
				_t146 = __r8 + 1; // 0x1
				__eax = _t146;
				 *(__rbp + 0x4f0) = __rax;
				__rax =  *(__rbp + 0x4f4 + __rdx * 4);
				r8d = r8d + 1;
				__ecx = r11d;
				__rcx = __rcx +  *(__rbp + 0x4f4 + __rdx * 4);
				 *(__rbp + 0x4f4 + __rdx * 4) = __rcx;
				r14d =  *(__rbp + 0x4f0);
				__rcx = __rcx >> 0x20;
				__eflags = __rcx;
				if (__rcx != 0) goto 0xadb66f;
				r11d = 0;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadb801;
				__rcx =  *0x8BE5F741CCCCCD35;
				__rdx =  *0x8BE5F741CCCCCD15;
				r9d = r9d + 1;
				__eflags = r9d - r12d;
				if (r9d != r12d) goto 0xadb5cb;
				r8d = r14d;
				__r8 = __r8 << 2;
				 *(__rbp + 0x320) = r14d;
				__eflags = __r8;
				if (__eflags == 0) goto 0xadb735;
				0x1cc = 0x1cc +  *0x1cc;
				 *((intOrPtr*)(__rbx + 0x8be5f741cccccc8d)) =  *((intOrPtr*)(__rbx + 0xbadb6d)) + __cl;
				if (__eflags > 0) goto 0xadb711;
				__rdx = __rbp + 0x4f4;
				E00007FF67FF600AA7840();
				goto 0xadb72b;
				__r8 = 0x1cc +  *0x1cc;
				__rdx = 0;
				E00007FF67FF600AA7EF0(_t146, r8d,  *0x8BE5F741CCCCCD35, 0, 0x1cc +  *0x1cc) = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x22;
				__eax = E00007FF67FF600ACE12C();
				r14d =  *(__rbp + 0x320);
				r11d = 0;
				r12d =  *0x8BE5F741CCCCCD09;
				__al = 1;
				__rbx = 0x7ff600a70000;
				__eflags = 1;
				if (1 == 0) goto 0xadb808;
				r12d = r12d -  *0x8BE5F741CCCCCD01;
				__rdi = 0x26;
				__eflags = 1 - 0xf;
				__eflags =  *__rax & 0xcccccccd;
				asm("cld");
				asm("invalid");
				__rax =  *0x8BE5F741CCCCCD05;
				__rax =  *0x8BE5F741CCCCCD05 +  *0x8BE5F741CCCCCD05 * 4;
				__rax =  *0x8BE5F741CCCCCD05 +  *0x8BE5F741CCCCCD05 * 4 +  *0x8BE5F741CCCCCD05 +  *0x8BE5F741CCCCCD05 * 4;
				r13d = r13d - __eax;
				if (__eflags == 0) goto 0xadb812;
				_t172 = __r13 - 1; // 0x0
				__eax = _t172;
				__rax =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + ( *0x8BE5F741CCCCCD05 +  *0x8BE5F741CCCCCD05 * 4 +  *0x8BE5F741CCCCCD05 +  *0x8BE5F741CCCCCD05 * 4) * 4));
				__eflags = __rax;
				if (__rax == 0) goto 0xadb808;
				__eflags = __rax - 1;
				if (__rax == 1) goto 0xadb812;
				__eflags = r14d;
				if (r14d == 0) goto 0xadb812;
				r8d = r11d;
				r9d = r11d;
				r10d = _t172;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x324) =  *(__rbp + 0x324) * __r10;
				__rcx =  *(__rbp + 0x324) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x324) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadb79c;
				__eflags = r8d;
				if (r8d == 0) goto 0xadb7f5;
				__eflags =  *(__rbp + 0x320) - 0x73;
				if ( *(__rbp + 0x320) - 0x73 >= 0) goto 0xadb808;
				__rax =  *(__rbp + 0x320);
				 *(__rbp + 0x324 +  *(__rbp + 0x320) * 4) = r8d;
				r14d =  *(__rbp + 0x320);
				r14d = r14d + 1;
				 *(__rbp + 0x320) = r14d;
				goto 0xadb812;
				r14d =  *(__rbp + 0x320);
				goto 0xadb812;
				r11d = 0;
				__rbx = 0x7ff600a70000;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				__eflags = r15d;
				if (r15d == 0) goto 0xadb886;
				r8d = r11d;
				__eflags = r14d;
				if (r14d == 0) goto 0xadb84c;
				__ecx = r8d;
				r8d = r8d + 1;
				__edx = r15d;
				__rax =  *(__rbp + 0x324 + __rcx * 4);
				__rdx = 0 + __rax;
				 *(__rbp + 0x324 + __rcx * 4) = __rdx;
				r14d =  *(__rbp + 0x320);
				__rdx = __rdx >> 0x20;
				r15d = __edx;
				__eflags = r8d - r14d;
				if (r8d != r14d) goto 0xadb81f;
				__eflags = r15d;
				if (__eflags == 0) goto 0xadb886;
				__rdi = 0x26;
				if (__eflags >= 0) goto 0xadb87a;
				__eax = r14d;
				 *(__rbp + 0x324 + __rax * 4) = r15d;
				r14d =  *(__rbp + 0x320);
				r14d = r14d + 1;
				 *(__rbp + 0x320) = r14d;
				goto 0xadb88b;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				goto 0xadb88b;
				__rdi = 0x26;
				__eflags = __rcx;
				if (__rcx == 0) goto 0xadbdc5;
				0xcccccccd = 0xcccccccd >> 3;
				 *0x8BE5F741CCCCCD01 = 0xcccccccd;
				r15d = r14d;
				 *0x8BE5F741CCCCCD09 = 0xcccccccd;
				__eflags = 0xcccccccd;
				if (0xcccccccd == 0) goto 0xadbc91;
				goto 0xadb8bf;
				__rbx = 0x7ff600a70000;
				__eflags = r15d - __edi;
				r13d = r15d;
				r13d =  >  ? __edi : r13d;
				__rdx = 0;
				 *0x8BE5F741CCCCCD05 = r13d;
				__eax = __r13 - 1;
				__rcx =  *0xA3007D533E45F06 & 0x000000ff;
				__rsi =  *0xA3007D533E45F07 & 0x000000ff;
				__rbx = __rcx;
				__rdi = 0xcccccccd >> 3;
				__rbx = __rcx << 2;
				__r8 = __rbx;
				__rax = __rsi + __rcx;
				__rcx = __rbp + 0x6c4;
				 *(__rbp + 0x6c0) = __rax;
				__eax = E00007FF67FF600AA7EF0(__r13 - 1, __edx, __rbp + 0x6c4, 0, __rbx);
				__rcx = 0x7ff600a70000;
				__rsi = __rsi << 2;
				__rax =  *0x7FF6039C9A84 & 0x0000ffff;
				__rdx = 0x7ff600b122c0;
				__rcx = __rbp + 0x6c4;
				__r8 = __rsi;
				__rcx = __rbp + 0x6c4 + __rbx;
				__rdx = 0x7ff600b122c0 + ( *0x7FF6039C9A84 & 0x0000ffff) * 4;
				E00007FF67FF600AA7840();
				r10d =  *(__rbp + 0x6c0);
				__eflags = r10d - 1;
				if (r10d - 1 > 0) goto 0xadb9f6;
				__rax =  *((intOrPtr*)(__rbp + 0x6c4));
				r11d = 0;
				__eflags = __rax;
				if (__rax != 0) goto 0xadb961;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				goto 0xadbc6c;
				__eflags = __rax - 1;
				if (__rax == 1) goto 0xadbc6c;
				__eflags = r14d;
				if (r14d == 0) goto 0xadbc6c;
				r8d = r11d;
				r9d = r11d;
				__r10 = __rax;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x324 + __rdx * 4) =  *(__rbp + 0x324 + __rdx * 4) * __r10;
				__rcx =  *(__rbp + 0x324 + __rdx * 4) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x324 + __rdx * 4) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadb97c;
				__eflags = r8d;
				if (r8d == 0) goto 0xadb9ea;
				__eflags =  *(__rbp + 0x320) - 0x73;
				if ( *(__rbp + 0x320) - 0x73 >= 0) goto 0xadb9d8;
				__rax =  *(__rbp + 0x320);
				 *(__rbp + 0x324 +  *(__rbp + 0x320) * 4) = r8d;
				r14d =  *(__rbp + 0x320);
				r14d = r14d + 1;
				 *(__rbp + 0x320) = r14d;
				goto 0xadbc6c;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				__al = r11b;
				goto 0xadbc6e;
				r14d =  *(__rbp + 0x320);
				goto 0xadbc6c;
				__eflags = r14d - 1;
				if (r14d - 1 > 0) goto 0xadbab6;
				__rbx =  *((intOrPtr*)(__rbp + 0x324));
				__r8 = __r10;
				__r8 = __r10 << 2;
				r11d = 0;
				 *(__rbp + 0x320) = r10d;
				r14d = r10d;
				__eflags = __r8;
				if (__r8 == 0) goto 0xadba64;
				__rcx = __rbp + 0x324;
				__eflags = __r8 - 0x1cc;
				if (__r8 - 0x1cc > 0) goto 0xadba3d;
				__rdx = __rbp + 0x6c4;
				E00007FF67FF600AA7840();
				goto 0xadba5a;
				__rdx = 0;
				r8d = 0x1cc;
				E00007FF67FF600AA7EF0(r8d, r9d, __rbp + 0x324, 0, __r8) = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x22;
				__eax = E00007FF67FF600ACE12C();
				r14d =  *(__rbp + 0x320);
				r11d = 0;
				__eflags = __rbx;
				if (__rbx == 0) goto 0xadb952;
				__eflags = __rbx - 1;
				if (__rbx == 1) goto 0xadbc6c;
				__eflags = r14d;
				if (r14d == 0) goto 0xadbc6c;
				r8d = r11d;
				r9d = r11d;
				__r10 = __rbx;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x324) =  *(__rbp + 0x324) * __rbx;
				__rcx =  *(__rbp + 0x324) * __rbx + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x324) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadba87;
				goto 0xadb9a6;
				__eflags = r10d - r14d;
				__rcx = __rbp + 0x324;
				r15d = r14d;
				__rbp + 0x6c4 =  >=  ? __rbp + 0x324 : __rbp + 0x6c4;
				__r13 = __rbp + 0x324;
				r15d =  <  ? r10d : r15d;
				__rcx = __rbp + 0x6c4;
				__r13 =  >=  ? __rcx : __rbp + 0x324;
				__eax = r8d & 0xffffff00 | r10d - r14d > 0x00000000;
				r11d = 0;
				__eflags = r11b;
				 *(__rbp + 0x4f0) = r11d;
				r9d = r11d;
				r10d =  !=  ? r14d : r10d;
				r14d = r11d;
				__eflags = r15d;
				if (r15d == 0) goto 0xadbc0c;
				__eax = r9d;
				__eflags = __rsi;
				if (__rsi != 0) goto 0xadbb32;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadbc00;
				_t265 = __r9 + 1; // 0x1
				r14d = _t265;
				 *(__rbp + 0x4f4 + __rax * 4) = r11d;
				 *(__rbp + 0x4f0) = r14d;
				goto 0xadbc00;
				r8d = r9d;
				__eflags = r10d;
				if (r10d == 0) goto 0xadbbf3;
				__ebx = r9d;
				__rbx =  ~__rbx;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadbba1;
				__edi = r8d;
				__eflags = r8d - r14d;
				if (r8d != r14d) goto 0xadbb63;
				 *(__rbp + 0x2eb73a8) =  *(__rbp + 0x2eb73a8) & 0x00000000;
				_t276 = __r8 + 1; // 0x1
				__eax = _t276;
				 *(__rbp + 0x4f0) = __rax;
				__eax = __rbx + __r8;
				r8d = r8d + 1;
				__edx =  *(__r13 + __rax * 4);
				__eax = r11d;
				__rdx = 0 * __rsi;
				__rdx = 0 * __rsi + __rax;
				__rax =  *(__rbp + 0x2eb73a8);
				__rdx = __rdx + __rax;
				__eax = __rbx + __r8;
				__r11 = __rdx;
				 *(__rbp + 0x2eb73a8) = __rdx;
				r14d =  *(__rbp + 0x4f0);
				__r11 = __rdx >> 0x20;
				__eflags = __rbx + __r8 - r10d;
				if (__rbx + __r8 != r10d) goto 0xadbb43;
				__eflags = r11d;
				if (r11d == 0) goto 0xadbbf3;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadbd3c;
				__edx = r8d;
				__eflags = r8d - r14d;
				if (r8d != r14d) goto 0xadbbca;
				 *(__rbp + 0x4f4 + __rdx * 4) =  *(__rbp + 0x4f4 + __rdx * 4) & 0x00000000;
				_t295 = __r8 + 1; // 0x2
				__eax = _t295;
				 *(__rbp + 0x4f0) = __rax;
				__rax =  *(__rbp + 0x4f4 + __rdx * 4);
				r8d = r8d + 1;
				__ecx = r11d;
				__rcx = __rcx +  *(__rbp + 0x4f4 + __rdx * 4);
				 *(__rbp + 0x4f4 + __rdx * 4) = __rcx;
				r14d =  *(__rbp + 0x4f0);
				__rcx = __rcx >> 0x20;
				__eflags = __rcx;
				if (__rcx != 0) goto 0xadbba6;
				r11d = 0;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadbd3f;
				r9d = r9d + 1;
				__eflags = r9d - r15d;
				if (r9d != r15d) goto 0xadbb06;
				r8d = r14d;
				__r8 = __r8 << 2;
				 *(__rbp + 0x320) = r14d;
				__eflags = __r8;
				if (__eflags == 0) goto 0xadbc62;
				0x1cc = 0x1cc +  *0x1cc;
				 *((intOrPtr*)(__rbx + 0xbadb6d)) =  *((intOrPtr*)(__rbx + 0xbadb6d)) + __cl;
				if (__eflags > 0) goto 0xadbc3e;
				__rdx = __rbp + 0x4f4;
				E00007FF67FF600AA7840();
				goto 0xadbc58;
				__r8 = 0x1cc +  *0x1cc;
				__rdx = 0;
				E00007FF67FF600AA7EF0(_t295, r8d, __rcx, 0, 0x1cc +  *0x1cc) = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x22;
				__eax = E00007FF67FF600ACE12C();
				r14d =  *(__rbp + 0x320);
				r11d = 0;
				r15d =  *0x8BE5F741CCCCCD09;
				r13d =  *0x8BE5F741CCCCCD05;
				__al = 1;
				__eflags = 1;
				if (1 == 0) goto 0xadbd3f;
				r15d = r15d - r13d;
				__rdi = 0x26;
				1 - 0xf =  *0x26 & __rbp;
				asm("cld");
				asm("invalid");
				__rax =  *0x8BE5F741CCCCCD01;
				__rcx =  *0x8BE5F741CCCCCCFD;
				__rax =  *0x8BE5F741CCCCCD01 +  *0x8BE5F741CCCCCD01 * 4;
				__rax =  *0x8BE5F741CCCCCD01 +  *0x8BE5F741CCCCCD01 * 4 +  *0x8BE5F741CCCCCD01 +  *0x8BE5F741CCCCCD01 * 4;
				__rcx =  *0x8BE5F741CCCCCCFD - __rax;
				if (( *0x26 & __rbp) == 0) goto 0xadbdc5;
				__rcx =  *0x8BE5F741CCCCCCFD - __rax - 1;
				__rax = 0x7ff600a70000;
				__rax =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + __rcx * 4));
				__eflags = 0x7ff600a70000;
				if (0x7ff600a70000 != 0) goto 0xadbcc1;
				r14d = r11d;
				 *(__rbp + 0x320) = r11d;
				goto 0xadbdca;
				__eflags = 0x7ff600a70000 - 1;
				if (0x7ff600a70000 == 1) goto 0xadbdc5;
				__eflags = r14d;
				if (r14d == 0) goto 0xadbdca;
				r8d = r11d;
				r9d = r11d;
				__r10 = 0x7ff600a70000;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x324) =  *(__rbp + 0x324) * 0x7ff600a70000;
				__rcx =  *(__rbp + 0x324) * 0x7ff600a70000 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x324) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r14d;
				if (r9d != r14d) goto 0xadbcdc;
				__eflags = r8d;
				if (r8d == 0) goto 0xadbdbe;
				__eflags =  *(__rbp + 0x320) - 0x73;
				if ( *(__rbp + 0x320) - 0x73 >= 0) goto 0xadbd3f;
				__rax =  *(__rbp + 0x320);
				 *(__rbp + 0x324 +  *(__rbp + 0x320) * 4) = r8d;
				r14d =  *(__rbp + 0x320);
				r14d = r14d + 1;
				 *(__rbp + 0x320) = r14d;
				goto 0xadbdc5;
				r11d = 0;
				__rdx =  *((intOrPtr*)(0x8be5f741cccccd2d));
				__rax =  *((intOrPtr*)(0x8be5f741cccccd25));
				__r8 =  *__rdx;
				__al =  *(__rax + 0x308);
				__eflags =  *((intOrPtr*)(__rdx + 8)) - r11b;
				if ( *((intOrPtr*)(__rdx + 8)) == r11b) goto 0xadbd92;
				__al =  ~( *(__rax + 0x308));
				__rdx = 0;
				__rax = 0;
				asm("dec eax");
				__rcx = __rcx & 0x00000000;
				__rdx = 0;
				__rcx = __rcx + 0;
				__rcx = __rcx & 0x00000000;
				__rax =  *__r8;
				__rax =  *__r8 & 0x00000000;
				__rcx = __rcx | __rax;
				 *__r8 = __rcx;
				goto 0xadbdb4;
				__al =  ~__al;
				__rdx = 0x80000000;
				__rsp = __rbp;
				__rbp = _t967;
				__rcx = __rcx & 0x80000000;
				__rdx = 0x7f800000;
				__rcx = __rcx | __rax;
				__rcx = __rcx & 0xff800000;
				 *__r8 = __ecx;
				__rax = 0x3;
				 *((intOrPtr*)(__rbx + __rcx * 4 - 0x4b)) =  *((intOrPtr*)(__rbx + __rcx * 4 - 0x4b)) + __al;
				 *__rbx =  *__rbx & __al;
				 *0x3 =  *0x3 + __al;
				__eflags = r14d;
				if (__eflags != 0) goto 0xadbdcf;
				__ecx = r11d;
				goto 0xadbdee;
				_t347 = __r14 - 1; // -1
				__ecx = _t347;
				 *(__rsp + 0x48) = r11d;
				asm("bsr eax, [ebp+ecx*4+0x324]");
				if (__eflags == 0) goto 0xadbde6;
				__rax = 0x11f3e900000004;
				goto 0xadbde9;
				__eax = r11d;
				__rcx = __rcx << 5;
				__rcx = __rcx + 0x11f3e900000004;
				__rax =  *(__rsp + 0x40);
				 *(__rsp + 0x3c) = __rcx;
				__eflags = __rcx -  *(__rsp + 0x50);
				if (__rcx -  *(__rsp + 0x50) >= 0) goto 0xadcf87;
				__eflags =  *(__rsp + 0x40);
				if ( *(__rsp + 0x40) == 0) goto 0xadcf89;
				__rbx =  *((intOrPtr*)(__rsp + 0x78));
				r15d = r11d;
				__rdi =  *((intOrPtr*)(__rsp + 0x70));
				r12d = r11d;
				 *(__rbp + 0x150) = r11d;
				r13d = r11d;
				__eflags = __rbx - __rdi;
				if (__rbx == __rdi) goto 0xadc538;
				__eflags = r13d - 9;
				if (r13d != 9) goto 0xadbf73;
				__eflags = r15d;
				if (r15d == 0) goto 0xadbed3;
				r8d = r11d;
				r9d = r11d;
				__edx = r9d;
				r9d = r9d + 1;
				__rax =  *(__rbp + 0x88f280dfe000154);
				__rcx = __rax * 0x3b9aca00;
				__eax = r8d;
				__rcx = __rax * 0x3b9aca00 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x88f280dfe000154) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r15d;
				if (r9d != r15d) goto 0xadbe44;
				__eflags = r8d;
				if (r8d == 0) goto 0xadbecc;
				__eflags =  *(__rbp + 0x150) - 0x73;
				if ( *(__rbp + 0x150) - 0x73 >= 0) goto 0xadbea0;
				__rax =  *(__rbp + 0x150);
				 *(__rbp + 0x154 + __rax * 4) = r8d;
				r15d =  *(__rbp + 0x150);
				r15d = r15d + 1;
				 *(__rbp + 0x150) = r15d;
				goto 0xadbed3;
				r9d = 0;
				 *(__rbp + 0x890) = r11d;
				__r8 = __rbp + 0x894;
				 *(__rbp + 0x150) = r11d;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				 *0x45000060 = __rax;
				__rbp = 0x150;
				__eflags =  *(__rcx + 0x45000000) & __dl;
				__rax = __rbx;
				__eflags = r15d;
				if (r15d == 0) goto 0xadbf11;
				__edx = r8d;
				r8d = r8d + 1;
				__eax = r12d;
				__rcx =  *0x621ABA65000009D4;
				__rcx =  *0x621ABA65000009D4 + __rax;
				__r12 = __rcx;
				 *0x621ABA65000009D4 = __rcx;
				r15d =  *0xFE48545000002A0;
				__r12 = __rcx >> 0x20;
				__eflags = r8d - r15d;
				if (r8d != r15d) goto 0xadbee4;
				__eflags = r12d;
				if (r12d == 0) goto 0xadbf6d;
				__eflags = r15d - 0x73;
				if (r15d - 0x73 >= 0) goto 0xadbf3a;
				__eax = r15d;
				 *(0x150 + 0x154 + __rax * 4) = r12d;
				r15d =  *0xFE48545000002A0;
				r15d = r15d + 1;
				 *0xFE48545000002A0 = r15d;
				goto 0xadbf6d;
				r9d = 0;
				 *0xFE48545000009E0 = r11d;
				__r8 = 0xfe48545000009e4;
				 *0xFE48545000002A0 = r11d;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				 *__rax =  *__rax | __rsp;
				 *((intOrPtr*)(__rbx + __rcx * 4 - 0x43)) =  *((intOrPtr*)(__rbx + __rcx * 4 - 0x43)) + __al;
				_push(__rax);
				 *__rax =  *__rax + __rax;
				 *0xFE4854500000183 =  *((intOrPtr*)(0xfe4854500000183)) + __al;
				asm("fild dword [ebp-0x75]");
				asm("jecxz 0x47");
				__rbp = __rbx;
				__rax =  *__rbx & 0x000000ff;
				__ecx = __r12 + __r12 * 4;
				r13d = r13d + 1;
				__rbx = __rbx + 1;
				r12d = __rax + __rcx * 2;
				__eflags = __rbx - __rdi;
				if (__rbx != __rdi) goto 0xadbe2b;
				__eflags = r13d;
				if (r13d == 0) goto 0xadc538;
				__rax = 0xcccccccd;
				return __eax;
				__rcx = __rcx +  *((intOrPtr*)(__rcx - 0x74b7dbbc));
				asm("enter 0x4489, 0x24");
				__al = __al ^ 0x00000085;
				asm("ror byte [edi], 0x84");
				asm("fild dword [ebx]");
				 *0xcccccccd =  *0xcccccccd + __al;
				__rax = __rcx;
				__rdx = 0x26;
				return __eax;
				 *(__rsp + 0x38) = __rax;
				__rdi = __rax - 1;
				__rax = 0x7ff600a70000;
				__rcx =  *(0x7ff600a70000 + 0xa2bd2 + __rdi * 4) & 0x000000ff;
				__rsi =  *(0x7ff600a70000 + 0xa2bd3 + __rdi * 4) & 0x000000ff;
				__rbx = __rcx;
				__rbx = __rcx << 2;
				__r8 = __rbx;
				__rax = __rsi + __rcx;
				__rcx = __rbp + 0x6c4;
				 *(__rbp + 0x6c0) = __rax;
				__eax = E00007FF67FF600AA7EF0(__eax, r8d, __rbp + 0x6c4, 0x26, __rbx);
				__rcx = 0x7ff600a70000;
				__rsi = __rsi << 2;
				__rax =  *(0x7ff600a70000 + 0xa2bd0 + __rdi * 4) & 0x0000ffff;
				__rdx = 0x7ff600b122c0;
				__rcx = __rbp + 0x6c4;
				__r8 = __rsi;
				__rcx = __rbp + 0x6c4 + __rbx;
				__rdx = 0x7ff600b122c0 + ( *(0x7ff600a70000 + 0xa2bd0 + __rdi * 4) & 0x0000ffff) * 4;
				E00007FF67FF600AA7840();
				r10d =  *(__rbp + 0x6c0);
				__eflags = r10d - 1;
				if (r10d - 1 > 0) goto 0xadc117;
				__rax =  *((intOrPtr*)(__rbp + 0x6c4));
				__rbx = 0;
				__eflags = __rax;
				if (__rax != 0) goto 0xadc067;
				 *(__rbp + 0x890) = 0;
				 *(__rbp + 0x150) = 0;
				r9d = 0;
				__r8 = __rbp + 0x894;
				goto 0xadc355;
				__eflags = __rax - 1;
				if (__rax == 1) goto 0xadc36d;
				__eflags = r15d;
				if (r15d == 0) goto 0xadc36d;
				r8d = __ebx;
				r9d = __ebx;
				__r10 = __rax;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x154 + __rdx * 4) =  *(__rbp + 0x154 + __rdx * 4) * __r10;
				__rcx =  *(__rbp + 0x154 + __rdx * 4) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x154 + __rdx * 4) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r15d;
				if (r9d != r15d) goto 0xadc082;
				__eflags = r8d;
				if (r8d == 0) goto 0xadc366;
				__eflags =  *(__rbp + 0x150) - 0x73;
				if ( *(__rbp + 0x150) - 0x73 >= 0) goto 0xadc0e2;
				__rax =  *(__rbp + 0x150);
				 *(__rbp + 0x154 + __rax * 4) = r8d;
				r15d =  *(__rbp + 0x150);
				r15d = r15d + 1;
				 *(__rbp + 0x150) = r15d;
				goto 0xadc36d;
				r9d = 0;
				 *(__rbp + 0x890) = 0;
				__r8 = __rbp + 0x894;
				 *(__rbp + 0x150) = 0;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				__rbx =  *__rsi;
				 *0x548D8D47BD8B468F =  *((intOrPtr*)(0x548d8d47bd8b468f)) + __cl;
				 *__rax =  *__rax + __rax;
				__cl = __cl + bpl;
				__rax = __rax;
				__al = __al +  *__rax;
				 *((intOrPtr*)(__rbp + __rcx * 4 - 0x7b)) =  *((intOrPtr*)(__rbp + __rcx * 4 - 0x7b)) + __cl;
				asm("les eax, [esi]");
				asm("push es");
				 *__rax =  *__rax + __al;
				__rcx = __rbp + 0x154;
				__eflags = r15d - 1;
				if (r15d - 1 > 0) goto 0xadc1f5;
				__rbx =  *((intOrPtr*)(__rbp + 0x154));
				__r9 = __r10;
				__r9 = __r10 << 2;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				asm("pop ds");
				_pop(__rsi);
				 *__rax =  *__rax + __al;
				__rdi = 0;
				__eflags = __rbx;
				if (__rbx != 0) goto 0xadc164;
				 *(__rbp + 0x890) = 0;
				 *(__rbp + 0x150) = 0;
				goto 0xadc058;
				r15d =  *(__rbp + 0x150);
				__eflags = __rbx - 1;
				if (__rbx == 1) goto 0xadc36d;
				__eflags = r15d;
				if (r15d == 0) goto 0xadc36d;
				r8d = __edi;
				r9d = __edi;
				__r10 = __rbx;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x4256251000000884) =  *(__rbp + 0x4256251000000884) * __r10;
				__rcx =  *(__rbp + 0x4256251000000884) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x4256251000000884) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r15d;
				if (r9d != r15d) goto 0xadc186;
				__eflags = r8d;
				if (r8d == 0) goto 0xadc366;
				__eflags =  *(__rbp + 0x150) - 0x73;
				if (__eflags < 0) goto 0xadc0be;
				r9d = 0;
				 *(__rbp + 0x890) = 0;
				__r8 = __rbp + 0x894;
				 *(__rbp + 0x150) = 0;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				if (__eflags > 0) goto 0xadc248;
				 *__rax =  *__rax + __al;
				__al = dil;
				goto 0xadc10b;
				__eflags = r10d - r15d;
				__rdx = __rbp + 0x6c4;
				__ebx = r15d;
				__rdx =  >=  ? __rcx : __rbp + 0x6c4;
				__ebx =  <  ? r10d : r15d;
				__eax = r8d & 0xffffff00 | r10d - r15d > 0x00000000;
				 *(__rsp + 0x68) = __rdx;
				__rcx = __rbp + 0x154;
				 *(__rsp + 0x30) = __rbx;
				__rcx =  >=  ? __r8 : __rbp + 0x154;
				__eflags = __al;
				r10d =  !=  ? r15d : r10d;
				__rax = 0;
				r9d = 0;
				 *(__rbp + 0x4f0) = 0;
				__eflags = __rbx;
				if (__rbx == 0) goto 0xadc341;
				__r15 =  >=  ? __r8 : __rbp + 0x154;
				__eflags = __rsi;
				if (__rsi != 0) goto 0xadc265;
				__eflags = r9d - __eax;
				if (r9d != __eax) goto 0xadc335;
				 *(__rbp + 0x4f4 + __r9 * 4) =  *(__rbp + 0x4f4 + __r9 * 4) &  *(__rdx + __r9 * 4);
				_t481 = __r9 + 1; // 0x1
				__eax = _t481;
				 *(__rbp + 0x4f0) = 0;
				goto 0xadc335;
				r11d = 0;
				r8d = r9d;
				__eflags = r10d;
				if (r10d == 0) goto 0xadc326;
				__ebx = r9d;
				__rbx =  ~__rbx;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadc2d5;
				__edi = r8d;
				__eflags = r8d - _t481;
				if (r8d != _t481) goto 0xadc299;
				 *(__rbp + 0x4f4) =  *(__rbp + 0x4f4) & 0x00000000;
				_t489 = __r8 + 1; // 0x1
				__eax = _t489;
				 *(__rbp + 0x4f0) = 0;
				__eax = __rbx + __r8;
				r8d = r8d + 1;
				__edx =  *__r15;
				__rax =  *(__rbp + 0x4f4);
				__rdx = __rdx * __rsi;
				__rdx = __rdx + __rax;
				__eax = r11d;
				__rdx = __rdx + __rax;
				__eax = __rbx + __r8;
				__r11 = __rdx;
				 *(__rbp + 0x4f4) = __rdx;
				__r11 = __rdx >> 0x20;
				__eflags = __eax - r10d;
				__rax =  *(__rbp + 0x4f0);
				if (__eax != r10d) goto 0xadc279;
				__eflags = r11d;
				if (r11d == 0) goto 0xadc322;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadc322;
				__edx = r8d;
				__eflags = r8d - __eax;
				if (r8d != __eax) goto 0xadc2fa;
				 *(__rbp + 0x4f4 + __rdx * 4) =  *(__rbp + 0x4f4 + __rdx * 4) & 0x00000000;
				_t508 = __r8 + 1; // 0x2
				__eax = _t508;
				 *(__rbp + 0x4f0) = __rax;
				__rcx =  *(__rbp + 0x4f4 + __rdx * 4);
				r8d = r8d + 1;
				__eax = r11d;
				__rcx =  *(__rbp + 0x4f4 + __rdx * 4) + __rax;
				 *(__rbp + 0x4f4 + __rdx * 4) = __rcx;
				__rax =  *(__rbp + 0x4f0);
				__rcx = __rcx >> 0x20;
				r11d = __r12 + __r12 * 4;
				__eflags = __rcx;
				if (__rcx != 0) goto 0xadc2da;
				__rbx =  *(__rsp + 0x30);
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadc430;
				__rdx =  *(__rsp + 0x68);
				r9d = r9d + 1;
				__eflags = r9d - __ebx;
				if (r9d != __ebx) goto 0xadc23d;
				r9d = __eax;
				__r8 = __rbp + 0x4f4;
				__r9 = __r9 << 2;
				 *(__rbp + 0x150) = __rax;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				asm("push es");
				_pop(__rsp);
				 *__rax =  *__rax + __al;
				r15d =  *(__rbp + 0x150);
				__al = 1;
				r11d = 0;
				__eflags = 1;
				if (1 == 0) goto 0xadc46b;
				__rcx =  *(__rsp + 0x34);
				__rcx =  *(__rsp + 0x34) -  *(__rsp + 0x38);
				 *(__rsp + 0x34) = __rcx;
				if (1 != 0) goto 0xadbfb5;
				__rax =  *(__rsp + 0x48);
				 *(__rsp + 0x48) +  *(__rsp + 0x48) * 4 =  *(__rsp + 0x48) +  *(__rsp + 0x48) * 4 +  *(__rsp + 0x48) +  *(__rsp + 0x48) * 4;
				r13d = r13d - __eax;
				if (1 == 0) goto 0xadc49e;
				_t528 = __r13 - 1; // 0x0
				__ecx = _t528;
				__rax = 0x7ff600a70000;
				__rax =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + __rcx * 4));
				__eflags = 0x7ff600a70000;
				if (0x7ff600a70000 == 0) goto 0xadc46b;
				__eflags = 0x7ff600a70000 - 1;
				if (0x7ff600a70000 == 1) goto 0xadc49e;
				__eflags = r15d;
				if (r15d == 0) goto 0xadc49e;
				r8d = r11d;
				r9d = r11d;
				r10d = __eax;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x5236352000000884) =  *(__rbp + 0x5236352000000884) * __r10;
				__rcx =  *(__rbp + 0x5236352000000884) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x5236352000000884) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r15d;
				if (r9d != r15d) goto 0xadc3d3;
				__eflags = r8d;
				if (r8d == 0) goto 0xadc497;
				__eflags =  *(__rbp + 0x150) - 0x73;
				if ( *(__rbp + 0x150) - 0x73 >= 0) goto 0xadc46b;
				__rax =  *(__rbp + 0x150);
				 *(__rbp + 0x154 + __rax * 4) = r8d;
				r15d =  *(__rbp + 0x150);
				r15d = r15d + 1;
				 *(__rbp + 0x150) = r15d;
				goto 0xadc49e;
				 *(__rbp + 0x890) =  *(__rbp + 0x890) & 0x00000000;
				__r8 = __rbp + 0x894;
				 *(__rbp + 0x150) =  *(__rbp + 0x150) & 0x00000000;
				__rcx = __rbp + 0x154;
				r9d = 0;
				__rdx = 0x1cc;
				 *((intOrPtr*)(__rbx + __rcx * 4 - 0x43)) =  *((intOrPtr*)(__rbx + __rcx * 4 - 0x43)) + 1;
				_push(__rax);
				 *__rax =  *__rax + __rax;
				 *((intOrPtr*)(__rbp + 0x33)) =  *((intOrPtr*)(__rbp + 0x33)) + 1;
				asm("fild dword [ecx-0x76]");
				return r8d;
				goto 0xadc372;
				r9d = 0;
				 *(__rbp + 0x890) = r11d;
				__r8 = __rbp + 0x894;
				 *(__rbp + 0x150) = r11d;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = 1 + bpl;
				asm("fcomp dword [edx]");
				 *((intOrPtr*)(__rbp + 0x33)) =  *((intOrPtr*)(__rbp + 0x33)) + 1;
				asm("fild dword [ebx+ecx*4-0x43]");
				 *__rax =  *__rax + __rax;
				 *((intOrPtr*)(__rbp - 0x7b)) =  *((intOrPtr*)(__rbp - 0x7b)) + 1;
				asm("in al, 0xf");
				__eflags =  *(__rcx + 0x45000000) & __dl;
				__rax = __rbx;
				__eflags = r15d;
				if (r15d == 0) goto 0xadc4dc;
				__ecx = r8d;
				r8d = r8d + 1;
				__eax = r12d;
				__rdx =  *(__rbp + 0x154 + __rcx * 4);
				__rdx =  *(__rbp + 0x154 + __rcx * 4) + __rax;
				 *(__rbp + 0x154 + __rcx * 4) = __rdx;
				r15d =  *(__rbp + 0x150);
				__rdx = __rdx >> 0x20;
				r12d = r9d;
				__eflags = r8d - r15d;
				if (r8d != r15d) goto 0xadc4af;
				__eflags = r12d;
				if (r12d == 0) goto 0xadc538;
				__eflags = r15d - 0x73;
				if (r15d - 0x73 >= 0) goto 0xadc505;
				__eax = r15d;
				 *(__rbp + 0x154 + __rax * 4) = r12d;
				r15d =  *(__rbp + 0x150);
				r15d = r15d + 1;
				 *(__rbp + 0x150) = r15d;
				goto 0xadc538;
				r9d = 0;
				 *(__rbp + 0x890) = r11d;
				__r8 = __rbp + 0x894;
				 *(__rbp + 0x150) = r11d;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = 1 + bpl + bpl;
				__rdx = __rax;
				 *__rax =  *__rax + 1;
				r15d =  *(__rbp + 0x150);
				r11d = 0;
				__rax =  *((intOrPtr*)(__rsp + 0x58));
				r13d = 1;
				r12d =  *(__rsp + 0x40);
				 *((long long*)(__rbp + 0x4f4)) = 1;
				 *(__rsp + 0x30) = r13d;
				r12d = r12d -  *__rax;
				__eflags =  *__rax - r11d;
				__rax = 0xcccccccd;
				__al = 1 + bpl + bpl;
				 *((intOrPtr*)(0 + __rcx + 0x4d)) =  *((intOrPtr*)(0 + __rcx + 0x4d)) + 1;
				__al = 0x00000001 + bpl + bpl & 0x00000040;
				__edx = __eax * r12d >> 0x20;
				__eax = __eax * r12d;
				0x1cc = 0x1cc >> 3;
				 *(__rsp + 0x38) = 0x1cc >> 3;
				__rcx = 0x1cc >> 3;
				 *(__rsp + 0x34) = 0x1cc >> 3;
				__eflags = 0x1cc >> 3;
				if (0x1cc >> 3 == 0) goto 0xadc9c3;
				__rax = 0x1cc >> 3;
				__rdx = 0x26;
				return __eax;
				 *(__rsp + 0x48) = 0x1cc >> 3;
				__rdi = 0xbadbac;
				__rax = 0x7ff600a70000;
				__rcx =  *0x7FF6039C9A82 & 0x000000ff;
				__rsi =  *0x7FF6039C9A83 & 0x000000ff;
				__rbx = __rcx;
				__rbx = __rcx << 2;
				__r8 = __rbx;
				__rax = __rsi + __rcx;
				_t610 = __rbp + 0x894; // 0x895
				__rcx = _t610;
				 *(__rbp + 0x890) = __rax;
				__eax = E00007FF67FF600AA7EF0(__eax, __edx, _t610, 0x26, __rbx);
				__rcx = 0x7ff600a70000;
				__rsi = __rsi << 2;
				__rax =  *0x7FF6039C9A80 & 0x0000ffff;
				__rdx = 0x7ff600b122c0;
				_t617 = __rbp + 0x894; // 0x895
				__rcx = _t617;
				__r8 = __rsi;
				__rcx = _t617 + __rbx;
				__rdx = 0x7ff600b122c0 + ( *0x7FF6039C9A80 & 0x0000ffff) * 4;
				E00007FF67FF600AA7840();
				r10d =  *(__rbp + 0x890);
				__eflags = r10d - 1;
				if (r10d - 1 > 0) goto 0xadc706;
				__rax =  *((intOrPtr*)(__rbp + 0x894));
				__rbx = 0;
				__eflags = __rax;
				if (__rax != 0) goto 0xadc660;
				r9d = 0;
				 *(__rbp + 0x6c0) = 0;
				_t623 = __rbp + 0x6c4; // 0x6c5
				__r8 = _t623;
				 *(__rbp + 0x4f0) = 0;
				__rdx = 0x1cc;
				0x00000001 + bpl + bpl & 0x00000040 = (0x00000001 + bpl + bpl & 0x00000040) + bpl;
				__al = (0x00000001 + bpl + bpl & 0x00000040) + bpl & 0x00000059;
				 *__rax =  *__rax + ((0x00000001 + bpl + bpl & 0x00000040) + bpl & 0x00000059);
				r13d =  *(__rbp + 0x4f0);
				 *(__rsp + 0x30) = r13d;
				__al = 1;
				__rsi = 0x1cc;
				 *0xFFFFFFFFEF7401F8 =  *((intOrPtr*)(0xffffffffef7401f8)) + 1;
				__eflags = r13d;
				if (r13d == 0) goto 0xadc654;
				r8d = __ebx;
				r9d = __ebx;
				__r10 = __rax;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0xd236352000000c24) =  *(__rbp + 0xd236352000000c24) * __r10;
				__rcx =  *(__rbp + 0xd236352000000c24) * __r10 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0xd236352000000c24) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r13d;
				if (r9d != r13d) goto 0xadc673;
				__eflags = r8d;
				if (r8d == 0) goto 0xadc648;
				__eflags =  *(__rbp + 0x4f0) - 0x73;
				if (__eflags >= 0) goto 0xadc6cc;
				__rax =  *(__rbp + 0x4f0);
				 *(__rbp + 0x4f4 + __rax * 4) = r8d;
				r13d =  *(__rbp + 0x4f0);
				r13d = r13d + 1;
				 *(__rbp + 0x4f0) = r13d;
				goto 0xadc64f;
				r9d = 0;
				 *(__rbp + 0x890) = 0;
				_t643 = __rbp + 0x894; // 0x895
				__r8 = _t643;
				 *(__rbp + 0x4f0) = 0;
				__rdx = 0x1cc;
				1 = 1 + bpl;
				if (__eflags >= 0) goto 0xadc749;
				 *__rax =  *__rax + 1 + bpl;
				r13d =  *(__rbp + 0x4f0);
				__al = __bl;
				 *(__rsp + 0x30) = r13d;
				goto 0xadc656;
				_t647 = __rbp + 0x894; // 0x895
				__r8 = _t647;
				_t648 = __rbp + 0x4f4; // 0x4f5
				__rcx = _t648;
				__eflags = r13d - 1;
				if (r13d - 1 > 0) goto 0xadc81f;
				__rbx =  *((intOrPtr*)(__rbp + 0x4f4));
				__r9 = __r10;
				__rsi = 0x1cc;
				__rdx = 0x1cc;
				 *(__rbp + 0x4f0) = r10d;
				__eax = E00007FF67FF600AE1F6C(__rax, __rbx, _t648, 0x1cc, 0x1cc, _t647, __r9);
				__rdi = 0;
				__eflags = __rbx;
				if (__rbx != 0) goto 0xadc75f;
				 *(__rbp + 0x890) = 0;
				_t652 = __rbp + 0x894; // 0x895
				__r8 = _t652;
				 *(__rbp + 0x4f0) = 0;
				r9d = 0;
				goto 0xadc985;
				r13d =  *(__rbp + 0x4f0);
				 *(__rsp + 0x30) = r13d;
				__eflags = __rbx - 1;
				if (__rbx == 1) goto 0xadc9a0;
				__eflags = r13d;
				if (r13d == 0) goto 0xadc9a0;
				r8d = __edi;
				r9d = __edi;
				__r10 = __rbx;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x4f4 + __rdx * 4) =  *(__rbp + 0x4f4 + __rdx * 4) * __rbx;
				__rcx =  *(__rbp + 0x4f4 + __rdx * 4) * __rbx + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x4f4 + __rdx * 4) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r13d;
				if (r9d != r13d) goto 0xadc786;
				__eflags = r8d;
				if (r8d == 0) goto 0xadc994;
				__eflags =  *(__rbp + 0x4f0) - 0x73;
				if ( *(__rbp + 0x4f0) - 0x73 >= 0) goto 0xadc7e6;
				__rax =  *(__rbp + 0x4f0);
				 *(__rbp + 0x4f4 + __rax * 4) = r8d;
				r13d =  *(__rbp + 0x4f0);
				r13d = r13d + 1;
				 *(__rbp + 0x4f0) = r13d;
				goto 0xadc99b;
				r9d = 0;
				 *(__rbp + 0x890) = 0;
				_t670 = __rbp + 0x894; // 0x895
				__r8 = _t670;
				 *(__rbp + 0x4f0) = 0;
				__rdx = __rsi;
				_t672 = __rbp + 0x4f4; // 0x4f5
				__rcx = _t672;
				__eax = E00007FF67FF600AE1F6C(__rax, __rbx, __rcx, __rsi, __rsi, __r8, __r9);
				r13d =  *(__rbp + 0x4f0);
				__al = dil;
				 *(__rsp + 0x30) = r13d;
				goto 0xadc9a2;
				__eflags = r10d - r13d;
				_t675 = __rbp + 0x894; // 0x895
				__rdx = _t675;
				__ebx = r13d;
				__rdx =  >=  ? __rcx : _t675;
				__ebx =  <  ? r10d : r13d;
				__eax = __eax & 0xffffff00 | r10d - r13d > 0x00000000;
				 *(__rsp + 0x68) = __rdx;
				_t679 = __rbp + 0x4f4; // 0x4f5
				__rcx = _t679;
				 *(__rsp + 0x30) = __rbx;
				__rcx =  >=  ? __r8 : _t679;
				__eflags = __al;
				r10d =  !=  ? r13d : r10d;
				__rax = 0;
				r9d = 0;
				 *(__rbp + 0x6c0) = 0;
				__eflags = __rbx;
				if (__rbx == 0) goto 0xadc96c;
				__r13 = __rcx;
				__eflags = __rsi;
				if (__rsi != 0) goto 0xadc88f;
				__eflags = r9d - __eax;
				if (r9d != __eax) goto 0xadc960;
				 *(__rbp + 0x6c4 + __r9 * 4) =  *(__rbp + 0x6c4 + __r9 * 4) &  *(__rdx + __r9 * 4);
				_t690 = __r9 + 1; // 0x1
				__eax = _t690;
				 *(__rbp + 0x6c0) = 0;
				goto 0xadc960;
				r11d = 0;
				r8d = r9d;
				__eflags = r10d;
				if (r10d == 0) goto 0xadc951;
				__ebx = r9d;
				__rbx =  ~__rbx;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadc900;
				__edi = r8d;
				__eflags = r8d - _t690;
				if (r8d != _t690) goto 0xadc8c3;
				 *(__rbp + 0x6c4) =  *(__rbp + 0x6c4) & 0x00000000;
				_t698 = __r8 + 1; // 0x1
				__eax = _t698;
				 *(__rbp + 0x6c0) = 0;
				__eax = __rbx + __r8;
				r8d = r8d + 1;
				__edx =  *__r13;
				__eax = r11d;
				__rdx = __rdx * __rsi;
				__rdx = __rdx;
				__rax =  *(__rbp + 0x6c4);
				__rdx = __rdx +  *(__rbp + 0x6c4);
				__eax = __rbx + __r8;
				__r11 = __rdx;
				 *(__rbp + 0x6c4) = __rdx;
				__r11 = __rdx >> 0x20;
				__eflags = __eax - r10d;
				__rax =  *(__rbp + 0x6c0);
				if (__eax != r10d) goto 0xadc8a3;
				__eflags = r11d;
				if (r11d == 0) goto 0xadc94d;
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadc94d;
				__edx = r8d;
				__eflags = r8d - __eax;
				if (r8d != __eax) goto 0xadc925;
				 *(__rbp + 0x6c4 + __rdx * 4) =  *(__rbp + 0x6c4 + __rdx * 4) & 0x00000000;
				_t717 = __r8 + 1; // 0x2
				__eax = _t717;
				__rax =  *(__rbp + 0x6c4 + __rdx * 4);
				r8d = r8d + 1;
				__ecx = r11d;
				__rcx = __rcx +  *(__rbp + 0x6c4 + __rdx * 4);
				 *(__rbp + 0x6c4 + __rdx * 4) = __rcx;
				__rax =  *(__rbp + 0x6c0);
				__rcx = __rcx >> 0x20;
				__eflags = __rcx;
				if (__rcx != 0) goto 0xadc905;
				__rbx =  *(__rsp + 0x30);
				__eflags = r8d - 0x73;
				if (r8d == 0x73) goto 0xadca2b;
				__rdx =  *(__rsp + 0x68);
				r9d = r9d + 1;
				__eflags = r9d - r9d;
				if (r9d != r9d) goto 0xadc867;
				r9d = _t717;
				_t728 = __rbp + 0x6c4; // 0x6c5
				__r8 = _t728;
				__r9 = __r9 << 2;
				__rsi = 0x1cc;
				 *__rax =  *__rax + __al;
				__rdx = 0x1cc;
				_t729 = __rbp + 0x4f4; // 0x4f5
				__rcx = _t729;
				__eax = E00007FF67FF600AE1F6C(__rax, __rbx, _t729, 0x1cc, 0x1cc, _t728, __r9);
				r13d =  *(__rbp + 0x4f0);
				 *(__rsp + 0x30) = r13d;
				__al = 1;
				r11d = 0;
				__eflags = 1;
				if (1 == 0) goto 0xadca67;
				__rcx =  *(__rsp + 0x34);
				__rcx =  *(__rsp + 0x34) -  *(__rsp + 0x48);
				 *(__rsp + 0x34) = __rcx;
				if (1 != 0) goto 0xadc58a;
				__rax =  *(__rsp + 0x38);
				 *(__rsp + 0x38) +  *(__rsp + 0x38) * 4 =  *(__rsp + 0x38) +  *(__rsp + 0x38) * 4 +  *(__rsp + 0x38) +  *(__rsp + 0x38) * 4;
				r12d = r12d - __eax;
				if (1 == 0) goto 0xadca17;
				__ecx = __r12 - 1;
				__rax = 0x7ff600a70000;
				__rax =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + __rcx * 4));
				__eflags = 0x7ff600a70000;
				if (0x7ff600a70000 != 0) goto 0xadca6c;
				r9d = 0;
				 *(__rbp - 0x80) = r11d;
				_t744 = __rbp - 0x7c; // -123
				__r8 = _t744;
				 *(__rbp + 0x4f0) = r11d;
				__rdx = 0x1cc;
				1 = 1 + bpl;
				asm("popad");
				 *((intOrPtr*)(0x7ff600a70000)) =  *((intOrPtr*)(0x7ff600a70000)) + 1 + bpl;
				r13d =  *(__rbp + 0x4f0);
				 *(__rsp + 0x30) = r13d;
				r11d = 0;
				__eflags = r15d;
				if (r15d != 0) goto 0xadcb58;
				__edx = r11d;
				goto 0xadcb77;
				 *(__rbp - 0x80) =  *(__rbp - 0x80) & 0x00000000;
				_t750 = __rbp - 0x7c; // -123
				__r8 = _t750;
				 *(__rbp + 0x4f0) =  *(__rbp + 0x4f0) & 0x00000000;
				_t753 = __rbp + 0x4f4; // 0x4f5
				__rcx = _t753;
				__rsi = 0x1cc;
				asm("salc");
				__eax = E00007FF67FF600AE1F6C(__rax, __rbx, _t753, 0x1cc, 0x1cc, _t750, __r9, __rbp);
				r13d =  *(__rbp + 0x4f0);
				r11d = 0;
				__al = r11b;
				 *(__rsp + 0x30) = r13d;
				goto 0xadc9a5;
				__rdx = __rsi;
				goto 0xadcae4;
				__eflags = 0x7ff600a70000 - 1;
				if (0x7ff600a70000 == 1) goto 0xadca17;
				__eflags = r13d;
				if (r13d == 0) goto 0xadca17;
				r8d = r11d;
				r9d = r11d;
				__r10 = 0x7ff600a70000;
				__edx = r9d;
				r9d = r9d + 1;
				__eax = r8d;
				 *(__rbp + 0x4f4 + __rdx * 4) =  *(__rbp + 0x4f4 + __rdx * 4) * 0x7ff600a70000;
				__rcx =  *(__rbp + 0x4f4 + __rdx * 4) * 0x7ff600a70000 + __rax;
				__r8 = __rcx;
				 *(__rbp + 0x4f4 + __rdx * 4) = __rcx;
				__r8 = __rcx >> 0x20;
				__eflags = r9d - r13d;
				if (r9d != r13d) goto 0xadca7f;
				__eflags = r8d;
				if (r8d == 0) goto 0xadca0b;
				__eflags =  *(__rbp + 0x4f0) - 0x73;
				if ( *(__rbp + 0x4f0) - 0x73 >= 0) goto 0xadcadf;
				__rax =  *(__rbp + 0x4f0);
				 *(__rbp + 0x4f4 + __rax * 4) = r8d;
				r13d =  *(__rbp + 0x4f0);
				r13d = r13d + 1;
				 *(__rbp + 0x4f0) = r13d;
				goto 0xadca12;
				__rdx = 0x1cc;
				 *(__rbp - 0x80) = __rbx;
				_t770 = __rbp - 0x7c; // -123
				__r8 = _t770;
				 *(__rbp + 0x4f0) = r11d;
				_t772 = __rbp + 0x4f4; // 0x4f5
				__rcx = _t772;
				__eax = E00007FF67FF600AE1F6C(__rax, __rbx, _t772, 0x1cc, __rsi, __r8, __r9);
				__rax =  *((intOrPtr*)(__rsp + 0x58));
				__bl =  *( *((intOrPtr*)(__rsp + 0x58)) + 0x308);
				__rax =  *((intOrPtr*)(__rsp + 0x60));
				__rcx = __rax;
				__eflags =  *((char*)(__rax + 8));
				if ( *((char*)(__rax + 8)) == 0) goto 0xadcb3a;
				__eax = E00007FF67FF600ADAB20(__eax, __rcx);
				__bl =  ~( *( *((intOrPtr*)(__rsp + 0x58)) + 0x308));
				__rdx = 0;
				asm("dec eax");
				__rcx = __rcx & 0x00000000;
				__rcx = __rcx & 0x00000000;
				 *__rax = __rcx;
				goto 0xadcb4e;
				__eax = E00007FF67FF600ADAB5C(__eax, __rcx);
				__bl =  ~( ~( *( *((intOrPtr*)(__rsp + 0x58)) + 0x308)));
				__rdx = 0x80000000;
				__rcx = __rcx & 0x80000000;
				 *__rax = __rcx;
				__rax = 0x2;
				 *((intOrPtr*)(__rcx - 0x73)) =  *((intOrPtr*)(__rcx - 0x73)) + __al;
				 *((long long*)(__rcx + 0x5c + __rcx * 4)) =  *((long long*)(__rcx + 0x5c + __rcx * 4)) + 1;
				__al = __al & 0x00000048;
				asm("bsr eax, [ebp+edx*4+0x154]");
				if (__eflags == 0) goto 0xadcb6f;
				__rax = 0x459e900000003;
				goto 0xadcb72;
				__eax = r11d;
				0x80000000 << 5 = 0x459e900badbaf;
				__eflags = r13d;
				if (__eflags != 0) goto 0xadcb81;
				__ecx = r11d;
				goto 0xadcba0;
				_t785 = __r13 - 1; // -1
				__ecx = _t785;
				 *(__rsp + 0x48) = r11d;
				asm("bsr eax, [ebp+ecx*4+0x4f4]");
				if (__eflags == 0) goto 0xadcb98;
				__rax = 0x459e900000004;
				goto 0xadcb9b;
				__eax = r11d;
				__rcx = __rcx << 5;
				__rcx = __rcx + 0x459e900000004;
				__rax = __rcx;
				r8d = 0xffffffff;
				__rax = __rcx - 0x80000000;
				r12d = 0x20;
				__eflags = 0x459e900badbaf - __rcx;
				asm("sbb ebx, ebx");
				__rbx = __rbx & __rax;
				 *(__rsp + 0x40) = __rbx;
				if (__eflags <= 0) goto 0xadcd10;
				__eax = r12d;
				 *(__rsp + 0x34) = r11d;
				__rsi = __rbx;
				__edi = __r12 - 0x1f;
				__rsi = __rbx & 0x0000001f;
				r8d = __ebx;
				__rax = __rax - __rsi;
				r8d = r8d >> 5;
				__rcx = __rax;
				 *(__rsp + 0x48) = __rax;
				0 << __cl = (0 << __cl) - 1;
				__rax = (0 << __cl) - 1;
				__rax =  !((0 << __cl) - 1);
				 *(__rsp + 0x38) = __rax;
				_t792 = __r15 - 1; // -1
				__eax = _t792;
				asm("bsr ecx, [ebp+eax*4+0x154]");
				if (__eflags == 0) goto 0xadcc00;
				__rcx = __rcx + 1;
				goto 0xadcc03;
				__ecx = r11d;
				__eax = __r15 + __r8;
				__eflags = __rax - 0x73;
				if (__rax - 0x73 <= 0) goto 0xadcc3e;
				r9d = 0;
				 *(__rbp - 0x80) = r11d;
				_t795 = __rbp - 0x7c; // -123
				__r8 = _t795;
				 *(__rbp + 0x150) = r11d;
				__rdx = 0x1cc;
				 *__rax =  *__rax + __rax;
				__al = __al + bpl;
				__eflags = __rax - 0x44000053;
				__rdi =  *(__rbp + 0x150);
				r11d = 0;
				goto 0xadcd0a;
				__edx = r11d;
				__eax = r12d;
				__rax = __rax - __rcx;
				__eflags = __rsi - __rax;
				r11d & 0xffffff00 | __rsi - __rax > 0x00000000 = (r11d & 0xffffff00 | __rsi - __rax > 0x00000000) + r8d;
				__edx = (r11d & 0xffffff00 | __rsi - __rax > 0x00000000) + r8d + r15d;
				 *(__rsp + 0x34) = 0x1cc;
				__eflags = 0x1cc - 0x73;
				if (0x1cc - 0x73 > 0) goto 0xadcc0c;
				__eax = __r8 - 1;
				_t802 = __rdx - 1; // -1
				r11d = _t802;
				__eflags = r11d - __r8 - 1;
				if (r11d == __r8 - 1) goto 0xadcce5;
				__rbx =  *(__rsp + 0x48);
				r12d = __r8 - 1;
				__rdx =  *(__rsp + 0x38);
				r13d = 0xffffffff;
				__eax = r11d;
				__eax = r11d - r8d;
				_t806 = __rax - 1; // -2
				__rcx = _t806;
				__eflags = __eax - r15d;
				if (__eax - r15d >= 0) goto 0xadcc91;
				r10d =  *(__rbp + 0x154 + __rax * 4);
				goto 0xadcc94;
				r10d = 0;
				__eflags = r11d - r15d;
				if (r11d - r15d >= 0) goto 0xadcca3;
				r9d =  *(__rbp + 0x154 + _t806 * 4);
				goto 0xadcca6;
				r9d = 0;
				r9d = r9d & __edx;
				__rcx =  *(__rsp + 0x48);
				r9d = r9d >> __cl;
				r10d = r10d & __edi;
				__rcx = __rsi;
				r10d = r10d << __cl;
				r9d = r9d | r10d;
				 *(__rbp + 0x154 + __r11 * 4) = r9d;
				r11d = r11d + r13d;
				__eflags = r11d - r12d;
				if (r11d == r12d) goto 0xadccd2;
				r15d =  *(__rbp + 0x150);
				goto 0xadcc79;
				r13d =  *(__rsp + 0x30);
				r12d = 0x20;
				__rdx =  *(__rsp + 0x34);
				__rbx =  *(__rsp + 0x40);
				r11d = 0;
				__ecx = r11d;
				__eflags = r8d;
				if (r8d == 0) goto 0xadcd01;
				__rax = __rcx;
				__rcx = __rcx + 1;
				 *(__rbp + 0x154 + __rax * 4) = r11d;
				__eflags = __ecx - r8d;
				if (__ecx != r8d) goto 0xadccf0;
				r15d = __edx;
				 *(__rbp + 0x150) =  *(__rsp + 0x34);
				r8d = 0xffffffff;
				__rax =  *(__rsp + 0x50);
				__rdi =  *(__rsp + 0x3c);
				__rax =  *(__rsp + 0x50) - __rdi;
				 *(__rsp + 0x50) = __rax;
				r10d = __eax;
				__eflags = __rdi;
				if (__rdi == 0) goto 0xadcd40;
				__eflags = __rbx - __rax;
				if (__rbx - __rax <= 0) goto 0xadcd3d;
				__rdx =  *((intOrPtr*)(__rsp + 0x60));
				r9b = 1;
				 *((long long*)(__rsp + 0x20)) =  *((intOrPtr*)(__rsp + 0x60));
				__rdx = __rdi;
				goto 0xadcf99;
				r10d = r10d - __ebx;
				__eflags = r15d - r13d;
				if (__eflags > 0) goto 0xadcd84;
				if (__eflags >= 0) goto 0xadcd4b;
				__cl = 1;
				goto 0xadcd87;
				_t829 = __r15 - 1; // -1
				__edx = _t829;
				__eflags = __edx - r8d;
				if (__edx == r8d) goto 0xadcd84;
				__rax =  *(__rbp + 0x4f4 + __rdx * 4);
				__eflags =  *(__rbp + 0x154 + __rdx * 4) -  *(__rbp + 0x4f4 + __rdx * 4);
				if ( *(__rbp + 0x154 + __rdx * 4) !=  *(__rbp + 0x4f4 + __rdx * 4)) goto 0xadcd6c;
				__edx = __edx + r8d;
				__eflags = __edx - r8d;
				if (__edx != r8d) goto 0xadcd54;
				__eflags = __edx - r8d;
				if (__edx == r8d) goto 0xadcd84;
				__rax =  *(__rbp + 0x4f4 + __rdx * 4);
				__eflags =  *(__rbp + 0x154 + __rdx * 4) -  *(__rbp + 0x4f4 + __rdx * 4);
				__ecx = __ecx & 0xffffff00 |  *(__rbp + 0x154 + __rdx * 4) -  *(__rbp + 0x4f4 + __rdx * 4) < 0x00000000;
				goto 0xadcd87;
				__cl = r11b;
				__eflags = __cl;
				 *(__rsp + 0x38) = r11d;
				__rax = __rbx + 1;
				r9d = r10d;
				__rbx =  !=  ? __rbx + 1 : __rbx;
				r13d = r12d;
				r10d = r10d & 0x0000001f;
				r9d = r9d >> 5;
				r13d = r13d - r10d;
				 *(__rsp + 0x40) = __rbx;
				__ecx = r13d;
				__rsi = 0x1;
				asm("into");
				0x1 =  !0x1;
				 *(__rsp + 0x48) = 0x1;
				_t848 = __r15 - 1; // -1
				__eax = _t848;
				asm("bsr ecx, [ebp+eax*4+0x154]");
				if (__cl == 0) goto 0xadcdd0;
				__rcx = __rcx + 1;
				goto 0xadcdd3;
				__ecx = r11d;
				__eax = __r15 + __r9;
				__eflags = 0x1 - 0x73;
				if (0x1 - 0x73 <= 0) goto 0xadce04;
				r9d = 0;
				 *(__rbp - 0x80) = r11d;
				_t851 = __rbp - 0x7c; // -123
				__r8 = _t851;
				 *(__rbp + 0x150) = r11d;
				__rdx = 0x1cc;
				 *0x1 =  *0x1 + 0x1;
				__al = __al + bpl;
				asm("insd");
				 *0x1 =  *0x1 + __al;
				goto 0xadceb4;
				r12d = r12d - __ecx;
				__edx = r11d;
				__eflags = r10d - r12d;
				r11d & 0xffffff00 | r10d - r12d > 0x00000000 = (r11d & 0xffffff00 | r10d - r12d > 0x00000000) + r9d;
				__edx = (r11d & 0xffffff00 | r10d - r12d > 0x00000000) + r9d + r15d;
				 *(__rsp + 0x38) = 0x1cc;
				__eflags = 0x1cc - 0x73;
				if (0x1cc - 0x73 > 0) goto 0xadcddc;
				r12d = __r9 - 1;
				_t857 = __rdx - 1; // -1
				r11d = _t857;
				__eflags = r11d - r12d;
				if (r11d == r12d) goto 0xadce98;
				__rbx =  *(__rsp + 0x48);
				__rdx = 0xffffffff;
				__rax =  !0x1 - __rcx;
				_t859 = __rax - 1; // -2
				__rcx = _t859;
				__eflags = __r15 + __r9 - r15d;
				if (__r15 + __r9 - r15d >= 0) goto 0xadce4c;
				__rdi =  *((intOrPtr*)(__rbp + 0xff9b4d2000000158));
				goto 0xadce4e;
				__rdi = 0;
				__eflags = __ecx - r15d;
				if (__ecx - r15d >= 0) goto 0xadce5d;
				r8d =  *(__rbp + 0x154 + _t859 * 4);
				goto 0xadce60;
				r8d = 0;
				r8d = r8d & __ebx;
				__ecx = r13d;
				r8d = r8d >> __cl;
				__rdi = 0;
				__ecx = r10d;
				__rdi = 0 << __cl;
				r8d = r8d | __edi;
				 *(__rbp + 0x154 + __r11 * 4) = r8d;
				r11d = r11d + (r11d & 0xffffff00 | r10d - r12d > 0x00000000) + r9d + r15d;
				__eflags = r11d - r12d;
				if (r11d == r12d) goto 0xadce8c;
				r15d =  *(__rbp + 0x150);
				goto 0xadce35;
				__rdx =  *(__rsp + 0x38);
				__rbx =  *(__rsp + 0x40);
				__rdi =  *(__rsp + 0x3c);
				__rcx = 0;
				__eflags = r9d;
				if (r9d == 0) goto 0xadceae;
				 *(__rbp + 0x154) =  *(__rbp + 0x154) & 0x00000000;
				__rcx = 1;
				__eflags = __ecx - r9d;
				if (__ecx != r9d) goto 0xadce9f;
				 *(__rbp + 0x150) =  *(__rsp + 0x38);
				_t880 = __rbp + 0x4f0; // 0x4f1
				__rdx = _t880;
				_t881 = __rbp + 0x150; // 0x151
				__rcx = _t881;
				__eax = E00007FF67FF600ADD110(__ecx, __rax, _t881, _t880, 0x7ff600a70000, __r13, _t881, 0);
				__eflags =  *(__rbp + 0x150);
				__rdx = __rax;
				__rax = 0xffffffff;
				__eflags = __rdx - 0xffffffff;
				if (__eflags <= 0) goto 0xadcef6;
				__rdx = __rdx >> 0x20;
				asm("bsr ecx, ecx");
				if (__eflags == 0) goto 0xadceef;
				__rcx = (__rdx >> 0x20) + 1;
				goto 0xadcef1;
				0 = 0x20;
				goto 0xadcf01;
				asm("bsr ecx, edx");
				if (__eflags == 0) goto 0xadceff;
				__rcx = 0x21;
				goto 0xadcf01;
				__rcx = 0;
				__rsi =  *(__rsp + 0x50);
				__eflags = 0 - __rsi;
				if (0 - __rsi <= 0) goto 0xadcf2b;
				__rcx = 0 - __rsi;
				__eflags = r9b;
				if (r9b == 0) goto 0xadcf25;
				0x1 = 0x48e0d34800000000;
				__eflags = __rdx & 0x48e0d34800000000;
				if ((__rdx & 0x48e0d34800000000) != 0) goto 0xadcf25;
				r9b = 1;
				goto 0xadcf28;
				r9b = 0;
				__rdx = __rdx >> __cl;
				r11d = 0;
				__rax = __rdi - 2;
				__eflags = r14d;
				__rcx = __rsi;
				__rbx =  !( *(__rsp + 0x40));
				r11d =  !=  ?  *((void*)(__rbp + 0x324)) : r11d;
				r8d = 0;
				__eflags = r14d - 1;
				r8d =  >  ?  *((void*)(__rbp + 0x328)) : r8d;
				__eflags = __rdi;
				r10d = r8d;
				__rbx =  !=  ? __rax :  !( *(__rsp + 0x40));
				__r10 = 0x7ff600a70000 << 0x20;
				__eax = r11d;
				__r10 = (0x7ff600a70000 << 0x20) + __rax;
				__rax =  *((intOrPtr*)(__rsp + 0x58));
				__r10 = __r10 << __cl;
				r8b =  *(__rax + 0x308);
				__rcx = __rdx + __r10;
				__rdx =  *((intOrPtr*)(__rsp + 0x60));
				 *((long long*)(__rsp + 0x20)) =  *((intOrPtr*)(__rsp + 0x60));
				__rdx = __rbx;
				__eax = E00007FF67FF600ADABC8(__ecx, __edx, __rax, __rbx, __rcx, __r11);
				goto 0xadcfb1;
				__eflags = __rax;
				__rdx =  *((intOrPtr*)(__rsp + 0x60));
				r9b = __rax != 0;
				 *((long long*)(__rsp + 0x20)) =  *((intOrPtr*)(__rsp + 0x60));
				__rdx = __rcx;
				__rax =  *((intOrPtr*)(__rsp + 0x58));
				_t897 = __rbp + 0x320; // 0x321
				__rcx = _t897;
				r8b =  *(__rax + 0x308);
				__eax = E00007FF67FF600ADAF68(__edx, __rax, __rbx, _t897, __rdx, __rsi, __rbp, __r8);
				__rcx =  *(__rbp + 0xa60);
				__rcx =  *(__rbp + 0xa60) ^ __rsp;
				__eflags = __rcx;
				__eax = E00007FF67FF600AA5980(__eax, __ecx, __rcx);
				__rbx =  *((intOrPtr*)(__rsp + 0xbc0));
				__rsp = __rsp + 0xb70;
				_pop(__r15);
				_pop(__r14);
				_pop(__r13);
				_pop(__r12);
				_pop(__rdi);
				_pop(__rsi);
				_pop(__rbp);
				return __eax;
			}























                                                0x7ff600adb18c
                                                0x7ff600adb19c
                                                0x7ff600adb1a4
                                                0x7ff600adb1ab
                                                0x7ff600adb1b2
                                                0x7ff600adb1b5
                                                0x7ff600adb1c6
                                                0x7ff600adb1ce
                                                0x7ff600adb1d3
                                                0x7ff600adb1d6
                                                0x7ff600adb1db
                                                0x7ff600adb1e0
                                                0x7ff600adb1e3
                                                0x7ff600adb1e9
                                                0x7ff600adb1f1
                                                0x7ff600adb1f8
                                                0x7ff600adb1fc
                                                0x7ff600adb209
                                                0x7ff600adb20c
                                                0x7ff600adb20f
                                                0x7ff600adb212
                                                0x7ff600adb215
                                                0x7ff600adb217
                                                0x7ff600adb21a
                                                0x7ff600adb223
                                                0x7ff600adb228
                                                0x7ff600adb22b
                                                0x7ff600adb22f
                                                0x7ff600adb237
                                                0x7ff600adb23e
                                                0x7ff600adb248
                                                0x7ff600adb251
                                                0x7ff600adb253
                                                0x7ff600adb256
                                                0x7ff600adb25c
                                                0x7ff600adb276
                                                0x7ff600adb284
                                                0x7ff600adb289
                                                0x7ff600adb292
                                                0x7ff600adb29a
                                                0x7ff600adb2a2
                                                0x7ff600adb2a9
                                                0x7ff600adb2ac
                                                0x7ff600adb2b3
                                                0x7ff600adb2b5
                                                0x7ff600adb2b8
                                                0x7ff600adb2bf
                                                0x7ff600adb2c1
                                                0x7ff600adb2d0
                                                0x7ff600adb2d8
                                                0x7ff600adb2da
                                                0x7ff600adb2e1
                                                0x7ff600adb2eb
                                                0x7ff600adb2f3
                                                0x7ff600adb301
                                                0x7ff600adb306
                                                0x7ff600adb30c
                                                0x7ff600adb311
                                                0x7ff600adb319
                                                0x7ff600adb320
                                                0x7ff600adb323
                                                0x7ff600adb32a
                                                0x7ff600adb32c
                                                0x7ff600adb32f
                                                0x7ff600adb336
                                                0x7ff600adb339
                                                0x7ff600adb344
                                                0x7ff600adb34a
                                                0x7ff600adb351
                                                0x7ff600adb35a
                                                0x7ff600adb369
                                                0x7ff600adb36c
                                                0x7ff600adb372
                                                0x7ff600adb374
                                                0x7ff600adb378
                                                0x7ff600adb37a
                                                0x7ff600adb380
                                                0x7ff600adb383
                                                0x7ff600adb386
                                                0x7ff600adb389
                                                0x7ff600adb38b
                                                0x7ff600adb38f
                                                0x7ff600adb391
                                                0x7ff600adb393
                                                0x7ff600adb39b
                                                0x7ff600adb3a3
                                                0x7ff600adb3a5
                                                0x7ff600adb3a9
                                                0x7ff600adb3ac
                                                0x7ff600adb3af
                                                0x7ff600adb3b6
                                                0x7ff600adb3bc
                                                0x7ff600adb3c1
                                                0x7ff600adb3c8
                                                0x7ff600adb3cc
                                                0x7ff600adb3d4
                                                0x7ff600adb3db
                                                0x7ff600adb3e2
                                                0x7ff600adb3e5
                                                0x7ff600adb3e8
                                                0x7ff600adb3ec
                                                0x7ff600adb3f1
                                                0x7ff600adb3f8
                                                0x7ff600adb3fc
                                                0x7ff600adb402
                                                0x7ff600adb408
                                                0x7ff600adb40b
                                                0x7ff600adb40d
                                                0x7ff600adb40f
                                                0x7ff600adb412
                                                0x7ff600adb419
                                                0x7ff600adb41e
                                                0x7ff600adb421
                                                0x7ff600adb427
                                                0x7ff600adb42a
                                                0x7ff600adb430
                                                0x7ff600adb433
                                                0x7ff600adb436
                                                0x7ff600adb439
                                                0x7ff600adb43c
                                                0x7ff600adb43f
                                                0x7ff600adb449
                                                0x7ff600adb44d
                                                0x7ff600adb450
                                                0x7ff600adb453
                                                0x7ff600adb45a
                                                0x7ff600adb45e
                                                0x7ff600adb461
                                                0x7ff600adb463
                                                0x7ff600adb466
                                                0x7ff600adb468
                                                0x7ff600adb46f
                                                0x7ff600adb471
                                                0x7ff600adb477
                                                0x7ff600adb47f
                                                0x7ff600adb486
                                                0x7ff600adb489
                                                0x7ff600adb490
                                                0x7ff600adb495
                                                0x7ff600adb498
                                                0x7ff600adb49f
                                                0x7ff600adb4a2
                                                0x7ff600adb4a7
                                                0x7ff600adb4ae
                                                0x7ff600adb4b3
                                                0x7ff600adb4b7
                                                0x7ff600adb4bd
                                                0x7ff600adb4c6
                                                0x7ff600adb4ca
                                                0x7ff600adb4cd
                                                0x7ff600adb4d4
                                                0x7ff600adb4d7
                                                0x7ff600adb4da
                                                0x7ff600adb4e5
                                                0x7ff600adb4e7
                                                0x7ff600adb4eb
                                                0x7ff600adb4ed
                                                0x7ff600adb4f4
                                                0x7ff600adb4f9
                                                0x7ff600adb4fb
                                                0x7ff600adb4fe
                                                0x7ff600adb505
                                                0x7ff600adb50a
                                                0x7ff600adb510
                                                0x7ff600adb515
                                                0x7ff600adb51c
                                                0x7ff600adb51f
                                                0x7ff600adb521
                                                0x7ff600adb527
                                                0x7ff600adb52a
                                                0x7ff600adb530
                                                0x7ff600adb533
                                                0x7ff600adb539
                                                0x7ff600adb53c
                                                0x7ff600adb53f
                                                0x7ff600adb542
                                                0x7ff600adb545
                                                0x7ff600adb548
                                                0x7ff600adb552
                                                0x7ff600adb556
                                                0x7ff600adb559
                                                0x7ff600adb55c
                                                0x7ff600adb563
                                                0x7ff600adb567
                                                0x7ff600adb56a
                                                0x7ff600adb56c
                                                0x7ff600adb571
                                                0x7ff600adb574
                                                0x7ff600adb57b
                                                0x7ff600adb57e
                                                0x7ff600adb585
                                                0x7ff600adb589
                                                0x7ff600adb590
                                                0x7ff600adb594
                                                0x7ff600adb599
                                                0x7ff600adb59c
                                                0x7ff600adb5a3
                                                0x7ff600adb5a7
                                                0x7ff600adb5aa
                                                0x7ff600adb5ac
                                                0x7ff600adb5b1
                                                0x7ff600adb5b8
                                                0x7ff600adb5bb
                                                0x7ff600adb5bf
                                                0x7ff600adb5c2
                                                0x7ff600adb5c5
                                                0x7ff600adb5cb
                                                0x7ff600adb5ce
                                                0x7ff600adb5d1
                                                0x7ff600adb5d3
                                                0x7ff600adb5d5
                                                0x7ff600adb5d8
                                                0x7ff600adb5de
                                                0x7ff600adb5de
                                                0x7ff600adb5e2
                                                0x7ff600adb5ea
                                                0x7ff600adb5f1
                                                0x7ff600adb5f6
                                                0x7ff600adb5f9
                                                0x7ff600adb5fc
                                                0x7ff600adb602
                                                0x7ff600adb605
                                                0x7ff600adb607
                                                0x7ff600adb60b
                                                0x7ff600adb60d
                                                0x7ff600adb610
                                                0x7ff600adb613
                                                0x7ff600adb615
                                                0x7ff600adb61d
                                                0x7ff600adb61d
                                                0x7ff600adb621
                                                0x7ff600adb627
                                                0x7ff600adb62b
                                                0x7ff600adb62e
                                                0x7ff600adb631
                                                0x7ff600adb634
                                                0x7ff600adb638
                                                0x7ff600adb63b
                                                0x7ff600adb642
                                                0x7ff600adb645
                                                0x7ff600adb649
                                                0x7ff600adb64c
                                                0x7ff600adb653
                                                0x7ff600adb65a
                                                0x7ff600adb65e
                                                0x7ff600adb661
                                                0x7ff600adb663
                                                0x7ff600adb668
                                                0x7ff600adb66a
                                                0x7ff600adb66d
                                                0x7ff600adb66f
                                                0x7ff600adb673
                                                0x7ff600adb679
                                                0x7ff600adb67c
                                                0x7ff600adb67f
                                                0x7ff600adb681
                                                0x7ff600adb689
                                                0x7ff600adb689
                                                0x7ff600adb68d
                                                0x7ff600adb693
                                                0x7ff600adb69a
                                                0x7ff600adb69d
                                                0x7ff600adb6a0
                                                0x7ff600adb6a3
                                                0x7ff600adb6aa
                                                0x7ff600adb6b1
                                                0x7ff600adb6b8
                                                0x7ff600adb6ba
                                                0x7ff600adb6bc
                                                0x7ff600adb6bf
                                                0x7ff600adb6c3
                                                0x7ff600adb6c9
                                                0x7ff600adb6ce
                                                0x7ff600adb6d3
                                                0x7ff600adb6d6
                                                0x7ff600adb6d9
                                                0x7ff600adb6df
                                                0x7ff600adb6e2
                                                0x7ff600adb6e6
                                                0x7ff600adb6ed
                                                0x7ff600adb6f0
                                                0x7ff600adb6fb
                                                0x7ff600adb6fd
                                                0x7ff600adb701
                                                0x7ff600adb703
                                                0x7ff600adb70a
                                                0x7ff600adb70f
                                                0x7ff600adb711
                                                0x7ff600adb714
                                                0x7ff600adb71b
                                                0x7ff600adb720
                                                0x7ff600adb726
                                                0x7ff600adb72b
                                                0x7ff600adb732
                                                0x7ff600adb735
                                                0x7ff600adb73a
                                                0x7ff600adb73c
                                                0x7ff600adb743
                                                0x7ff600adb745
                                                0x7ff600adb74b
                                                0x7ff600adb750
                                                0x7ff600adb759
                                                0x7ff600adb75b
                                                0x7ff600adb75d
                                                0x7ff600adb75e
                                                0x7ff600adb760
                                                0x7ff600adb764
                                                0x7ff600adb767
                                                0x7ff600adb769
                                                0x7ff600adb76c
                                                0x7ff600adb772
                                                0x7ff600adb772
                                                0x7ff600adb776
                                                0x7ff600adb77d
                                                0x7ff600adb77f
                                                0x7ff600adb785
                                                0x7ff600adb788
                                                0x7ff600adb78e
                                                0x7ff600adb791
                                                0x7ff600adb793
                                                0x7ff600adb796
                                                0x7ff600adb799
                                                0x7ff600adb79c
                                                0x7ff600adb79f
                                                0x7ff600adb7a2
                                                0x7ff600adb7ac
                                                0x7ff600adb7b0
                                                0x7ff600adb7b3
                                                0x7ff600adb7b6
                                                0x7ff600adb7bd
                                                0x7ff600adb7c1
                                                0x7ff600adb7c4
                                                0x7ff600adb7c6
                                                0x7ff600adb7c9
                                                0x7ff600adb7cb
                                                0x7ff600adb7d2
                                                0x7ff600adb7d4
                                                0x7ff600adb7da
                                                0x7ff600adb7e2
                                                0x7ff600adb7e9
                                                0x7ff600adb7ec
                                                0x7ff600adb7f3
                                                0x7ff600adb7f5
                                                0x7ff600adb7fc
                                                0x7ff600adb7fe
                                                0x7ff600adb801
                                                0x7ff600adb808
                                                0x7ff600adb80b
                                                0x7ff600adb812
                                                0x7ff600adb815
                                                0x7ff600adb817
                                                0x7ff600adb81a
                                                0x7ff600adb81d
                                                0x7ff600adb81f
                                                0x7ff600adb822
                                                0x7ff600adb825
                                                0x7ff600adb828
                                                0x7ff600adb82f
                                                0x7ff600adb832
                                                0x7ff600adb839
                                                0x7ff600adb840
                                                0x7ff600adb844
                                                0x7ff600adb847
                                                0x7ff600adb84a
                                                0x7ff600adb84c
                                                0x7ff600adb84f
                                                0x7ff600adb851
                                                0x7ff600adb85a
                                                0x7ff600adb85c
                                                0x7ff600adb85f
                                                0x7ff600adb867
                                                0x7ff600adb86e
                                                0x7ff600adb871
                                                0x7ff600adb878
                                                0x7ff600adb87a
                                                0x7ff600adb87d
                                                0x7ff600adb884
                                                0x7ff600adb886
                                                0x7ff600adb88f
                                                0x7ff600adb891
                                                0x7ff600adb8a0
                                                0x7ff600adb8a3
                                                0x7ff600adb8a7
                                                0x7ff600adb8aa
                                                0x7ff600adb8ae
                                                0x7ff600adb8b0
                                                0x7ff600adb8b6
                                                0x7ff600adb8b8
                                                0x7ff600adb8bf
                                                0x7ff600adb8c2
                                                0x7ff600adb8c5
                                                0x7ff600adb8c9
                                                0x7ff600adb8cb
                                                0x7ff600adb8d0
                                                0x7ff600adb8d4
                                                0x7ff600adb8dc
                                                0x7ff600adb8e4
                                                0x7ff600adb8e6
                                                0x7ff600adb8e8
                                                0x7ff600adb8ec
                                                0x7ff600adb8ef
                                                0x7ff600adb8f2
                                                0x7ff600adb8f9
                                                0x7ff600adb8ff
                                                0x7ff600adb904
                                                0x7ff600adb90b
                                                0x7ff600adb90f
                                                0x7ff600adb917
                                                0x7ff600adb91e
                                                0x7ff600adb925
                                                0x7ff600adb928
                                                0x7ff600adb92b
                                                0x7ff600adb92f
                                                0x7ff600adb934
                                                0x7ff600adb93b
                                                0x7ff600adb93f
                                                0x7ff600adb945
                                                0x7ff600adb94b
                                                0x7ff600adb94e
                                                0x7ff600adb950
                                                0x7ff600adb952
                                                0x7ff600adb955
                                                0x7ff600adb95c
                                                0x7ff600adb961
                                                0x7ff600adb964
                                                0x7ff600adb96a
                                                0x7ff600adb96d
                                                0x7ff600adb973
                                                0x7ff600adb976
                                                0x7ff600adb979
                                                0x7ff600adb97c
                                                0x7ff600adb97f
                                                0x7ff600adb982
                                                0x7ff600adb98c
                                                0x7ff600adb990
                                                0x7ff600adb993
                                                0x7ff600adb996
                                                0x7ff600adb99d
                                                0x7ff600adb9a1
                                                0x7ff600adb9a4
                                                0x7ff600adb9a6
                                                0x7ff600adb9a9
                                                0x7ff600adb9ab
                                                0x7ff600adb9b2
                                                0x7ff600adb9b4
                                                0x7ff600adb9ba
                                                0x7ff600adb9c2
                                                0x7ff600adb9c9
                                                0x7ff600adb9cc
                                                0x7ff600adb9d3
                                                0x7ff600adb9d8
                                                0x7ff600adb9db
                                                0x7ff600adb9e2
                                                0x7ff600adb9e5
                                                0x7ff600adb9ea
                                                0x7ff600adb9f1
                                                0x7ff600adb9f6
                                                0x7ff600adb9fa
                                                0x7ff600adba00
                                                0x7ff600adba06
                                                0x7ff600adba09
                                                0x7ff600adba0d
                                                0x7ff600adba10
                                                0x7ff600adba17
                                                0x7ff600adba1a
                                                0x7ff600adba1d
                                                0x7ff600adba1f
                                                0x7ff600adba26
                                                0x7ff600adba2d
                                                0x7ff600adba2f
                                                0x7ff600adba36
                                                0x7ff600adba3b
                                                0x7ff600adba3d
                                                0x7ff600adba3f
                                                0x7ff600adba4a
                                                0x7ff600adba4f
                                                0x7ff600adba55
                                                0x7ff600adba5a
                                                0x7ff600adba61
                                                0x7ff600adba64
                                                0x7ff600adba66
                                                0x7ff600adba6c
                                                0x7ff600adba6f
                                                0x7ff600adba75
                                                0x7ff600adba78
                                                0x7ff600adba7e
                                                0x7ff600adba81
                                                0x7ff600adba84
                                                0x7ff600adba87
                                                0x7ff600adba8a
                                                0x7ff600adba8d
                                                0x7ff600adba97
                                                0x7ff600adba9b
                                                0x7ff600adba9e
                                                0x7ff600adbaa1
                                                0x7ff600adbaa8
                                                0x7ff600adbaac
                                                0x7ff600adbaaf
                                                0x7ff600adbab1
                                                0x7ff600adbab6
                                                0x7ff600adbab9
                                                0x7ff600adbac0
                                                0x7ff600adbaca
                                                0x7ff600adbace
                                                0x7ff600adbad5
                                                0x7ff600adbad9
                                                0x7ff600adbae0
                                                0x7ff600adbae4
                                                0x7ff600adbae7
                                                0x7ff600adbaea
                                                0x7ff600adbaec
                                                0x7ff600adbaf3
                                                0x7ff600adbaf6
                                                0x7ff600adbafa
                                                0x7ff600adbafd
                                                0x7ff600adbb00
                                                0x7ff600adbb06
                                                0x7ff600adbb0d
                                                0x7ff600adbb0f
                                                0x7ff600adbb11
                                                0x7ff600adbb14
                                                0x7ff600adbb1a
                                                0x7ff600adbb1a
                                                0x7ff600adbb1e
                                                0x7ff600adbb26
                                                0x7ff600adbb2d
                                                0x7ff600adbb32
                                                0x7ff600adbb35
                                                0x7ff600adbb38
                                                0x7ff600adbb3e
                                                0x7ff600adbb41
                                                0x7ff600adbb43
                                                0x7ff600adbb47
                                                0x7ff600adbb49
                                                0x7ff600adbb4c
                                                0x7ff600adbb4f
                                                0x7ff600adbb51
                                                0x7ff600adbb59
                                                0x7ff600adbb59
                                                0x7ff600adbb5d
                                                0x7ff600adbb63
                                                0x7ff600adbb67
                                                0x7ff600adbb6a
                                                0x7ff600adbb6f
                                                0x7ff600adbb72
                                                0x7ff600adbb76
                                                0x7ff600adbb79
                                                0x7ff600adbb80
                                                0x7ff600adbb83
                                                0x7ff600adbb87
                                                0x7ff600adbb8a
                                                0x7ff600adbb91
                                                0x7ff600adbb98
                                                0x7ff600adbb9c
                                                0x7ff600adbb9f
                                                0x7ff600adbba1
                                                0x7ff600adbba4
                                                0x7ff600adbba6
                                                0x7ff600adbbaa
                                                0x7ff600adbbb0
                                                0x7ff600adbbb3
                                                0x7ff600adbbb6
                                                0x7ff600adbbb8
                                                0x7ff600adbbc0
                                                0x7ff600adbbc0
                                                0x7ff600adbbc4
                                                0x7ff600adbbca
                                                0x7ff600adbbd1
                                                0x7ff600adbbd4
                                                0x7ff600adbbd7
                                                0x7ff600adbbda
                                                0x7ff600adbbe1
                                                0x7ff600adbbe8
                                                0x7ff600adbbef
                                                0x7ff600adbbf1
                                                0x7ff600adbbf3
                                                0x7ff600adbbf6
                                                0x7ff600adbbfa
                                                0x7ff600adbc00
                                                0x7ff600adbc03
                                                0x7ff600adbc06
                                                0x7ff600adbc0c
                                                0x7ff600adbc0f
                                                0x7ff600adbc13
                                                0x7ff600adbc1a
                                                0x7ff600adbc1d
                                                0x7ff600adbc28
                                                0x7ff600adbc2a
                                                0x7ff600adbc2e
                                                0x7ff600adbc30
                                                0x7ff600adbc37
                                                0x7ff600adbc3c
                                                0x7ff600adbc3e
                                                0x7ff600adbc41
                                                0x7ff600adbc48
                                                0x7ff600adbc4d
                                                0x7ff600adbc53
                                                0x7ff600adbc58
                                                0x7ff600adbc5f
                                                0x7ff600adbc62
                                                0x7ff600adbc67
                                                0x7ff600adbc6c
                                                0x7ff600adbc6e
                                                0x7ff600adbc70
                                                0x7ff600adbc76
                                                0x7ff600adbc79
                                                0x7ff600adbc84
                                                0x7ff600adbc86
                                                0x7ff600adbc87
                                                0x7ff600adbc89
                                                0x7ff600adbc8d
                                                0x7ff600adbc91
                                                0x7ff600adbc94
                                                0x7ff600adbc96
                                                0x7ff600adbc98
                                                0x7ff600adbc9e
                                                0x7ff600adbca0
                                                0x7ff600adbca7
                                                0x7ff600adbcae
                                                0x7ff600adbcb0
                                                0x7ff600adbcb2
                                                0x7ff600adbcb5
                                                0x7ff600adbcbc
                                                0x7ff600adbcc1
                                                0x7ff600adbcc4
                                                0x7ff600adbcca
                                                0x7ff600adbccd
                                                0x7ff600adbcd3
                                                0x7ff600adbcd6
                                                0x7ff600adbcd9
                                                0x7ff600adbcdc
                                                0x7ff600adbcdf
                                                0x7ff600adbce2
                                                0x7ff600adbcec
                                                0x7ff600adbcf0
                                                0x7ff600adbcf3
                                                0x7ff600adbcf6
                                                0x7ff600adbcfd
                                                0x7ff600adbd01
                                                0x7ff600adbd04
                                                0x7ff600adbd06
                                                0x7ff600adbd09
                                                0x7ff600adbd0f
                                                0x7ff600adbd16
                                                0x7ff600adbd18
                                                0x7ff600adbd1e
                                                0x7ff600adbd26
                                                0x7ff600adbd2d
                                                0x7ff600adbd30
                                                0x7ff600adbd37
                                                0x7ff600adbd3c
                                                0x7ff600adbd3f
                                                0x7ff600adbd44
                                                0x7ff600adbd49
                                                0x7ff600adbd4c
                                                0x7ff600adbd52
                                                0x7ff600adbd56
                                                0x7ff600adbd58
                                                0x7ff600adbd5a
                                                0x7ff600adbd64
                                                0x7ff600adbd6e
                                                0x7ff600adbd71
                                                0x7ff600adbd74
                                                0x7ff600adbd7e
                                                0x7ff600adbd81
                                                0x7ff600adbd84
                                                0x7ff600adbd87
                                                0x7ff600adbd8a
                                                0x7ff600adbd8d
                                                0x7ff600adbd90
                                                0x7ff600adbd92
                                                0x7ff600adbd94
                                                0x7ff600adbd9d
                                                0x7ff600adbd9d
                                                0x7ff600adbd9e
                                                0x7ff600adbda0
                                                0x7ff600adbda9
                                                0x7ff600adbdab
                                                0x7ff600adbdb1
                                                0x7ff600adbdb4
                                                0x7ff600adbdbd
                                                0x7ff600adbdc1
                                                0x7ff600adbdc3
                                                0x7ff600adbdc5
                                                0x7ff600adbdc8
                                                0x7ff600adbdca
                                                0x7ff600adbdcd
                                                0x7ff600adbdcf
                                                0x7ff600adbdcf
                                                0x7ff600adbdd3
                                                0x7ff600adbdd8
                                                0x7ff600adbde0
                                                0x7ff600adbde2
                                                0x7ff600adbde4
                                                0x7ff600adbde6
                                                0x7ff600adbde9
                                                0x7ff600adbdec
                                                0x7ff600adbdee
                                                0x7ff600adbdf2
                                                0x7ff600adbdf6
                                                0x7ff600adbdfa
                                                0x7ff600adbe00
                                                0x7ff600adbe02
                                                0x7ff600adbe08
                                                0x7ff600adbe0d
                                                0x7ff600adbe10
                                                0x7ff600adbe15
                                                0x7ff600adbe18
                                                0x7ff600adbe1f
                                                0x7ff600adbe22
                                                0x7ff600adbe25
                                                0x7ff600adbe2b
                                                0x7ff600adbe2f
                                                0x7ff600adbe35
                                                0x7ff600adbe38
                                                0x7ff600adbe3e
                                                0x7ff600adbe41
                                                0x7ff600adbe44
                                                0x7ff600adbe47
                                                0x7ff600adbe4a
                                                0x7ff600adbe51
                                                0x7ff600adbe58
                                                0x7ff600adbe5b
                                                0x7ff600adbe5e
                                                0x7ff600adbe61
                                                0x7ff600adbe68
                                                0x7ff600adbe6c
                                                0x7ff600adbe6f
                                                0x7ff600adbe71
                                                0x7ff600adbe74
                                                0x7ff600adbe76
                                                0x7ff600adbe7d
                                                0x7ff600adbe7f
                                                0x7ff600adbe85
                                                0x7ff600adbe8d
                                                0x7ff600adbe94
                                                0x7ff600adbe97
                                                0x7ff600adbe9e
                                                0x7ff600adbea0
                                                0x7ff600adbea3
                                                0x7ff600adbeaa
                                                0x7ff600adbeb1
                                                0x7ff600adbeb8
                                                0x7ff600adbec1
                                                0x7ff600adbec3
                                                0x7ff600adbec5
                                                0x7ff600adbece
                                                0x7ff600adbed7
                                                0x7ff600adbedd
                                                0x7ff600adbedf
                                                0x7ff600adbee2
                                                0x7ff600adbee4
                                                0x7ff600adbee7
                                                0x7ff600adbeea
                                                0x7ff600adbeed
                                                0x7ff600adbef4
                                                0x7ff600adbef7
                                                0x7ff600adbefa
                                                0x7ff600adbf01
                                                0x7ff600adbf08
                                                0x7ff600adbf0c
                                                0x7ff600adbf0f
                                                0x7ff600adbf11
                                                0x7ff600adbf14
                                                0x7ff600adbf16
                                                0x7ff600adbf1a
                                                0x7ff600adbf1c
                                                0x7ff600adbf1f
                                                0x7ff600adbf27
                                                0x7ff600adbf2e
                                                0x7ff600adbf31
                                                0x7ff600adbf38
                                                0x7ff600adbf3a
                                                0x7ff600adbf3d
                                                0x7ff600adbf44
                                                0x7ff600adbf4b
                                                0x7ff600adbf52
                                                0x7ff600adbf5b
                                                0x7ff600adbf5d
                                                0x7ff600adbf5f
                                                0x7ff600adbf62
                                                0x7ff600adbf66
                                                0x7ff600adbf67
                                                0x7ff600adbf69
                                                0x7ff600adbf6c
                                                0x7ff600adbf6f
                                                0x7ff600adbf71
                                                0x7ff600adbf73
                                                0x7ff600adbf76
                                                0x7ff600adbf7a
                                                0x7ff600adbf7d
                                                0x7ff600adbf80
                                                0x7ff600adbf84
                                                0x7ff600adbf87
                                                0x7ff600adbf8d
                                                0x7ff600adbf90
                                                0x7ff600adbf96
                                                0x7ff600adbf9f
                                                0x7ff600adbfa2
                                                0x7ff600adbfa8
                                                0x7ff600adbfac
                                                0x7ff600adbfae
                                                0x7ff600adbfb1
                                                0x7ff600adbfb3
                                                0x7ff600adbfb5
                                                0x7ff600adbfb7
                                                0x7ff600adbfc0
                                                0x7ff600adbfc3
                                                0x7ff600adbfc7
                                                0x7ff600adbfca
                                                0x7ff600adbfd1
                                                0x7ff600adbfd9
                                                0x7ff600adbfe1
                                                0x7ff600adbfe3
                                                0x7ff600adbfe7
                                                0x7ff600adbfea
                                                0x7ff600adbfed
                                                0x7ff600adbff4
                                                0x7ff600adbffa
                                                0x7ff600adbfff
                                                0x7ff600adc006
                                                0x7ff600adc00a
                                                0x7ff600adc012
                                                0x7ff600adc019
                                                0x7ff600adc020
                                                0x7ff600adc023
                                                0x7ff600adc026
                                                0x7ff600adc02a
                                                0x7ff600adc02f
                                                0x7ff600adc036
                                                0x7ff600adc03a
                                                0x7ff600adc040
                                                0x7ff600adc046
                                                0x7ff600adc048
                                                0x7ff600adc04a
                                                0x7ff600adc04c
                                                0x7ff600adc052
                                                0x7ff600adc058
                                                0x7ff600adc05b
                                                0x7ff600adc062
                                                0x7ff600adc067
                                                0x7ff600adc06a
                                                0x7ff600adc070
                                                0x7ff600adc073
                                                0x7ff600adc079
                                                0x7ff600adc07c
                                                0x7ff600adc07f
                                                0x7ff600adc082
                                                0x7ff600adc085
                                                0x7ff600adc088
                                                0x7ff600adc092
                                                0x7ff600adc096
                                                0x7ff600adc099
                                                0x7ff600adc09c
                                                0x7ff600adc0a3
                                                0x7ff600adc0a7
                                                0x7ff600adc0aa
                                                0x7ff600adc0ac
                                                0x7ff600adc0af
                                                0x7ff600adc0b5
                                                0x7ff600adc0bc
                                                0x7ff600adc0be
                                                0x7ff600adc0c4
                                                0x7ff600adc0cc
                                                0x7ff600adc0d3
                                                0x7ff600adc0d6
                                                0x7ff600adc0dd
                                                0x7ff600adc0e2
                                                0x7ff600adc0e5
                                                0x7ff600adc0eb
                                                0x7ff600adc0f2
                                                0x7ff600adc0f8
                                                0x7ff600adc101
                                                0x7ff600adc103
                                                0x7ff600adc105
                                                0x7ff600adc108
                                                0x7ff600adc10f
                                                0x7ff600adc111
                                                0x7ff600adc113
                                                0x7ff600adc114
                                                0x7ff600adc116
                                                0x7ff600adc11a
                                                0x7ff600adc11b
                                                0x7ff600adc11c
                                                0x7ff600adc11e
                                                0x7ff600adc125
                                                0x7ff600adc129
                                                0x7ff600adc12f
                                                0x7ff600adc135
                                                0x7ff600adc138
                                                0x7ff600adc13c
                                                0x7ff600adc145
                                                0x7ff600adc147
                                                0x7ff600adc149
                                                0x7ff600adc14a
                                                0x7ff600adc14b
                                                0x7ff600adc14d
                                                0x7ff600adc14f
                                                0x7ff600adc151
                                                0x7ff600adc153
                                                0x7ff600adc159
                                                0x7ff600adc15f
                                                0x7ff600adc164
                                                0x7ff600adc16b
                                                0x7ff600adc16e
                                                0x7ff600adc174
                                                0x7ff600adc177
                                                0x7ff600adc17d
                                                0x7ff600adc180
                                                0x7ff600adc183
                                                0x7ff600adc186
                                                0x7ff600adc189
                                                0x7ff600adc18c
                                                0x7ff600adc196
                                                0x7ff600adc19a
                                                0x7ff600adc19d
                                                0x7ff600adc1a0
                                                0x7ff600adc1a7
                                                0x7ff600adc1ab
                                                0x7ff600adc1ae
                                                0x7ff600adc1b0
                                                0x7ff600adc1b3
                                                0x7ff600adc1b9
                                                0x7ff600adc1c0
                                                0x7ff600adc1c6
                                                0x7ff600adc1c9
                                                0x7ff600adc1cf
                                                0x7ff600adc1d6
                                                0x7ff600adc1dc
                                                0x7ff600adc1e5
                                                0x7ff600adc1e7
                                                0x7ff600adc1e9
                                                0x7ff600adc1eb
                                                0x7ff600adc1ed
                                                0x7ff600adc1f0
                                                0x7ff600adc1f5
                                                0x7ff600adc1f8
                                                0x7ff600adc1ff
                                                0x7ff600adc202
                                                0x7ff600adc206
                                                0x7ff600adc20a
                                                0x7ff600adc20d
                                                0x7ff600adc212
                                                0x7ff600adc219
                                                0x7ff600adc21d
                                                0x7ff600adc221
                                                0x7ff600adc223
                                                0x7ff600adc227
                                                0x7ff600adc229
                                                0x7ff600adc22c
                                                0x7ff600adc232
                                                0x7ff600adc234
                                                0x7ff600adc23a
                                                0x7ff600adc241
                                                0x7ff600adc243
                                                0x7ff600adc245
                                                0x7ff600adc248
                                                0x7ff600adc24e
                                                0x7ff600adc256
                                                0x7ff600adc256
                                                0x7ff600adc25a
                                                0x7ff600adc260
                                                0x7ff600adc265
                                                0x7ff600adc268
                                                0x7ff600adc26b
                                                0x7ff600adc26e
                                                0x7ff600adc274
                                                0x7ff600adc277
                                                0x7ff600adc279
                                                0x7ff600adc27d
                                                0x7ff600adc27f
                                                0x7ff600adc282
                                                0x7ff600adc285
                                                0x7ff600adc287
                                                0x7ff600adc28f
                                                0x7ff600adc28f
                                                0x7ff600adc293
                                                0x7ff600adc299
                                                0x7ff600adc29d
                                                0x7ff600adc2a0
                                                0x7ff600adc2a4
                                                0x7ff600adc2ab
                                                0x7ff600adc2af
                                                0x7ff600adc2b2
                                                0x7ff600adc2b5
                                                0x7ff600adc2b8
                                                0x7ff600adc2bc
                                                0x7ff600adc2bf
                                                0x7ff600adc2c6
                                                0x7ff600adc2ca
                                                0x7ff600adc2cd
                                                0x7ff600adc2d3
                                                0x7ff600adc2d5
                                                0x7ff600adc2d8
                                                0x7ff600adc2da
                                                0x7ff600adc2de
                                                0x7ff600adc2e0
                                                0x7ff600adc2e3
                                                0x7ff600adc2e6
                                                0x7ff600adc2e8
                                                0x7ff600adc2f0
                                                0x7ff600adc2f0
                                                0x7ff600adc2f4
                                                0x7ff600adc2fa
                                                0x7ff600adc301
                                                0x7ff600adc304
                                                0x7ff600adc307
                                                0x7ff600adc30a
                                                0x7ff600adc311
                                                0x7ff600adc317
                                                0x7ff600adc31b
                                                0x7ff600adc31e
                                                0x7ff600adc320
                                                0x7ff600adc322
                                                0x7ff600adc326
                                                0x7ff600adc32a
                                                0x7ff600adc330
                                                0x7ff600adc335
                                                0x7ff600adc338
                                                0x7ff600adc33b
                                                0x7ff600adc341
                                                0x7ff600adc344
                                                0x7ff600adc34b
                                                0x7ff600adc34f
                                                0x7ff600adc355
                                                0x7ff600adc35e
                                                0x7ff600adc360
                                                0x7ff600adc362
                                                0x7ff600adc363
                                                0x7ff600adc364
                                                0x7ff600adc366
                                                0x7ff600adc36d
                                                0x7ff600adc36f
                                                0x7ff600adc372
                                                0x7ff600adc374
                                                0x7ff600adc37a
                                                0x7ff600adc37e
                                                0x7ff600adc382
                                                0x7ff600adc386
                                                0x7ff600adc38c
                                                0x7ff600adc393
                                                0x7ff600adc395
                                                0x7ff600adc398
                                                0x7ff600adc39e
                                                0x7ff600adc39e
                                                0x7ff600adc3a2
                                                0x7ff600adc3a9
                                                0x7ff600adc3b0
                                                0x7ff600adc3b2
                                                0x7ff600adc3b8
                                                0x7ff600adc3bb
                                                0x7ff600adc3c1
                                                0x7ff600adc3c4
                                                0x7ff600adc3ca
                                                0x7ff600adc3cd
                                                0x7ff600adc3d0
                                                0x7ff600adc3d3
                                                0x7ff600adc3d6
                                                0x7ff600adc3d9
                                                0x7ff600adc3e3
                                                0x7ff600adc3e7
                                                0x7ff600adc3ea
                                                0x7ff600adc3ed
                                                0x7ff600adc3f4
                                                0x7ff600adc3f8
                                                0x7ff600adc3fb
                                                0x7ff600adc3fd
                                                0x7ff600adc400
                                                0x7ff600adc406
                                                0x7ff600adc40d
                                                0x7ff600adc40f
                                                0x7ff600adc415
                                                0x7ff600adc41d
                                                0x7ff600adc424
                                                0x7ff600adc427
                                                0x7ff600adc42e
                                                0x7ff600adc430
                                                0x7ff600adc437
                                                0x7ff600adc43e
                                                0x7ff600adc445
                                                0x7ff600adc44c
                                                0x7ff600adc44f
                                                0x7ff600adc458
                                                0x7ff600adc45c
                                                0x7ff600adc45d
                                                0x7ff600adc45f
                                                0x7ff600adc462
                                                0x7ff600adc465
                                                0x7ff600adc466
                                                0x7ff600adc46b
                                                0x7ff600adc46e
                                                0x7ff600adc475
                                                0x7ff600adc47c
                                                0x7ff600adc483
                                                0x7ff600adc48c
                                                0x7ff600adc48e
                                                0x7ff600adc490
                                                0x7ff600adc493
                                                0x7ff600adc496
                                                0x7ff600adc49b
                                                0x7ff600adc49d
                                                0x7ff600adc4a0
                                                0x7ff600adc4a2
                                                0x7ff600adc4a8
                                                0x7ff600adc4aa
                                                0x7ff600adc4ad
                                                0x7ff600adc4af
                                                0x7ff600adc4b2
                                                0x7ff600adc4b5
                                                0x7ff600adc4b8
                                                0x7ff600adc4bf
                                                0x7ff600adc4c2
                                                0x7ff600adc4c9
                                                0x7ff600adc4d0
                                                0x7ff600adc4d4
                                                0x7ff600adc4d7
                                                0x7ff600adc4da
                                                0x7ff600adc4dc
                                                0x7ff600adc4df
                                                0x7ff600adc4e1
                                                0x7ff600adc4e5
                                                0x7ff600adc4e7
                                                0x7ff600adc4ea
                                                0x7ff600adc4f2
                                                0x7ff600adc4f9
                                                0x7ff600adc4fc
                                                0x7ff600adc503
                                                0x7ff600adc505
                                                0x7ff600adc508
                                                0x7ff600adc50f
                                                0x7ff600adc516
                                                0x7ff600adc51d
                                                0x7ff600adc526
                                                0x7ff600adc528
                                                0x7ff600adc52a
                                                0x7ff600adc52c
                                                0x7ff600adc52e
                                                0x7ff600adc535
                                                0x7ff600adc538
                                                0x7ff600adc53d
                                                0x7ff600adc543
                                                0x7ff600adc548
                                                0x7ff600adc553
                                                0x7ff600adc558
                                                0x7ff600adc55b
                                                0x7ff600adc55e
                                                0x7ff600adc567
                                                0x7ff600adc569
                                                0x7ff600adc56d
                                                0x7ff600adc570
                                                0x7ff600adc570
                                                0x7ff600adc575
                                                0x7ff600adc578
                                                0x7ff600adc57c
                                                0x7ff600adc57e
                                                0x7ff600adc582
                                                0x7ff600adc584
                                                0x7ff600adc58a
                                                0x7ff600adc58c
                                                0x7ff600adc595
                                                0x7ff600adc598
                                                0x7ff600adc59c
                                                0x7ff600adc59f
                                                0x7ff600adc5a6
                                                0x7ff600adc5ae
                                                0x7ff600adc5b6
                                                0x7ff600adc5b8
                                                0x7ff600adc5bc
                                                0x7ff600adc5bf
                                                0x7ff600adc5c2
                                                0x7ff600adc5c2
                                                0x7ff600adc5c9
                                                0x7ff600adc5cf
                                                0x7ff600adc5d4
                                                0x7ff600adc5db
                                                0x7ff600adc5df
                                                0x7ff600adc5e7
                                                0x7ff600adc5ee
                                                0x7ff600adc5ee
                                                0x7ff600adc5f5
                                                0x7ff600adc5f8
                                                0x7ff600adc5fb
                                                0x7ff600adc5ff
                                                0x7ff600adc604
                                                0x7ff600adc60b
                                                0x7ff600adc60f
                                                0x7ff600adc615
                                                0x7ff600adc61b
                                                0x7ff600adc61d
                                                0x7ff600adc61f
                                                0x7ff600adc621
                                                0x7ff600adc624
                                                0x7ff600adc62a
                                                0x7ff600adc62a
                                                0x7ff600adc631
                                                0x7ff600adc637
                                                0x7ff600adc642
                                                0x7ff600adc644
                                                0x7ff600adc646
                                                0x7ff600adc648
                                                0x7ff600adc64f
                                                0x7ff600adc654
                                                0x7ff600adc656
                                                0x7ff600adc65f
                                                0x7ff600adc665
                                                0x7ff600adc668
                                                0x7ff600adc66a
                                                0x7ff600adc66d
                                                0x7ff600adc670
                                                0x7ff600adc673
                                                0x7ff600adc676
                                                0x7ff600adc679
                                                0x7ff600adc683
                                                0x7ff600adc687
                                                0x7ff600adc68a
                                                0x7ff600adc68d
                                                0x7ff600adc694
                                                0x7ff600adc698
                                                0x7ff600adc69b
                                                0x7ff600adc69d
                                                0x7ff600adc6a0
                                                0x7ff600adc6a2
                                                0x7ff600adc6a9
                                                0x7ff600adc6ab
                                                0x7ff600adc6b1
                                                0x7ff600adc6b9
                                                0x7ff600adc6c0
                                                0x7ff600adc6c3
                                                0x7ff600adc6ca
                                                0x7ff600adc6cc
                                                0x7ff600adc6cf
                                                0x7ff600adc6d5
                                                0x7ff600adc6d5
                                                0x7ff600adc6dc
                                                0x7ff600adc6e2
                                                0x7ff600adc6ed
                                                0x7ff600adc6ef
                                                0x7ff600adc6f1
                                                0x7ff600adc6f3
                                                0x7ff600adc6fa
                                                0x7ff600adc6fc
                                                0x7ff600adc701
                                                0x7ff600adc706
                                                0x7ff600adc706
                                                0x7ff600adc70d
                                                0x7ff600adc70d
                                                0x7ff600adc714
                                                0x7ff600adc718
                                                0x7ff600adc71e
                                                0x7ff600adc724
                                                0x7ff600adc727
                                                0x7ff600adc730
                                                0x7ff600adc732
                                                0x7ff600adc739
                                                0x7ff600adc73e
                                                0x7ff600adc740
                                                0x7ff600adc742
                                                0x7ff600adc744
                                                0x7ff600adc74a
                                                0x7ff600adc74a
                                                0x7ff600adc751
                                                0x7ff600adc757
                                                0x7ff600adc75a
                                                0x7ff600adc75f
                                                0x7ff600adc766
                                                0x7ff600adc76b
                                                0x7ff600adc76e
                                                0x7ff600adc774
                                                0x7ff600adc777
                                                0x7ff600adc77d
                                                0x7ff600adc780
                                                0x7ff600adc783
                                                0x7ff600adc786
                                                0x7ff600adc789
                                                0x7ff600adc78c
                                                0x7ff600adc796
                                                0x7ff600adc79a
                                                0x7ff600adc79d
                                                0x7ff600adc7a0
                                                0x7ff600adc7a7
                                                0x7ff600adc7ab
                                                0x7ff600adc7ae
                                                0x7ff600adc7b0
                                                0x7ff600adc7b3
                                                0x7ff600adc7b9
                                                0x7ff600adc7c0
                                                0x7ff600adc7c2
                                                0x7ff600adc7c8
                                                0x7ff600adc7d0
                                                0x7ff600adc7d7
                                                0x7ff600adc7da
                                                0x7ff600adc7e1
                                                0x7ff600adc7e6
                                                0x7ff600adc7e9
                                                0x7ff600adc7ef
                                                0x7ff600adc7ef
                                                0x7ff600adc7f6
                                                0x7ff600adc7fc
                                                0x7ff600adc7ff
                                                0x7ff600adc7ff
                                                0x7ff600adc806
                                                0x7ff600adc80b
                                                0x7ff600adc812
                                                0x7ff600adc815
                                                0x7ff600adc81a
                                                0x7ff600adc81f
                                                0x7ff600adc822
                                                0x7ff600adc822
                                                0x7ff600adc829
                                                0x7ff600adc82c
                                                0x7ff600adc830
                                                0x7ff600adc834
                                                0x7ff600adc837
                                                0x7ff600adc83c
                                                0x7ff600adc83c
                                                0x7ff600adc843
                                                0x7ff600adc847
                                                0x7ff600adc84b
                                                0x7ff600adc84d
                                                0x7ff600adc851
                                                0x7ff600adc853
                                                0x7ff600adc856
                                                0x7ff600adc85c
                                                0x7ff600adc85e
                                                0x7ff600adc864
                                                0x7ff600adc86b
                                                0x7ff600adc86d
                                                0x7ff600adc86f
                                                0x7ff600adc872
                                                0x7ff600adc878
                                                0x7ff600adc880
                                                0x7ff600adc880
                                                0x7ff600adc884
                                                0x7ff600adc88a
                                                0x7ff600adc88f
                                                0x7ff600adc892
                                                0x7ff600adc895
                                                0x7ff600adc898
                                                0x7ff600adc89e
                                                0x7ff600adc8a1
                                                0x7ff600adc8a3
                                                0x7ff600adc8a7
                                                0x7ff600adc8a9
                                                0x7ff600adc8ac
                                                0x7ff600adc8af
                                                0x7ff600adc8b1
                                                0x7ff600adc8b9
                                                0x7ff600adc8b9
                                                0x7ff600adc8bd
                                                0x7ff600adc8c3
                                                0x7ff600adc8c7
                                                0x7ff600adc8ca
                                                0x7ff600adc8cf
                                                0x7ff600adc8d2
                                                0x7ff600adc8d6
                                                0x7ff600adc8d9
                                                0x7ff600adc8e0
                                                0x7ff600adc8e3
                                                0x7ff600adc8e7
                                                0x7ff600adc8ea
                                                0x7ff600adc8f1
                                                0x7ff600adc8f5
                                                0x7ff600adc8f8
                                                0x7ff600adc8fe
                                                0x7ff600adc900
                                                0x7ff600adc903
                                                0x7ff600adc905
                                                0x7ff600adc909
                                                0x7ff600adc90b
                                                0x7ff600adc90e
                                                0x7ff600adc911
                                                0x7ff600adc913
                                                0x7ff600adc91b
                                                0x7ff600adc91b
                                                0x7ff600adc925
                                                0x7ff600adc92c
                                                0x7ff600adc92f
                                                0x7ff600adc932
                                                0x7ff600adc935
                                                0x7ff600adc93c
                                                0x7ff600adc942
                                                0x7ff600adc949
                                                0x7ff600adc94b
                                                0x7ff600adc94d
                                                0x7ff600adc951
                                                0x7ff600adc955
                                                0x7ff600adc95b
                                                0x7ff600adc960
                                                0x7ff600adc963
                                                0x7ff600adc966
                                                0x7ff600adc96c
                                                0x7ff600adc96f
                                                0x7ff600adc96f
                                                0x7ff600adc976
                                                0x7ff600adc97a
                                                0x7ff600adc983
                                                0x7ff600adc985
                                                0x7ff600adc988
                                                0x7ff600adc988
                                                0x7ff600adc98f
                                                0x7ff600adc994
                                                0x7ff600adc99b
                                                0x7ff600adc9a0
                                                0x7ff600adc9a2
                                                0x7ff600adc9a5
                                                0x7ff600adc9a7
                                                0x7ff600adc9ad
                                                0x7ff600adc9b1
                                                0x7ff600adc9b5
                                                0x7ff600adc9b9
                                                0x7ff600adc9bf
                                                0x7ff600adc9c6
                                                0x7ff600adc9c8
                                                0x7ff600adc9cb
                                                0x7ff600adc9cd
                                                0x7ff600adc9d2
                                                0x7ff600adc9d9
                                                0x7ff600adc9e0
                                                0x7ff600adc9e2
                                                0x7ff600adc9e8
                                                0x7ff600adc9eb
                                                0x7ff600adc9ef
                                                0x7ff600adc9ef
                                                0x7ff600adc9f3
                                                0x7ff600adc9fa
                                                0x7ff600adca05
                                                0x7ff600adca07
                                                0x7ff600adca09
                                                0x7ff600adca0b
                                                0x7ff600adca12
                                                0x7ff600adca17
                                                0x7ff600adca1a
                                                0x7ff600adca1d
                                                0x7ff600adca23
                                                0x7ff600adca26
                                                0x7ff600adca2b
                                                0x7ff600adca2f
                                                0x7ff600adca2f
                                                0x7ff600adca33
                                                0x7ff600adca3a
                                                0x7ff600adca3a
                                                0x7ff600adca41
                                                0x7ff600adca4a
                                                0x7ff600adca4b
                                                0x7ff600adca50
                                                0x7ff600adca57
                                                0x7ff600adca5a
                                                0x7ff600adca5d
                                                0x7ff600adca62
                                                0x7ff600adca67
                                                0x7ff600adca6a
                                                0x7ff600adca6c
                                                0x7ff600adca6f
                                                0x7ff600adca71
                                                0x7ff600adca74
                                                0x7ff600adca76
                                                0x7ff600adca79
                                                0x7ff600adca7c
                                                0x7ff600adca7f
                                                0x7ff600adca82
                                                0x7ff600adca85
                                                0x7ff600adca8f
                                                0x7ff600adca93
                                                0x7ff600adca96
                                                0x7ff600adca99
                                                0x7ff600adcaa0
                                                0x7ff600adcaa4
                                                0x7ff600adcaa7
                                                0x7ff600adcaa9
                                                0x7ff600adcaac
                                                0x7ff600adcab2
                                                0x7ff600adcab9
                                                0x7ff600adcabb
                                                0x7ff600adcac1
                                                0x7ff600adcac9
                                                0x7ff600adcad0
                                                0x7ff600adcad3
                                                0x7ff600adcada
                                                0x7ff600adcadf
                                                0x7ff600adcae8
                                                0x7ff600adcaeb
                                                0x7ff600adcaeb
                                                0x7ff600adcaef
                                                0x7ff600adcaf6
                                                0x7ff600adcaf6
                                                0x7ff600adcafd
                                                0x7ff600adcb02
                                                0x7ff600adcb07
                                                0x7ff600adcb0d
                                                0x7ff600adcb12
                                                0x7ff600adcb15
                                                0x7ff600adcb19
                                                0x7ff600adcb1b
                                                0x7ff600adcb20
                                                0x7ff600adcb22
                                                0x7ff600adcb2c
                                                0x7ff600adcb2f
                                                0x7ff600adcb32
                                                0x7ff600adcb35
                                                0x7ff600adcb38
                                                0x7ff600adcb3a
                                                0x7ff600adcb3f
                                                0x7ff600adcb41
                                                0x7ff600adcb4a
                                                0x7ff600adcb4c
                                                0x7ff600adcb4e
                                                0x7ff600adcb57
                                                0x7ff600adcb5b
                                                0x7ff600adcb5f
                                                0x7ff600adcb61
                                                0x7ff600adcb69
                                                0x7ff600adcb6b
                                                0x7ff600adcb6d
                                                0x7ff600adcb6f
                                                0x7ff600adcb75
                                                0x7ff600adcb77
                                                0x7ff600adcb7a
                                                0x7ff600adcb7c
                                                0x7ff600adcb7f
                                                0x7ff600adcb81
                                                0x7ff600adcb81
                                                0x7ff600adcb85
                                                0x7ff600adcb8a
                                                0x7ff600adcb92
                                                0x7ff600adcb94
                                                0x7ff600adcb96
                                                0x7ff600adcb98
                                                0x7ff600adcb9b
                                                0x7ff600adcb9e
                                                0x7ff600adcba0
                                                0x7ff600adcba2
                                                0x7ff600adcba8
                                                0x7ff600adcbaa
                                                0x7ff600adcbb0
                                                0x7ff600adcbb2
                                                0x7ff600adcbb4
                                                0x7ff600adcbb6
                                                0x7ff600adcbba
                                                0x7ff600adcbc0
                                                0x7ff600adcbc3
                                                0x7ff600adcbc8
                                                0x7ff600adcbca
                                                0x7ff600adcbcf
                                                0x7ff600adcbd2
                                                0x7ff600adcbd5
                                                0x7ff600adcbd7
                                                0x7ff600adcbdb
                                                0x7ff600adcbdd
                                                0x7ff600adcbe4
                                                0x7ff600adcbe6
                                                0x7ff600adcbe8
                                                0x7ff600adcbea
                                                0x7ff600adcbee
                                                0x7ff600adcbee
                                                0x7ff600adcbf2
                                                0x7ff600adcbfa
                                                0x7ff600adcbfc
                                                0x7ff600adcbfe
                                                0x7ff600adcc00
                                                0x7ff600adcc03
                                                0x7ff600adcc07
                                                0x7ff600adcc0a
                                                0x7ff600adcc0c
                                                0x7ff600adcc0f
                                                0x7ff600adcc13
                                                0x7ff600adcc13
                                                0x7ff600adcc17
                                                0x7ff600adcc1e
                                                0x7ff600adcc27
                                                0x7ff600adcc29
                                                0x7ff600adcc2b
                                                0x7ff600adcc30
                                                0x7ff600adcc36
                                                0x7ff600adcc39
                                                0x7ff600adcc3e
                                                0x7ff600adcc41
                                                0x7ff600adcc44
                                                0x7ff600adcc46
                                                0x7ff600adcc4b
                                                0x7ff600adcc4e
                                                0x7ff600adcc51
                                                0x7ff600adcc55
                                                0x7ff600adcc58
                                                0x7ff600adcc5a
                                                0x7ff600adcc5e
                                                0x7ff600adcc5e
                                                0x7ff600adcc62
                                                0x7ff600adcc65
                                                0x7ff600adcc67
                                                0x7ff600adcc6b
                                                0x7ff600adcc6f
                                                0x7ff600adcc73
                                                0x7ff600adcc79
                                                0x7ff600adcc7c
                                                0x7ff600adcc7f
                                                0x7ff600adcc7f
                                                0x7ff600adcc82
                                                0x7ff600adcc85
                                                0x7ff600adcc87
                                                0x7ff600adcc8f
                                                0x7ff600adcc91
                                                0x7ff600adcc94
                                                0x7ff600adcc97
                                                0x7ff600adcc99
                                                0x7ff600adcca1
                                                0x7ff600adcca3
                                                0x7ff600adcca6
                                                0x7ff600adcca9
                                                0x7ff600adccab
                                                0x7ff600adccae
                                                0x7ff600adccb1
                                                0x7ff600adccb3
                                                0x7ff600adccb6
                                                0x7ff600adccb9
                                                0x7ff600adccc1
                                                0x7ff600adccc4
                                                0x7ff600adccc7
                                                0x7ff600adccc9
                                                0x7ff600adccd0
                                                0x7ff600adccd2
                                                0x7ff600adccd7
                                                0x7ff600adccdd
                                                0x7ff600adcce1
                                                0x7ff600adcce5
                                                0x7ff600adcce8
                                                0x7ff600adcceb
                                                0x7ff600adccee
                                                0x7ff600adccf0
                                                0x7ff600adccf2
                                                0x7ff600adccf4
                                                0x7ff600adccfc
                                                0x7ff600adccff
                                                0x7ff600adcd01
                                                0x7ff600adcd04
                                                0x7ff600adcd0a
                                                0x7ff600adcd10
                                                0x7ff600adcd14
                                                0x7ff600adcd18
                                                0x7ff600adcd1a
                                                0x7ff600adcd1e
                                                0x7ff600adcd21
                                                0x7ff600adcd23
                                                0x7ff600adcd25
                                                0x7ff600adcd27
                                                0x7ff600adcd29
                                                0x7ff600adcd2e
                                                0x7ff600adcd31
                                                0x7ff600adcd36
                                                0x7ff600adcd38
                                                0x7ff600adcd3d
                                                0x7ff600adcd40
                                                0x7ff600adcd43
                                                0x7ff600adcd45
                                                0x7ff600adcd47
                                                0x7ff600adcd49
                                                0x7ff600adcd4b
                                                0x7ff600adcd4b
                                                0x7ff600adcd4f
                                                0x7ff600adcd52
                                                0x7ff600adcd54
                                                0x7ff600adcd5b
                                                0x7ff600adcd62
                                                0x7ff600adcd64
                                                0x7ff600adcd67
                                                0x7ff600adcd6a
                                                0x7ff600adcd6c
                                                0x7ff600adcd6f
                                                0x7ff600adcd71
                                                0x7ff600adcd78
                                                0x7ff600adcd7f
                                                0x7ff600adcd82
                                                0x7ff600adcd84
                                                0x7ff600adcd87
                                                0x7ff600adcd89
                                                0x7ff600adcd8e
                                                0x7ff600adcd91
                                                0x7ff600adcd94
                                                0x7ff600adcd97
                                                0x7ff600adcd9a
                                                0x7ff600adcd9e
                                                0x7ff600adcda2
                                                0x7ff600adcda5
                                                0x7ff600adcda9
                                                0x7ff600adcdac
                                                0x7ff600adcdb5
                                                0x7ff600adcdb8
                                                0x7ff600adcdba
                                                0x7ff600adcdbe
                                                0x7ff600adcdbe
                                                0x7ff600adcdc2
                                                0x7ff600adcdca
                                                0x7ff600adcdcc
                                                0x7ff600adcdce
                                                0x7ff600adcdd0
                                                0x7ff600adcdd3
                                                0x7ff600adcdd7
                                                0x7ff600adcdda
                                                0x7ff600adcddc
                                                0x7ff600adcddf
                                                0x7ff600adcde3
                                                0x7ff600adcde3
                                                0x7ff600adcde7
                                                0x7ff600adcdee
                                                0x7ff600adcdf7
                                                0x7ff600adcdf9
                                                0x7ff600adcdfb
                                                0x7ff600adcdfd
                                                0x7ff600adcdff
                                                0x7ff600adce04
                                                0x7ff600adce07
                                                0x7ff600adce0a
                                                0x7ff600adce10
                                                0x7ff600adce13
                                                0x7ff600adce16
                                                0x7ff600adce1a
                                                0x7ff600adce1d
                                                0x7ff600adce1f
                                                0x7ff600adce23
                                                0x7ff600adce23
                                                0x7ff600adce27
                                                0x7ff600adce2a
                                                0x7ff600adce2c
                                                0x7ff600adce30
                                                0x7ff600adce39
                                                0x7ff600adce3b
                                                0x7ff600adce3b
                                                0x7ff600adce3e
                                                0x7ff600adce41
                                                0x7ff600adce43
                                                0x7ff600adce4a
                                                0x7ff600adce4c
                                                0x7ff600adce4e
                                                0x7ff600adce51
                                                0x7ff600adce53
                                                0x7ff600adce5b
                                                0x7ff600adce5d
                                                0x7ff600adce60
                                                0x7ff600adce63
                                                0x7ff600adce66
                                                0x7ff600adce69
                                                0x7ff600adce6b
                                                0x7ff600adce6e
                                                0x7ff600adce70
                                                0x7ff600adce73
                                                0x7ff600adce7b
                                                0x7ff600adce7e
                                                0x7ff600adce81
                                                0x7ff600adce83
                                                0x7ff600adce8a
                                                0x7ff600adce8c
                                                0x7ff600adce90
                                                0x7ff600adce94
                                                0x7ff600adce98
                                                0x7ff600adce9a
                                                0x7ff600adce9d
                                                0x7ff600adce9f
                                                0x7ff600adcea7
                                                0x7ff600adcea9
                                                0x7ff600adceac
                                                0x7ff600adceae
                                                0x7ff600adceb4
                                                0x7ff600adceb4
                                                0x7ff600adcebb
                                                0x7ff600adcebb
                                                0x7ff600adcec2
                                                0x7ff600adcec7
                                                0x7ff600adcece
                                                0x7ff600adced1
                                                0x7ff600adceda
                                                0x7ff600adcedd
                                                0x7ff600adcee2
                                                0x7ff600adcee6
                                                0x7ff600adcee9
                                                0x7ff600adceeb
                                                0x7ff600adceed
                                                0x7ff600adcef1
                                                0x7ff600adcef4
                                                0x7ff600adcef6
                                                0x7ff600adcef9
                                                0x7ff600adcefb
                                                0x7ff600adcefd
                                                0x7ff600adceff
                                                0x7ff600adcf01
                                                0x7ff600adcf05
                                                0x7ff600adcf07
                                                0x7ff600adcf09
                                                0x7ff600adcf0b
                                                0x7ff600adcf0e
                                                0x7ff600adcf19
                                                0x7ff600adcf1b
                                                0x7ff600adcf1e
                                                0x7ff600adcf20
                                                0x7ff600adcf23
                                                0x7ff600adcf25
                                                0x7ff600adcf28
                                                0x7ff600adcf2b
                                                0x7ff600adcf2e
                                                0x7ff600adcf31
                                                0x7ff600adcf34
                                                0x7ff600adcf36
                                                0x7ff600adcf38
                                                0x7ff600adcf40
                                                0x7ff600adcf43
                                                0x7ff600adcf47
                                                0x7ff600adcf4f
                                                0x7ff600adcf51
                                                0x7ff600adcf54
                                                0x7ff600adcf57
                                                0x7ff600adcf5b
                                                0x7ff600adcf5e
                                                0x7ff600adcf61
                                                0x7ff600adcf66
                                                0x7ff600adcf69
                                                0x7ff600adcf70
                                                0x7ff600adcf74
                                                0x7ff600adcf79
                                                0x7ff600adcf7e
                                                0x7ff600adcf80
                                                0x7ff600adcf85
                                                0x7ff600adcf87
                                                0x7ff600adcf89
                                                0x7ff600adcf8e
                                                0x7ff600adcf92
                                                0x7ff600adcf97
                                                0x7ff600adcf99
                                                0x7ff600adcf9e
                                                0x7ff600adcf9e
                                                0x7ff600adcfa5
                                                0x7ff600adcfac
                                                0x7ff600adcfb1
                                                0x7ff600adcfb8
                                                0x7ff600adcfb8
                                                0x7ff600adcfbb
                                                0x7ff600adcfc0
                                                0x7ff600adcfc8
                                                0x7ff600adcfcf
                                                0x7ff600adcfd1
                                                0x7ff600adcfd3
                                                0x7ff600adcfd5
                                                0x7ff600adcfd7
                                                0x7ff600adcfd8
                                                0x7ff600adcfd9
                                                0x7ff600adcfda

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $
                                                • API String ID: 0-227171996
                                                • Opcode ID: 9feb964231ae5bd5a14e1113249a2ee4b84c4472c26ed93288df3413ab321725
                                                • Instruction ID: d98a947a67d035437d0e8be4d1bcb05f7efda27045d3e6d3040b20d6c228b92f
                                                • Opcode Fuzzy Hash: 9feb964231ae5bd5a14e1113249a2ee4b84c4472c26ed93288df3413ab321725
                                                • Instruction Fuzzy Hash: E903A573A181C29BE7758E25D540BF93795FB84788F605136DE0B97B9ADF38AA00CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AED2B4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID: GetLocaleInfoEx
                                                • API String ID: 2299586839-2904428671
                                                • Opcode ID: 71868976d76d12f9b235e9c0ba3dfa63173fd5ecbc46d17454a930f6cc893be9
                                                • Instruction ID: 0ad1a714896e0f1d50ffe4b2aee3d68c7ec4ff79bf215ee7d7a2a88d8d1cb0ed
                                                • Opcode Fuzzy Hash: 71868976d76d12f9b235e9c0ba3dfa63173fd5ecbc46d17454a930f6cc893be9
                                                • Instruction Fuzzy Hash: BE01D165F0CB82A2E7008B16F4000AAB260EF95BD0FA94035EE4E87B9ECF3DE5018340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7E1D0 Relevance: 2.5, APIs: 2, Instructions: 11memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 75%
                                                			E00007FF67FF600A7E1D0(long long __rax, long long __rcx, long long _a8) {
				long long _v24;
				void* _t5;

				_a8 = __rcx;
				_t5 = GetProcessHeap();
				asm("adc eax, 0x890be");
				_v24 = __rax;
				return _t5;
			}





                                                0x7ff600a7e1d0
                                                0x7ff600a7e1d9
                                                0x7ff600a7e1ed
                                                0x7ff600a7e1f2
                                                0x7ff600a7e200

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Heap$AllocProcess
                                                • String ID:
                                                • API String ID: 1617791916-0
                                                • Opcode ID: 2fe4a44fff22c87335dab6588ba58efe8cb4d253d76ba1fd5e1b6f9f9dc251f4
                                                • Instruction ID: cdcd66cd7650cd4179be9a0e6f27747425ec6bfdfcfd9b145858427b80e1b658
                                                • Opcode Fuzzy Hash: 2fe4a44fff22c87335dab6588ba58efe8cb4d253d76ba1fd5e1b6f9f9dc251f4
                                                • Instruction Fuzzy Hash: D0D09265E0CB81D2DA20AB55F80411AB764FBCAB44F604229EECE42B28CF3DD1258A14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AFA2DC Relevance: 2.4, Strings: 1, Instructions: 1136COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00007FF67FF600AFA2DC(void* __ebx, void* __ecx, void* __edx, void* __r8, signed int __r9, signed int __r10, void* __r13) {
				void* _t487;
				signed int _t499;
				signed int _t505;
				void* _t509;
				void* _t512;
				signed int _t565;
				signed int _t569;
				signed int _t570;
				void* _t572;
				void* _t575;
				signed int _t576;
				signed char _t580;
				signed int _t585;
				signed int _t587;
				signed int _t588;
				signed int _t589;
				signed int _t595;
				signed int _t598;
				signed int _t599;
				void* _t622;
				void* _t623;
				void* _t624;
				void* _t630;
				void* _t639;
				void* _t652;
				signed long long _t678;
				signed long long _t698;
				signed long long _t719;
				signed long long _t740;
				void* _t748;
				void* _t762;
				signed long long _t771;
				signed long long _t787;
				signed long long _t790;
				intOrPtr _t793;
				signed long long _t809;
				signed int _t812;
				intOrPtr _t819;
				signed int _t825;
				signed long long _t826;
				signed long long _t829;
				signed int _t832;
				signed long long _t837;
				signed long long _t838;
				signed long long _t840;
				void* _t843;
				signed long long _t845;
				intOrPtr* _t846;
				signed long long _t849;
				unsigned long long _t851;
				signed long long _t852;
				signed long long* _t856;
				signed long long _t865;
				signed long long _t871;
				void* _t876;
				intOrPtr* _t877;
				signed long long _t880;
				long long _t907;
				unsigned long long _t908;
				long long _t932;
				unsigned long long _t934;
				intOrPtr _t945;
				void* _t951;
				void* _t953;
				long long _t957;
				signed long long _t958;
				signed long long _t959;
				signed int _t961;
				signed int _t964;
				signed int _t980;
				signed long long _t985;
				long long _t998;
				signed long long _t1003;
				signed long long _t1010;
				signed long long _t1015;
				long long _t1018;
				void* _t1019;
				void* _t1021;
				signed long long _t1030;
				signed long long _t1033;
				char* _t1034;
				intOrPtr* _t1035;
				void* _t1037;
				signed long long _t1038;
				signed long long _t1042;
				signed long long _t1056;
				signed long long _t1073;
				signed int _t1087;
				signed long long _t1089;
				signed long long _t1090;
				signed long long _t1091;
				signed long long _t1092;
				void* _t1097;
				void* _t1099;

				_t1098 = __r13;
				_t1087 = __r9;
				_t1035 = _t1037 - 0x6c0;
				_t1038 = _t1037 - 0x7c0;
				_t771 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t1035 + 0x6b0) = _t771 ^ _t1038;
				_push(0x2444894c);
				asm("pushad");
				 *((long long*)(_t1038 + 0x48)) = _t957;
				asm("movsd [esp+0x40], xmm0");
				_t958 =  *((intOrPtr*)(_t1038 + 0x40));
				 *((long long*)(_t1038 + 0x50)) = __r9;
				_t1042 = _t958 >> 0x34;
				r9d = 0x7ff;
				 *((char*)(_t1038 + 0x20)) = 1;
				asm("dec eax");
				_t959 = _t958 & 0xffffffff;
				_t851 = (_t849 & 0x00000000) + _t959;
				_t880 =  ~(_t1042 & __r9);
				asm("sbb eax, eax");
				r8d = r8d & r9d;
				0xb01640();
				E00007FF67FF600B01578(_t487, _t1042);
				asm("cvttsd2si ecx, xmm0");
				 *(_t1038 + 0x74) = _t851;
				asm("sbb eax, eax");
				_t852 = _t851 >> 0x20;
				 *(_t1038 + 0x78) = _t852;
				 *(_t1038 + 0x24) =  ~(_t880 - 0x7fffffff & 0xfffffffe) & _t880;
				asm("sbb edx, edx");
				r14d = 0;
				_t961 =  ~_t959 + 1;
				 *(_t1038 + 0x70) = _t961;
				if (0x2454894800000001 - 0x434 < 0) goto 0xafa60d;
				 *((long long*)(_t1035 + 0x318)) = 0x100000;
				 *((long long*)(_t1035 + 0x314)) = 0;
				 *(_t1035 + 0x310) = 0x2;
				if (_t852 == 0) goto 0xafa509;
				r8d = r14d;
				if ( *((intOrPtr*)(_t1035 + 0x314 + _t880 * 4)) !=  *((intOrPtr*)(_t1038 + 0x74 + _t880 * 4))) goto 0xafa509;
				r8d = r8d + 1;
				_t630 = r8d - _t622;
				if (_t630 != 0) goto 0xafa3ea;
				r11d = 0x24548947fffffbcf;
				 *(_t1038 + 0x30) = r14d;
				r8d = 0x20;
				r9d = r11d;
				r11d = r11d & 0x0000001f;
				r9d = r9d >> 5;
				_t26 = _t1042 - 0x1f; // -30
				_t569 = _t26;
				asm("bsr eax, [esp+eax*4+0x74]");
				r12d = _t569;
				r12d =  !r12d;
				if (_t630 == 0) goto 0xafa448;
				_t787 = _t961 - 1 + 1;
				goto 0xafa44b;
				r8d = r8d - r14d;
				if (_t787 - 0x73 > 0) goto 0xafa4e5;
				r15d = r14d;
				r15b = r11d - r8d > 0;
				r15d = r15d + __edx;
				r15d = r15d + r9d;
				if (r15d - 0x73 > 0) goto 0xafa4e5;
				_t623 = __r9 - 1;
				_t29 = _t1099 - 1; // -1
				r10d = _t29;
				if (r10d == _t623) goto 0xafa4c8;
				_t30 = _t787 - 1; // -3
				if (_t787 - _t961 >= 0) goto 0xafa492;
				r8d =  *(_t1038 + 0x74 + _t787 * 4);
				goto 0xafa495;
				r8d = r14d;
				if (_t30 - _t961 >= 0) goto 0xafa49f;
				goto 0xafa4a2;
				r8d = r8d & _t569;
				r8d = r8d << r11d;
				_t595 = r14d & r12d | r8d;
				 *(_t1038 + 0x74 + __r10 * 4) = _t595;
				r10d = r10d - 1;
				if (r10d == _t623) goto 0xafa4c8;
				_t964 =  *(_t1038 + 0x70);
				goto 0xafa47e;
				_t580 = r14d;
				if (r9d == 0) goto 0xafa4de;
				 *(_t1038 + 0x9152252000000078) = r14d;
				_t639 = _t580 - r9d;
				if (_t639 != 0) goto 0xafa4d0;
				 *(_t1038 + 0x70) = r15d;
				goto 0xafa4ed;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				r12d = 1;
				 *((long long*)(_t1035 + 0x144)) = 4;
				 *(_t1035 + 0x140) = r12d;
				goto 0xafa850;
				r11d = 0x24548947fffffbce;
				 *(_t1038 + 0x30) = r14d;
				r8d = 0x20;
				r9d = r11d;
				r11d = r11d & 0x0000001f;
				r9d = r9d >> 5;
				_t570 = _t1042 - 0x1f;
				_t856 = ((_t852 << r8d) - 1 << _t580) - 1;
				asm("bsr eax, [esp+eax*4+0x74]");
				r12d = _t570;
				r12d =  !r12d;
				if (_t639 == 0) goto 0xafa54b;
				_t790 = _t964 - 1 + 1;
				goto 0xafa54e;
				r8d = r8d - r14d;
				if (_t790 - 0x73 > 0) goto 0xafa5ed;
				r15d = r14d;
				r15b = r11d - r8d > 0;
				r15d = r15d + _t595;
				r15d = r15d + r9d;
				if (r15d - 0x73 > 0) goto 0xafa5ed;
				_t624 = __r9 - 1;
				_t54 = _t1099 - 1; // -1
				r10d = _t54;
				if (r10d == _t624) goto 0xafa5cb;
				_t55 = _t790 - 1; // -3
				if (_t790 - _t964 >= 0) goto 0xafa595;
				r8d =  *(_t1038 + 0x74 + _t790 * 4);
				goto 0xafa598;
				r8d = r14d;
				if (_t55 - _t964 >= 0) goto 0xafa5a2;
				goto 0xafa5a5;
				r8d = r8d & _t570;
				r8d = r8d << r11d;
				_t598 = r14d & r12d | r8d;
				 *(_t1038 + 0x74 + __r10 * 4) = _t598;
				r10d = r10d - 1;
				if (r10d == _t624) goto 0xafa5cb;
				goto 0xafa581;
				if (r9d == 0) goto 0xafa5e1;
				 *(_t1038 + 0x9152252000000078) = r14d;
				if (r14d != r9d) goto 0xafa5d3;
				 *(_t1038 + 0x70) = r15d;
				 *0xB5A6AE680000007E =  *((char*)(0xb5a6ae680000007e)) + 1;
				r12d = 1;
				 *((long long*)(_t1035 + 0x144)) = 0x2;
				 *(_t1035 + 0x140) = r12d;
				goto 0xafa850;
				if (0x2454894800000001 == 0x36) goto 0xafa75f;
				 *((long long*)(_t1035 + 0x318)) = 0x100000;
				 *((long long*)(_t1035 + 0x314)) = 0;
				 *(_t1035 + 0x310) = 0x2;
				if (_t856 == 0) goto 0xafa75f;
				r8d = r14d;
				_t793 =  *((intOrPtr*)(_t1038 + 0x915225200000007c));
				if ( *((intOrPtr*)(_t1035 + 0x915225200000031c)) != _t793) goto 0xafa75f;
				r8d = r8d + 1;
				_t652 = r8d - _t624;
				if (_t652 != 0) goto 0xafa639;
				asm("bsr eax, ebx");
				 *(_t1038 + 0x30) = r14d;
				if (_t652 == 0) goto 0xafa663;
				_t794 = _t793 + 1;
				goto 0xafa666;
				r15d = r14d;
				r8d = 0x20;
				r8d = r8d - r14d;
				r15b = r8d - _t624 > 0;
				r11d = r11d | 0xffffffff;
				r15d = r15d + _t598;
				if (r15d - 0x73 <= 0) goto 0xafa690;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0xafa6e0;
				_t89 = _t1099 - 1; // -1
				_t499 = _t89;
				if (_t499 == r11d) goto 0xafa6db;
				r10d = _t499;
				_t90 = _t794 - 1; // -3
				r8d = _t90;
				if (_t793 + 1 -  *(_t1038 + 0x70) >= 0) goto 0xafa6ab;
				r9d =  *(_t1038 + 0x74 + __r10 * 4);
				goto 0xafa6ae;
				r9d = r14d;
				if (r8d - _t598 >= 0) goto 0xafa6ba;
				goto 0xafa6bd;
				_t585 = r14d;
				 *(_t1038 + 0x74 + __r10 * 4) = _t585;
				if (r8d == r11d) goto 0xafa6db;
				goto 0xafa699;
				 *(_t1038 + 0x70) = r15d;
				 *_t856 =  *_t856 + bpl;
				_t599 = r8d %  *_t856;
				asm("ror byte [ebx+0x5efc1fe], cl");
				E00007FF67FF600AA7EF0(r8d /  *_t856, _t599, 0x2454894800000002 >> 0x0000001e | _t793 + 0x00000001 << 0x00000002,  *(_t1038 + 0x70), 0x2454894800000001 << 2);
				asm("loopne 0xffffff8b");
				r12d = 0x2454894800000002;
				r8d = r12d;
				 *(_t1035 + 0x310) = r12d;
				 *(_t1035 + 0x140) = r12d;
				if (0x2454894800000001 << 2 << 2 == 0) goto 0xafa850;
				 *0x1 =  *0x1 + 0x1;
				 *0x68E2169000000190 =  *((intOrPtr*)(0x68e2169000000190)) + _t585;
				if (0x2454894800000001 << 2 << 2 > 0) goto 0xafa82f;
				E00007FF67FF600AA7840();
				goto 0xafa849;
				 *(_t1038 + 0x30) = r14d;
				asm("dec eax");
				asm("bsr eax, [esp+eax+0x74]");
				if (0x2454894800000001 << 2 << 2 == 0) goto 0xafa777;
				goto 0xafa77a;
				r15d = r14d;
				r8d = 0x20;
				r8d = r8d - r14d;
				r15b = r8d - 1 > 0;
				r11d = r11d | 0xffffffff;
				r15d = r15d + _t599;
				if (r15d - 0x73 <= 0) goto 0xafa7a5;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0xafa7f3;
				_t118 = _t1099 - 1; // -1
				_t505 = _t118;
				if (_t505 == r11d) goto 0xafa7ee;
				r10d = _t505;
				r8d = 0;
				if (0x1 - _t1035 + 0x314 >= 0) goto 0xafa7c0;
				r9d =  *(_t1038 + 0x74 + __r10 * 4);
				goto 0xafa7c3;
				r9d = r14d;
				if (r8d - _t599 >= 0) goto 0xafa7cf;
				goto 0xafa7d2;
				_t587 = r14d;
				 *(_t1038 + 0x74 + __r10 * 4) = _t587;
				if (r8d == r11d) goto 0xafa7ee;
				goto 0xafa7ae;
				 *(_t1038 + 0x70) = r15d;
				 *0x1cc =  *0x1cc + bpl;
				asm("ror byte [ebx+0x5efc1fe], cl");
				_t509 = E00007FF67FF600AA7EF0(r8d /  *0x1cc, r8d %  *( ~0x1cc), (0x2454894800000002 >> 0x0000001e | _t793 + 0x00000001 << 0x00000002) >> 0x0000001f | 0x00000001,  *(_t1038 + 0x70), 0x2454894800000001 << 2);
				asm("loopne 0xffffff8b");
				goto 0xafa717;
				E00007FF67FF600AA7EF0(_t509, r8d %  *( ~0x1cc), (0x2454894800000002 >> 0x0000001e | _t793 + 0x00000001 << 0x00000002) >> 0x0000001f | 0x00000001, 0, 0x2454894800000001 << 2);
				E00007FF67FF600AE8D04(0x1);
				 *0x1 = 0x22;
				_t512 = E00007FF67FF600ACE12C();
				r12d =  *(_t1035 + 0x140);
				 *(_t1038 + 0x3c) = 0 >> 3;
				 *(_t1038 + 0x2c) = 0 >> 3;
				if (0 >> 3 == 0) goto 0xafac59;
				r8d = 0x26;
				_t514 =  >  ? r8d : _t512 +  *0x7FF5E2A6A863;
				 *(_t1038 + 0x38) = 0 >> 3;
				 *(_t1035 + 0x310) = ( *0x7FF6039C9A83 & 0x000000ff) + ( *0x7FF6039C9A82 & 0x000000ff);
				E00007FF67FF600AA7EF0( >  ? r8d : _t512 +  *0x7FF5E2A6A863, r8d %  *( ~0x1cc), _t1035 + 0x314, 0, ( *0x7FF6039C9A82 & 0x000000ff) << 2);
				E00007FF67FF600AA7840();
				r10d =  *(_t1035 + 0x310);
				if (r10d - 1 > 0) goto 0xafa9af;
				_t809 =  *((intOrPtr*)(_t1035 + 0x314));
				if (_t809 != 0) goto 0xafa922;
				r12d = r14d;
				 *(_t1035 + 0x140) = r14d;
				goto 0xafac2c;
				if (_t809 == 1) goto 0xafac2c;
				if (r12d == 0) goto 0xafac2c;
				r8d = r14d;
				r9d = r14d;
				_t1089 = _t809;
				r9d = r9d + 1;
				 *(_t1035 + 0x144 + (0x7ff600b122c0 + ( *0x7FF6039C9A80 & 0x0000ffff) * 4) * 4) =  *(_t1035 + 0x144 + (0x7ff600b122c0 + ( *0x7FF6039C9A80 & 0x0000ffff) * 4) * 4) * _t1089 + _t809;
				if (r9d != r12d) goto 0xafa93d;
				if (r8d == 0) goto 0xafac25;
				if ( *(_t1035 + 0x140) - 0x73 >= 0) goto 0xafa99d;
				 *(_t1035 + 0x144 +  *(_t1035 + 0x140) * 4) = r8d;
				r12d =  *(_t1035 + 0x140);
				r12d = r12d + 1;
				 *(_t1035 + 0x140) = r12d;
				goto 0xafac2c;
				r12d = r14d;
				 *(_t1035 + 0x140) = r14d;
				goto 0xafac2e;
				if (r12d - 1 > 0) goto 0xafaa67;
				_t865 =  *((intOrPtr*)(_t1035 + 0x144));
				r12d = r10d;
				 *(_t1035 + 0x140) = r10d;
				_t678 = _t1089 << 2;
				if (_t678 == 0) goto 0xafaa15;
				 *0x1cc = 0x1cc +  *0x1cc;
				 *((intOrPtr*)(_t865 + 0xbadb6c)) =  *((intOrPtr*)(_t865 + 0xbadb6c)) + _t587;
				if (_t678 > 0) goto 0xafa9f4;
				E00007FF67FF600AA7840();
				goto 0xafaa0e;
				E00007FF67FF600AA7EF0(r14b, r9d,  *(_t1035 + 0x144 + (0x7ff600b122c0 + ( *0x7FF6039C9A80 & 0x0000ffff) * 4) * 4) * _t1089 + _t809, 0, 0x1cc);
				E00007FF67FF600AE8D04(0x1cc);
				 *0x1cc = 0x22;
				E00007FF67FF600ACE12C();
				r12d =  *(_t1035 + 0x140);
				if (_t865 == 0) goto 0xafa913;
				if (_t865 == 1) goto 0xafac2c;
				if (r12d == 0) goto 0xafac2c;
				r8d = r14d;
				r9d = r14d;
				_t1090 = _t865;
				r9d = r9d + 1;
				 *(_t1035 + 0x144) = 0x1cc +  *(_t1035 + 0x144) * _t1090;
				if (r9d != r12d) goto 0xafaa38;
				goto 0xafa967;
				 *(_t1035 + 0x4e0) = r14d;
				_t572 =  <  ? r10d : r12d;
				_t907 =  >=  ? _t1035 + 0x144 : _t1035 + 0x314;
				 *(_t1038 + 0x28) = _t865;
				 *((long long*)(_t1038 + 0x40)) = _t907;
				r9d = r14d;
				_t1056 = _t1035 + 0x314;
				_t980 =  >=  ? _t1056 : _t1035 + 0x144;
				 *(_t1038 + 0x30) = _t980;
				r10d =  !=  ? r12d : r10d;
				r12d = r14d;
				if (_t865 == 0) goto 0xafabd9;
				_t1030 =  *((intOrPtr*)(_t907 + 0x1236352000000730));
				if (_t1030 != 0) goto 0xafaaec;
				if (r9d != r12d) goto 0xafabcd;
				_t205 = _t1087 + 1; // 0x1
				r12d = _t205;
				 *(_t1035 + 0x1236352000000c14) = r14d;
				 *(_t1035 + 0x4e0) = r12d;
				goto 0xafabcd;
				r11d = r14d;
				r8d = r9d;
				if (r10d == 0) goto 0xafabb9;
				if (r8d == 0x73) goto 0xafab63;
				if (r8d != r12d) goto 0xafab20;
				 *(_t1035 + 0x2eb7394) = r14d;
				 *(_t1035 + 0x4e0) = 0x1cc;
				r8d = r8d + 1;
				_t812 =  *(_t1035 + 0x2eb7394);
				 *(_t1035 + 0x2eb7394) = 0x1cc +  *(_t980 + 0x1236352000000730) * _t1030 + _t812;
				r12d =  *(_t1035 + 0x4e0);
				if (_t1056 +  ~_t865 == r10d) goto 0xafab63;
				_t985 =  *(_t1038 + 0x30);
				goto 0xafab00;
				if (r11d == 0) goto 0xafabb5;
				if (r8d == 0x73) goto 0xafad57;
				if (r8d != r12d) goto 0xafab8c;
				_t227 = _t1056 + 1; // 0x1
				 *(_t1035 + 0x4e4 + _t985 * 4) = r14d;
				 *(_t1035 + 0x4e0) = _t812;
				r8d = r8d + 1;
				_t588 = r11d;
				_t908 = _t907 +  *(_t1035 + 0x4e4 + _t985 * 4);
				 *(_t1035 + 0x4e4 + _t985 * 4) = _t908;
				r12d =  *(_t1035 + 0x4e0);
				r11d = _t588;
				if (_t908 >> 0x20 != 0) goto 0xafab68;
				if (r8d == 0x73) goto 0xafad57;
				r9d = r9d + 1;
				if (r9d != r9d) goto 0xafaac1;
				r8d = r12d;
				 *(_t1035 + 0x140) = r12d;
				_t698 = _t1056 << 2;
				if (_t698 == 0) goto 0xafac2c;
				 *0x1cc = 0x1cc +  *0x1cc;
				 *((intOrPtr*)( *(_t1038 + 0x28) + 0xbadb6c)) =  *((intOrPtr*)( *(_t1038 + 0x28) + 0xbadb6c)) + _t588;
				if (_t698 > 0) goto 0xafac0b;
				E00007FF67FF600AA7840();
				goto 0xafac25;
				E00007FF67FF600AA7EF0(_t227, r8d,  *((intOrPtr*)(_t1038 + 0x40)), 0, 0x1cc);
				E00007FF67FF600AE8D04(0x1cc);
				 *0x1cc = 0x22;
				E00007FF67FF600ACE12C();
				r12d =  *(_t1035 + 0x140);
				if (1 == 0) goto 0xafad57;
				r8d = 0x26;
				 *(_t1038 + 0x2c) =  *(_t1038 + 0x2c) -  *(_t1038 + 0x38);
				if (1 != 0) goto 0xafa887;
				if (1 == 0) goto 0xafacee;
				_t819 =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + ( *(_t1038 + 0x24) -  *(_t1038 + 0x3c) +  *(_t1038 + 0x3c) * 4 +  *(_t1038 + 0x3c) +  *(_t1038 + 0x3c) * 4 - 1) * 4));
				if (_t819 == 0) goto 0xafad57;
				if (_t819 == 1) goto 0xafacee;
				if (r12d == 0) goto 0xafacee;
				r8d = r14d;
				r9d = r14d;
				r10d = 1;
				r9d = r9d + 1;
				 *(_t1035 + 0x1ffd8029c0144) =  *(_t1035 + 0x1ffd8029c0144) * _t1090 + _t819;
				if (r9d != r12d) goto 0xafac8f;
				if (r8d == 0) goto 0xafad4e;
				if ( *(_t1035 + 0x140) - 0x73 >= 0) goto 0xafad57;
				 *(_t1035 + 0x144 +  *(_t1035 + 0x140) * 4) = r8d;
				r12d =  *(_t1035 + 0x140);
				r12d = r12d + 1;
				 *(_t1035 + 0x140) = r12d;
				if (r15d == 0) goto 0xafb1f6;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1038 + 0x1ffd8029c0074) = r8d;
				if (r9d != r15d) goto 0xafad05;
				if (r8d == 0) goto 0xafb1f6;
				if ( *(_t1038 + 0x70) - 0x73 >= 0) goto 0xafb1d1;
				 *(_t1038 + 0x74 +  *(_t1038 + 0x70) * 4) = r8d;
				 *(_t1038 + 0x70) =  *(_t1038 + 0x70) + 1;
				goto 0xafb1f6;
				r12d =  *(_t1035 + 0x140);
				goto 0xafacee;
				r12d = r14d;
				 *(_t1035 + 0x140) = r14d;
				goto 0xafacee;
				 *(_t1038 + 0x38) =  ~( *(_t1038 + 0x1ffd8029c0074) +  *(_t1038 + 0x1ffd8029c0074) * 4);
				 *(_t1038 + 0x30) = 0x7ff600a70000 >> 3;
				 *(_t1038 + 0x28) = 0x7ff600a70000 >> 3;
				if (0x7ff600a70000 >> 3 == 0) goto 0xafb136;
				_t825 =  >  ? 0x26 : 0x7ff600a70000 >> 3;
				 *(_t1038 + 0x3c) = _t825;
				_t826 = _t825 - 1;
				_t1015 = _t826;
				_t589 =  *(0x7ff600a70000 + 0xa2bd2 + _t826 * 4) & 0x000000ff;
				 *(_t1035 + 0x310) =  *((intOrPtr*)(_t1038 + 0x50)) + 0x26;
				E00007FF67FF600AA7EF0(r8d *  ~( *(_t1038 + 0x1ffd8029c0074) +  *(_t1038 + 0x1ffd8029c0074) * 4), r8d *  ~( *(_t1038 + 0x1ffd8029c0074) +  *(_t1038 + 0x1ffd8029c0074) * 4) >> 0x20, _t1035 + 0x314, 0, 0x26);
				E00007FF67FF600AA7840();
				r10d =  *(_t1035 + 0x310);
				if (r10d - 1 > 0) goto 0xafaea1;
				_t829 =  *((intOrPtr*)(_t1035 + 0x314));
				if (_t829 != 0) goto 0xafae27;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0xafb106;
				if (_t829 == 1) goto 0xafb106;
				if (r15d == 0) goto 0xafb106;
				r8d = r14d;
				r9d = r14d;
				_t1091 = _t829;
				r9d = r9d + 1;
				 *(_t1038 + 0x74 + (0x7ff600b122c0 + ( *(0x7ff600a70000 + 0xa2bd0 + _t1015 * 4) & 0x0000ffff) * 4) * 4) =  *(_t1038 + 0x74 + (0x7ff600b122c0 + ( *(0x7ff600a70000 + 0xa2bd0 + _t1015 * 4) & 0x0000ffff) * 4) * 4) * _t1091 + _t829;
				if (r9d != r15d) goto 0xafae42;
				if (r8d == 0) goto 0xafb101;
				if ( *(_t1038 + 0x70) - 0x73 >= 0) goto 0xafae91;
				 *(_t1038 + 0x74 +  *(_t1038 + 0x70) * 4) = r8d;
				r15d =  *(_t1038 + 0x70);
				r15d = r15d + 1;
				 *(_t1038 + 0x70) = r15d;
				goto 0xafb106;
				r15d = r14d;
				 *(_t1038 + 0x70) = r14d;
				goto 0xafb108;
				if (r15d - 1 > 0) goto 0xafaf4b;
				_t871 =  *(_t1038 + 0x74);
				r15d = r10d;
				 *(_t1038 + 0x70) = r10d;
				_t719 = _t1091 << 2;
				if (_t719 == 0) goto 0xafaeff;
				if (_t719 == 0) goto 0xafaf1a;
				if (0x1cc - 0x1cc > 0) goto 0xafaee0;
				E00007FF67FF600AA7840();
				goto 0xafaefa;
				E00007FF67FF600AA7EF0(r14b, r9d,  *(_t1038 + 0x74 + (0x7ff600b122c0 + ( *(0x7ff600a70000 + 0xa2bd0 + _t1015 * 4) & 0x0000ffff) * 4) * 4) * _t1091 + _t829, 0, 0x1cc);
				E00007FF67FF600AE8D04(0x1cc);
				 *0x1cc = 0x22;
				E00007FF67FF600ACE12C();
				r15d =  *(_t1038 + 0x70);
				if (_t871 == 0) goto 0xafae1a;
				if (_t871 == 1) goto 0xafb106;
				if (r15d == 0) goto 0xafb106;
				r8d = r14d;
				r9d = r14d;
				_t1092 = _t871;
				r9d = r9d + 1;
				 *(_t1038 + 0x74) =  *(_t1038 + 0x74) * _t1092 + 0x1cc;
				if (r9d != r15d) goto 0xafaf22;
				goto 0xafae66;
				 *(_t1035 + 0x4e0) = r14d;
				_t575 =  <  ? r10d : r15d;
				_t932 =  >=  ? _t1038 + 0x74 : _t1035 + 0x314;
				 *(_t1038 + 0x2c) = _t871;
				 *((long long*)(_t1038 + 0x58)) = _t932;
				r9d = r14d;
				_t1073 = _t1035 + 0x314;
				_t998 =  >=  ? _t1073 : _t1038 + 0x74;
				 *((long long*)(_t1038 + 0x40)) = _t998;
				r10d =  !=  ? r15d : r10d;
				r15d = r14d;
				if (_t871 == 0) goto 0xafb0b9;
				_t1033 =  *((intOrPtr*)(_t932 + 0x9132352000000730));
				if (_t1033 != 0) goto 0xafafcc;
				if (r9d != r15d) goto 0xafb0ad;
				_t359 = _t1087 + 1; // 0x1
				r15d = _t359;
				 *(_t1035 + 0x9132352000000c14) = r14d;
				 *(_t1035 + 0x4e0) = r15d;
				goto 0xafb0ad;
				r11d = r14d;
				r8d = r9d;
				if (r10d == 0) goto 0xafb099;
				_t576 = r9d;
				if (r8d == 0x73) goto 0xafb043;
				if (r8d != r15d) goto 0xafb000;
				 *(_t1035 + 0x4e4 + _t1015 * 4) = r14d;
				 *(_t1035 + 0x4e0) = 0x1cc;
				r8d = r8d + 1;
				_t832 =  *(_t1035 + 0x4e4 + _t1015 * 4);
				 *(_t1035 + 0x4e4 + _t1015 * 4) =  *(_t998 + 0x9132352000000730) * _t1033 + 0x1cc + _t832;
				r15d =  *(_t1035 + 0x4e0);
				if ( ~_t871 + _t1073 == r10d) goto 0xafb043;
				_t1003 =  *((intOrPtr*)(_t1038 + 0x40));
				goto 0xafafe0;
				if (r11d == 0) goto 0xafb095;
				if (r8d == 0x73) goto 0xafb1c2;
				if (r8d != r15d) goto 0xafb06c;
				 *(_t1035 + 0x4e4 + _t1003 * 4) = r14d;
				 *(_t1035 + 0x4e0) = _t832;
				r8d = r8d + 1;
				_t934 =  *(_t1035 + 0x4e4 + _t1003 * 4) + _t832;
				 *(_t1035 + 0x4e4 + _t1003 * 4) = _t934;
				r15d =  *(_t1035 + 0x4e0);
				r11d = _t589;
				if (_t934 >> 0x20 != 0) goto 0xafb048;
				if (r8d == 0x73) goto 0xafb1c2;
				r9d = r9d + 1;
				if (r9d != _t576) goto 0xafafa1;
				r8d = r15d;
				 *(_t1038 + 0x70) = r15d;
				_t740 = _t1073 << 2;
				if (_t740 == 0) goto 0xafb106;
				if (_t740 == 0) goto 0xafb121;
				if (0x1cc - 0x1cc > 0) goto 0xafb0e7;
				E00007FF67FF600AA7840();
				goto 0xafb101;
				E00007FF67FF600AA7EF0(r11d, r8d,  *((intOrPtr*)(_t1038 + 0x58)), 0, 0x1cc);
				E00007FF67FF600AE8D04(0x1cc);
				 *0x1cc = 0x22;
				E00007FF67FF600ACE12C();
				r15d =  *(_t1038 + 0x70);
				if (1 == 0) goto 0xafb1c2;
				if (1 != 0) goto 0xafad8e;
				if (1 == 0) goto 0xafacee;
				_t837 =  *(_t1038 + 0x38) -  *(_t1038 + 0x30) +  *(_t1038 + 0x30) * 4 +  *(_t1038 + 0x30) +  *(_t1038 + 0x30) * 4 - 1;
				if (_t837 == 0) goto 0xafb1c2;
				if (_t837 == 1) goto 0xafacee;
				if (r15d == 0) goto 0xafacee;
				r8d = r14d;
				r9d = r14d;
				r10d =  *(0x7ff600a70000 + 0xa2c68 + _t837 * 4);
				r9d = r9d + 1;
				 *(_t1038 + 0x74 + ( *(_t1038 + 0x28) -  *(_t1038 + 0x3c)) * 4) =  *(_t1038 + 0x74 + ( *(_t1038 + 0x28) -  *(_t1038 + 0x3c)) * 4) * _t1092 + _t837;
				if (r9d != r15d) goto 0xafb16d;
				if (r8d == 0) goto 0xafb1b8;
				_t748 =  *(_t1038 + 0x70) - 0x73;
				if (_t748 >= 0) goto 0xafb1c2;
				_t838 =  *(_t1038 + 0x70);
				 *(_t1038 + 0x74 + _t838 * 4) = r8d;
				r15d =  *(_t1038 + 0x70);
				r15d = r15d + 1;
				 *(_t1038 + 0x70) = r15d;
				goto 0xafacee;
				r15d =  *(_t1038 + 0x70);
				goto 0xafacee;
				_t1034 =  *((intOrPtr*)(_t1038 + 0x50));
				 *(_t1038 + 0x70) = r14d;
				goto 0xafb1f6;
				r9d = 0;
				 *(_t1035 + 0x310) = r14d;
				 *(_t1038 + 0x70) = r14d;
				if (_t748 == 0) goto 0xafb1da;
				sil = 0x15;
				 *_t838 =  *_t838 + 1;
				_t1010 = _t1035 + 0x140;
				E00007FF67FF600ADD110(_t589, _t838, _t1038 + 0x70, _t1010, _t1092, __r13);
				if (_t838 != 0xa) goto 0xafb2a4;
				 *_t1034 = 0x31;
				if (r12d == 0) goto 0xafb2b4;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1035 + 0x144 + _t1010 * 4) = r8d;
				if (r9d != r12d) goto 0xafb22c;
				if (r8d == 0) goto 0xafb2b4;
				if ( *(_t1035 + 0x140) - 0x73 >= 0) goto 0xafb279;
				_t840 =  *(_t1035 + 0x140);
				 *(_t1035 + 0x144 + _t840 * 4) = r8d;
				 *(_t1035 + 0x140) =  *(_t1035 + 0x140) + 1;
				goto 0xafb2b4;
				r9d = 0;
				 *(_t1035 + 0x310) = r14d;
				 *(_t1035 + 0x140) = r14d;
				 *_t840 =  *_t840 + _t840;
				if (_t840 != 0) goto 0xafb2ac;
				_t1018 =  *(_t1038 + 0x24) + 1 - 1;
				goto 0xafb2b4;
				_t876 = _t1034 + 1;
				 *_t1034 = 1;
				_t945 =  *((intOrPtr*)(_t1038 + 0x48));
				 *((long long*)( *((intOrPtr*)(_t1038 + 0x60)))) = _t1018;
				if (_t1018 < 0) goto 0xafb2cd;
				if (_t945 - 0x7fffffff > 0) goto 0xafb2cd;
				_t843 =  *((intOrPtr*)(_t1038 + 0x68)) - 1;
				_t1019 = _t945 + _t1018;
				_t1020 =  <  ? _t843 : _t1019;
				_t1021 = ( <  ? _t843 : _t1019) + _t1034;
				if (_t876 == _t1021) goto 0xafb3fe;
				r10d =  *(_t1038 + 0x70);
				r12d = 9;
				if (r10d == 0) goto 0xafb3fe;
				r8d = r14d;
				r9d = r14d;
				r9d = r9d + 1;
				 *(_t1038 + 0x12363520000007a4) =  *(_t1038 + 0x12363520000007a4) * 0x3b9aca00 +  *(_t1038 + 0x12363520000007a4);
				if (r9d != r10d) goto 0xafb304;
				if (r8d == 0) goto 0xafb36b;
				_t762 =  *(_t1038 + 0x70) - 0x73;
				if (_t762 >= 0) goto 0xafb346;
				_t845 =  *(_t1038 + 0x70);
				 *(_t1038 + 0x74 + _t845 * 4) = r8d;
				 *(_t1038 + 0x70) =  *(_t1038 + 0x70) + 1;
				goto 0xafb36b;
				r9d = 0;
				 *(_t1035 + 0x310) = r14d;
				 *(_t1038 + 0x70) = r14d;
				if (_t762 == 0) goto 0xafb34f;
				asm("inc ecx");
				 *((intOrPtr*)(_t845 - 0x73)) =  *((intOrPtr*)(_t845 - 0x73)) + _t589;
				_t846 = _t1035;
				 *_t846 =  *_t846 + r8d;
				 *((intOrPtr*)(_t846 - 0x73)) =  *((intOrPtr*)(_t846 - 0x73)) + _t589;
				E00007FF67FF600ADD110(_t589, _t846,  *(_t1038 + 0x12363520000007a4) * 0x3b9aca00 +  *(_t1038 + 0x12363520000007a4), 0x1cc, _t1092, _t1098);
				r10d =  *(_t1038 + 0x70);
				r11d = r8d;
				r9d = 8;
				r15b = r10d == 0;
				r11d = r11d - _t576;
				asm("jmp dword 0x2e0:0xc0c28a03");
				r8b = r8b - _t589 + _t589;
				r8d = r9d;
				if (r11d - r9d >= 0) goto 0xafb3ce;
				_t951 =  ==  ? 0xcccccccd : 0xe62d8489ccccce99;
				r15b = r14d;
				goto 0xafb3d5;
				_t565 = r9d;
				 *((intOrPtr*)(0xcccccccd + _t876)) = sil;
				r9d = r9d + _t565;
				if (r9d != _t565) goto 0xafb397;
				 *((intOrPtr*)(_t1038 + 0x20)) = r15b;
				_t953 = _t1021 - _t876;
				_t954 =  >  ? _t1097 : _t953;
				_t877 = _t876 + ( >  ? _t1097 : _t953);
				if (_t877 != _t1021) goto 0xafb2f5;
				 *_t877 = r14b;
				r14b =  *((intOrPtr*)(_t1038 + 0x20)) != r14b;
				return E00007FF67FF600AA5980(r14d, r14d,  *(_t845 + 0x6b0) ^ _t1038);
			}

































































































                                                0x7ff600afa2dc
                                                0x7ff600afa2dc
                                                0x7ff600afa2e7
                                                0x7ff600afa2ef
                                                0x7ff600afa2f6
                                                0x7ff600afa300
                                                0x7ff600afa317
                                                0x7ff600afa31c
                                                0x7ff600afa31d
                                                0x7ff600afa321
                                                0x7ff600afa327
                                                0x7ff600afa32f
                                                0x7ff600afa334
                                                0x7ff600afa338
                                                0x7ff600afa341
                                                0x7ff600afa359
                                                0x7ff600afa369
                                                0x7ff600afa36c
                                                0x7ff600afa36f
                                                0x7ff600afa372
                                                0x7ff600afa374
                                                0x7ff600afa37d
                                                0x7ff600afa382
                                                0x7ff600afa387
                                                0x7ff600afa38b
                                                0x7ff600afa39a
                                                0x7ff600afa39c
                                                0x7ff600afa3a2
                                                0x7ff600afa3a6
                                                0x7ff600afa3ae
                                                0x7ff600afa3b0
                                                0x7ff600afa3b5
                                                0x7ff600afa3b7
                                                0x7ff600afa3c1
                                                0x7ff600afa3c9
                                                0x7ff600afa3d3
                                                0x7ff600afa3d9
                                                0x7ff600afa3e1
                                                0x7ff600afa3e7
                                                0x7ff600afa3f8
                                                0x7ff600afa3fe
                                                0x7ff600afa401
                                                0x7ff600afa404
                                                0x7ff600afa406
                                                0x7ff600afa40d
                                                0x7ff600afa412
                                                0x7ff600afa41b
                                                0x7ff600afa421
                                                0x7ff600afa425
                                                0x7ff600afa42e
                                                0x7ff600afa42e
                                                0x7ff600afa437
                                                0x7ff600afa43c
                                                0x7ff600afa43f
                                                0x7ff600afa442
                                                0x7ff600afa444
                                                0x7ff600afa446
                                                0x7ff600afa44b
                                                0x7ff600afa455
                                                0x7ff600afa45e
                                                0x7ff600afa461
                                                0x7ff600afa465
                                                0x7ff600afa468
                                                0x7ff600afa46f
                                                0x7ff600afa471
                                                0x7ff600afa475
                                                0x7ff600afa475
                                                0x7ff600afa47c
                                                0x7ff600afa484
                                                0x7ff600afa489
                                                0x7ff600afa48b
                                                0x7ff600afa490
                                                0x7ff600afa492
                                                0x7ff600afa497
                                                0x7ff600afa49d
                                                0x7ff600afa4a9
                                                0x7ff600afa4af
                                                0x7ff600afa4b2
                                                0x7ff600afa4b5
                                                0x7ff600afa4ba
                                                0x7ff600afa4c0
                                                0x7ff600afa4c2
                                                0x7ff600afa4c6
                                                0x7ff600afa4c8
                                                0x7ff600afa4ce
                                                0x7ff600afa4d4
                                                0x7ff600afa4d9
                                                0x7ff600afa4dc
                                                0x7ff600afa4de
                                                0x7ff600afa4e3
                                                0x7ff600afa4e5
                                                0x7ff600afa4e8
                                                0x7ff600afa4ed
                                                0x7ff600afa4f3
                                                0x7ff600afa4fd
                                                0x7ff600afa504
                                                0x7ff600afa509
                                                0x7ff600afa510
                                                0x7ff600afa515
                                                0x7ff600afa51e
                                                0x7ff600afa524
                                                0x7ff600afa528
                                                0x7ff600afa531
                                                0x7ff600afa538
                                                0x7ff600afa53a
                                                0x7ff600afa53f
                                                0x7ff600afa542
                                                0x7ff600afa545
                                                0x7ff600afa547
                                                0x7ff600afa549
                                                0x7ff600afa54e
                                                0x7ff600afa558
                                                0x7ff600afa561
                                                0x7ff600afa564
                                                0x7ff600afa568
                                                0x7ff600afa56b
                                                0x7ff600afa572
                                                0x7ff600afa574
                                                0x7ff600afa578
                                                0x7ff600afa578
                                                0x7ff600afa57f
                                                0x7ff600afa587
                                                0x7ff600afa58c
                                                0x7ff600afa58e
                                                0x7ff600afa593
                                                0x7ff600afa595
                                                0x7ff600afa59a
                                                0x7ff600afa5a0
                                                0x7ff600afa5ac
                                                0x7ff600afa5b2
                                                0x7ff600afa5b5
                                                0x7ff600afa5b8
                                                0x7ff600afa5bd
                                                0x7ff600afa5c3
                                                0x7ff600afa5c9
                                                0x7ff600afa5d1
                                                0x7ff600afa5d7
                                                0x7ff600afa5df
                                                0x7ff600afa5e1
                                                0x7ff600afa5ef
                                                0x7ff600afa5f5
                                                0x7ff600afa5fb
                                                0x7ff600afa601
                                                0x7ff600afa608
                                                0x7ff600afa610
                                                0x7ff600afa618
                                                0x7ff600afa622
                                                0x7ff600afa628
                                                0x7ff600afa630
                                                0x7ff600afa636
                                                0x7ff600afa63c
                                                0x7ff600afa647
                                                0x7ff600afa64d
                                                0x7ff600afa650
                                                0x7ff600afa653
                                                0x7ff600afa655
                                                0x7ff600afa658
                                                0x7ff600afa65d
                                                0x7ff600afa65f
                                                0x7ff600afa661
                                                0x7ff600afa666
                                                0x7ff600afa669
                                                0x7ff600afa66f
                                                0x7ff600afa675
                                                0x7ff600afa679
                                                0x7ff600afa67d
                                                0x7ff600afa684
                                                0x7ff600afa686
                                                0x7ff600afa689
                                                0x7ff600afa68e
                                                0x7ff600afa690
                                                0x7ff600afa690
                                                0x7ff600afa697
                                                0x7ff600afa699
                                                0x7ff600afa69c
                                                0x7ff600afa69c
                                                0x7ff600afa6a2
                                                0x7ff600afa6a4
                                                0x7ff600afa6a9
                                                0x7ff600afa6ab
                                                0x7ff600afa6b1
                                                0x7ff600afa6b8
                                                0x7ff600afa6ba
                                                0x7ff600afa6cb
                                                0x7ff600afa6d3
                                                0x7ff600afa6d9
                                                0x7ff600afa6db
                                                0x7ff600afa6eb
                                                0x7ff600afa6ed
                                                0x7ff600afa6ef
                                                0x7ff600afa6fe
                                                0x7ff600afa70f
                                                0x7ff600afa717
                                                0x7ff600afa71b
                                                0x7ff600afa722
                                                0x7ff600afa729
                                                0x7ff600afa733
                                                0x7ff600afa742
                                                0x7ff600afa744
                                                0x7ff600afa748
                                                0x7ff600afa755
                                                0x7ff600afa75a
                                                0x7ff600afa761
                                                0x7ff600afa766
                                                0x7ff600afa76c
                                                0x7ff600afa771
                                                0x7ff600afa775
                                                0x7ff600afa77a
                                                0x7ff600afa77d
                                                0x7ff600afa783
                                                0x7ff600afa78a
                                                0x7ff600afa78e
                                                0x7ff600afa792
                                                0x7ff600afa799
                                                0x7ff600afa79b
                                                0x7ff600afa79e
                                                0x7ff600afa7a3
                                                0x7ff600afa7a5
                                                0x7ff600afa7a5
                                                0x7ff600afa7ac
                                                0x7ff600afa7ae
                                                0x7ff600afa7b1
                                                0x7ff600afa7b7
                                                0x7ff600afa7b9
                                                0x7ff600afa7be
                                                0x7ff600afa7c0
                                                0x7ff600afa7c6
                                                0x7ff600afa7cd
                                                0x7ff600afa7cf
                                                0x7ff600afa7de
                                                0x7ff600afa7e6
                                                0x7ff600afa7ec
                                                0x7ff600afa7ee
                                                0x7ff600afa7fe
                                                0x7ff600afa802
                                                0x7ff600afa811
                                                0x7ff600afa822
                                                0x7ff600afa82a
                                                0x7ff600afa834
                                                0x7ff600afa839
                                                0x7ff600afa83e
                                                0x7ff600afa844
                                                0x7ff600afa849
                                                0x7ff600afa86f
                                                0x7ff600afa875
                                                0x7ff600afa87b
                                                0x7ff600afa881
                                                0x7ff600afa88c
                                                0x7ff600afa890
                                                0x7ff600afa8bd
                                                0x7ff600afa8c3
                                                0x7ff600afa8f3
                                                0x7ff600afa8f8
                                                0x7ff600afa903
                                                0x7ff600afa909
                                                0x7ff600afa911
                                                0x7ff600afa913
                                                0x7ff600afa916
                                                0x7ff600afa91d
                                                0x7ff600afa925
                                                0x7ff600afa92e
                                                0x7ff600afa934
                                                0x7ff600afa937
                                                0x7ff600afa93a
                                                0x7ff600afa940
                                                0x7ff600afa957
                                                0x7ff600afa965
                                                0x7ff600afa96a
                                                0x7ff600afa977
                                                0x7ff600afa97f
                                                0x7ff600afa987
                                                0x7ff600afa98e
                                                0x7ff600afa991
                                                0x7ff600afa998
                                                0x7ff600afa99d
                                                0x7ff600afa9a0
                                                0x7ff600afa9aa
                                                0x7ff600afa9b3
                                                0x7ff600afa9b9
                                                0x7ff600afa9c6
                                                0x7ff600afa9c9
                                                0x7ff600afa9d0
                                                0x7ff600afa9d3
                                                0x7ff600afa9de
                                                0x7ff600afa9e0
                                                0x7ff600afa9e4
                                                0x7ff600afa9ed
                                                0x7ff600afa9f2
                                                0x7ff600afa9f9
                                                0x7ff600afa9fe
                                                0x7ff600afaa03
                                                0x7ff600afaa09
                                                0x7ff600afaa0e
                                                0x7ff600afaa17
                                                0x7ff600afaa20
                                                0x7ff600afaa29
                                                0x7ff600afaa2f
                                                0x7ff600afaa32
                                                0x7ff600afaa35
                                                0x7ff600afaa3b
                                                0x7ff600afaa52
                                                0x7ff600afaa60
                                                0x7ff600afaa62
                                                0x7ff600afaa6a
                                                0x7ff600afaa7b
                                                0x7ff600afaa86
                                                0x7ff600afaa8a
                                                0x7ff600afaa91
                                                0x7ff600afaa9d
                                                0x7ff600afaaa0
                                                0x7ff600afaaa7
                                                0x7ff600afaaad
                                                0x7ff600afaab2
                                                0x7ff600afaab6
                                                0x7ff600afaabb
                                                0x7ff600afaac4
                                                0x7ff600afaac9
                                                0x7ff600afaace
                                                0x7ff600afaad4
                                                0x7ff600afaad4
                                                0x7ff600afaad8
                                                0x7ff600afaae0
                                                0x7ff600afaae7
                                                0x7ff600afaaec
                                                0x7ff600afaaef
                                                0x7ff600afaaf5
                                                0x7ff600afab04
                                                0x7ff600afab0c
                                                0x7ff600afab12
                                                0x7ff600afab1a
                                                0x7ff600afab24
                                                0x7ff600afab34
                                                0x7ff600afab45
                                                0x7ff600afab4c
                                                0x7ff600afab5a
                                                0x7ff600afab5c
                                                0x7ff600afab61
                                                0x7ff600afab66
                                                0x7ff600afab6c
                                                0x7ff600afab78
                                                0x7ff600afab7a
                                                0x7ff600afab7e
                                                0x7ff600afab86
                                                0x7ff600afab93
                                                0x7ff600afab96
                                                0x7ff600afab99
                                                0x7ff600afab9c
                                                0x7ff600afaba3
                                                0x7ff600afabae
                                                0x7ff600afabb3
                                                0x7ff600afabbd
                                                0x7ff600afabcd
                                                0x7ff600afabd3
                                                0x7ff600afabd9
                                                0x7ff600afabe0
                                                0x7ff600afabe7
                                                0x7ff600afabea
                                                0x7ff600afabf5
                                                0x7ff600afabf7
                                                0x7ff600afabfb
                                                0x7ff600afac04
                                                0x7ff600afac09
                                                0x7ff600afac10
                                                0x7ff600afac15
                                                0x7ff600afac1a
                                                0x7ff600afac20
                                                0x7ff600afac25
                                                0x7ff600afac30
                                                0x7ff600afac45
                                                0x7ff600afac4b
                                                0x7ff600afac4f
                                                0x7ff600afac64
                                                0x7ff600afac6d
                                                0x7ff600afac76
                                                0x7ff600afac7f
                                                0x7ff600afac84
                                                0x7ff600afac86
                                                0x7ff600afac89
                                                0x7ff600afac8c
                                                0x7ff600afac92
                                                0x7ff600afaca9
                                                0x7ff600afacb7
                                                0x7ff600afacbc
                                                0x7ff600afacc9
                                                0x7ff600afacd5
                                                0x7ff600afacdd
                                                0x7ff600aface4
                                                0x7ff600aface7
                                                0x7ff600afacf9
                                                0x7ff600afacff
                                                0x7ff600afad02
                                                0x7ff600afad08
                                                0x7ff600afad1a
                                                0x7ff600afad26
                                                0x7ff600afad2b
                                                0x7ff600afad36
                                                0x7ff600afad40
                                                0x7ff600afad45
                                                0x7ff600afad49
                                                0x7ff600afad4e
                                                0x7ff600afad55
                                                0x7ff600afad57
                                                0x7ff600afad5a
                                                0x7ff600afad61
                                                0x7ff600afad6e
                                                0x7ff600afad77
                                                0x7ff600afad7d
                                                0x7ff600afad83
                                                0x7ff600afad92
                                                0x7ff600afad97
                                                0x7ff600afad9b
                                                0x7ff600afad9d
                                                0x7ff600afad9f
                                                0x7ff600afadc4
                                                0x7ff600afadca
                                                0x7ff600afadfa
                                                0x7ff600afadff
                                                0x7ff600afae0a
                                                0x7ff600afae10
                                                0x7ff600afae18
                                                0x7ff600afae1a
                                                0x7ff600afae1d
                                                0x7ff600afae22
                                                0x7ff600afae2a
                                                0x7ff600afae33
                                                0x7ff600afae39
                                                0x7ff600afae3c
                                                0x7ff600afae3f
                                                0x7ff600afae45
                                                0x7ff600afae59
                                                0x7ff600afae64
                                                0x7ff600afae69
                                                0x7ff600afae74
                                                0x7ff600afae7a
                                                0x7ff600afae7f
                                                0x7ff600afae84
                                                0x7ff600afae87
                                                0x7ff600afae8c
                                                0x7ff600afae91
                                                0x7ff600afae94
                                                0x7ff600afae9c
                                                0x7ff600afaea5
                                                0x7ff600afaeab
                                                0x7ff600afaeb6
                                                0x7ff600afaeb9
                                                0x7ff600afaebe
                                                0x7ff600afaec1
                                                0x7ff600afaecc
                                                0x7ff600afaed0
                                                0x7ff600afaed9
                                                0x7ff600afaede
                                                0x7ff600afaee5
                                                0x7ff600afaeea
                                                0x7ff600afaeef
                                                0x7ff600afaef5
                                                0x7ff600afaefa
                                                0x7ff600afaf01
                                                0x7ff600afaf0a
                                                0x7ff600afaf13
                                                0x7ff600afaf19
                                                0x7ff600afaf1c
                                                0x7ff600afaf1f
                                                0x7ff600afaf25
                                                0x7ff600afaf39
                                                0x7ff600afaf44
                                                0x7ff600afaf46
                                                0x7ff600afaf4e
                                                0x7ff600afaf5d
                                                0x7ff600afaf68
                                                0x7ff600afaf6c
                                                0x7ff600afaf73
                                                0x7ff600afaf7d
                                                0x7ff600afaf80
                                                0x7ff600afaf87
                                                0x7ff600afaf8d
                                                0x7ff600afaf92
                                                0x7ff600afaf96
                                                0x7ff600afaf9b
                                                0x7ff600afafa4
                                                0x7ff600afafa9
                                                0x7ff600afafae
                                                0x7ff600afafb4
                                                0x7ff600afafb4
                                                0x7ff600afafb8
                                                0x7ff600afafc0
                                                0x7ff600afafc7
                                                0x7ff600afafcc
                                                0x7ff600afafcf
                                                0x7ff600afafd5
                                                0x7ff600afafdb
                                                0x7ff600afafe4
                                                0x7ff600afafec
                                                0x7ff600afaff2
                                                0x7ff600afaffa
                                                0x7ff600afb004
                                                0x7ff600afb014
                                                0x7ff600afb025
                                                0x7ff600afb02c
                                                0x7ff600afb03a
                                                0x7ff600afb03c
                                                0x7ff600afb041
                                                0x7ff600afb046
                                                0x7ff600afb04c
                                                0x7ff600afb058
                                                0x7ff600afb05e
                                                0x7ff600afb066
                                                0x7ff600afb073
                                                0x7ff600afb079
                                                0x7ff600afb07c
                                                0x7ff600afb083
                                                0x7ff600afb08e
                                                0x7ff600afb093
                                                0x7ff600afb09d
                                                0x7ff600afb0ad
                                                0x7ff600afb0b3
                                                0x7ff600afb0b9
                                                0x7ff600afb0c0
                                                0x7ff600afb0c5
                                                0x7ff600afb0c8
                                                0x7ff600afb0d3
                                                0x7ff600afb0d7
                                                0x7ff600afb0e0
                                                0x7ff600afb0e5
                                                0x7ff600afb0ec
                                                0x7ff600afb0f1
                                                0x7ff600afb0f6
                                                0x7ff600afb0fc
                                                0x7ff600afb101
                                                0x7ff600afb10a
                                                0x7ff600afb128
                                                0x7ff600afb13d
                                                0x7ff600afb143
                                                0x7ff600afb150
                                                0x7ff600afb155
                                                0x7ff600afb15e
                                                0x7ff600afb164
                                                0x7ff600afb167
                                                0x7ff600afb16a
                                                0x7ff600afb170
                                                0x7ff600afb184
                                                0x7ff600afb18f
                                                0x7ff600afb194
                                                0x7ff600afb196
                                                0x7ff600afb19b
                                                0x7ff600afb19d
                                                0x7ff600afb1a1
                                                0x7ff600afb1a6
                                                0x7ff600afb1ab
                                                0x7ff600afb1ae
                                                0x7ff600afb1b3
                                                0x7ff600afb1b8
                                                0x7ff600afb1bd
                                                0x7ff600afb1c2
                                                0x7ff600afb1ca
                                                0x7ff600afb1cf
                                                0x7ff600afb1d1
                                                0x7ff600afb1d4
                                                0x7ff600afb1e2
                                                0x7ff600afb1f0
                                                0x7ff600afb1f2
                                                0x7ff600afb1f4
                                                0x7ff600afb1f6
                                                0x7ff600afb202
                                                0x7ff600afb20e
                                                0x7ff600afb216
                                                0x7ff600afb220
                                                0x7ff600afb226
                                                0x7ff600afb229
                                                0x7ff600afb22f
                                                0x7ff600afb244
                                                0x7ff600afb253
                                                0x7ff600afb258
                                                0x7ff600afb261
                                                0x7ff600afb263
                                                0x7ff600afb269
                                                0x7ff600afb271
                                                0x7ff600afb277
                                                0x7ff600afb279
                                                0x7ff600afb27c
                                                0x7ff600afb28a
                                                0x7ff600afb29a
                                                0x7ff600afb2a6
                                                0x7ff600afb2a8
                                                0x7ff600afb2aa
                                                0x7ff600afb2ae
                                                0x7ff600afb2b2
                                                0x7ff600afb2b9
                                                0x7ff600afb2bd
                                                0x7ff600afb2c1
                                                0x7ff600afb2c9
                                                0x7ff600afb2d2
                                                0x7ff600afb2d5
                                                0x7ff600afb2da
                                                0x7ff600afb2de
                                                0x7ff600afb2e4
                                                0x7ff600afb2ea
                                                0x7ff600afb2ef
                                                0x7ff600afb2f8
                                                0x7ff600afb2fe
                                                0x7ff600afb301
                                                0x7ff600afb307
                                                0x7ff600afb31e
                                                0x7ff600afb329
                                                0x7ff600afb32e
                                                0x7ff600afb330
                                                0x7ff600afb335
                                                0x7ff600afb337
                                                0x7ff600afb33b
                                                0x7ff600afb340
                                                0x7ff600afb344
                                                0x7ff600afb346
                                                0x7ff600afb349
                                                0x7ff600afb357
                                                0x7ff600afb365
                                                0x7ff600afb367
                                                0x7ff600afb36a
                                                0x7ff600afb36d
                                                0x7ff600afb36e
                                                0x7ff600afb371
                                                0x7ff600afb377
                                                0x7ff600afb37c
                                                0x7ff600afb381
                                                0x7ff600afb38a
                                                0x7ff600afb390
                                                0x7ff600afb394
                                                0x7ff600afb3a0
                                                0x7ff600afb3ac
                                                0x7ff600afb3b3
                                                0x7ff600afb3b9
                                                0x7ff600afb3c6
                                                0x7ff600afb3c9
                                                0x7ff600afb3cc
                                                0x7ff600afb3ce
                                                0x7ff600afb3d1
                                                0x7ff600afb3d8
                                                0x7ff600afb3de
                                                0x7ff600afb3e3
                                                0x7ff600afb3e8
                                                0x7ff600afb3ee
                                                0x7ff600afb3f2
                                                0x7ff600afb3f8
                                                0x7ff600afb403
                                                0x7ff600afb406
                                                0x7ff600afb42d

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: s
                                                • API String ID: 0-453955339
                                                • Opcode ID: afe26e414420e0c7a4c328dc6be69238ea06fffda34c41298062a669e1767440
                                                • Instruction ID: 90f4051b266651f6e7a1a6d0c99c7340350e81024d0cc0d809bca070949f88a3
                                                • Opcode Fuzzy Hash: afe26e414420e0c7a4c328dc6be69238ea06fffda34c41298062a669e1767440
                                                • Instruction Fuzzy Hash: 79A2E0B3A581C19BD7358E69D4406FD76A9FB98784F200235DB0E97B9ADF3CE9018B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF44EC Relevance: 1.9, APIs: 1, Instructions: 439COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 71%
                                                			E00007FF67FF600AF44EC(void* __edx, void* __ebp, signed int __rax, long long __rbx, signed long long __rcx, long long __rdx, intOrPtr _a8, long long _a16, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t37;
				void* _t39;
				void* _t41;
				void* _t49;
				void* _t51;
				signed long long _t53;
				void* _t56;
				signed long long _t59;
				void* _t61;
				intOrPtr _t62;
				signed long long _t64;
				signed long long _t65;
				signed long long _t87;
				intOrPtr _t88;
				intOrPtr _t89;
				signed long long _t91;
				long long _t94;
				intOrPtr* _t98;
				signed long long _t104;
				signed long long _t106;
				signed long long _t107;
				void* _t131;
				signed long long _t142;
				signed long long _t144;
				signed long long _t145;
				signed long long _t152;
				void* _t156;
				void* _t158;
				signed long long _t159;
				signed long long _t160;
				signed long long _t162;
				signed long long _t164;
				intOrPtr* _t165;
				long long _t169;

				_a24 = __rbx;
				_a16 = __rdx;
				_t169 = __rcx;
				_t53 = __rcx;
				if (_t53 != 0) goto 0xaf4524;
				E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x16;
				_t87 = __rax | 0xffffffff;
				goto 0xaf47df;
				if (_t53 != 0) goto 0xaf4546;
				 *_t87 =  *_t87 + _t87;
				_t159 = _t87;
				if (_t87 == 0) goto 0xaf47be;
				if (_t87 == __rcx) goto 0xaf47be;
				_t160 =  *0xb36280; // 0x1ef10f4d540
				_t56 = _t160 -  *0xb36298; // 0x1ef10f4d540
				bpl =  *((intOrPtr*)(_t87 + 1));
				_a8 = bpl;
				if (_t56 != 0) goto 0xaf4571;
				0xaf4b30();
				 *0xb36280 = _t87;
				r12d = 1;
				if (_t87 != 0) goto 0xaf4635;
				if (__rdx == 0) goto 0xaf45c3;
				_t59 =  *0xb36288; // 0x0
				if (_t59 == 0) goto 0xaf45c3;
				E00007FF67FF600AE3B28(_t160, 0);
				if (_t87 == 0) goto 0xaf47be;
				_t162 =  *0xb36280; // 0x1ef10f4d540
				_t61 = _t162 -  *0xb36298; // 0x1ef10f4d540
				if (_t61 != 0) goto 0xaf4630;
				0xaf4b30();
				 *0xb36280 = _t87;
				goto 0xaf4630;
				_t62 = bpl;
				if (_t62 == 0) goto 0xaf47cd;
				if (_t62 != 0) goto 0xaf45d7;
				_t142 =  *((long long*)(__rdx));
				 *0xb36280 = _t87;
				E00007FF67FF600AE8E1C(_t87, _t162);
				_t164 =  *0xb36280; // 0x1ef10f4d540
				if (_t164 != 0) goto 0xaf45fc;
				goto 0xaf47cf;
				_t64 =  *0xb36288; // 0x0
				if (_t64 != 0) goto 0xaf4630;
				asm("push cs");
				if (_t64 != 0) goto 0xaf4610;
				_push( *((long long*)(__rdx)));
				_t152 = _t142 | 0xffffffff;
				_pop(_t144);
				 *0xb36288 = _t87;
				E00007FF67FF600AE8E1C(_t87, _t162);
				_t65 =  *0xb36288; // 0x0
				if (_t65 == 0) goto 0xaf45f3;
				_t165 =  *0xb36280; // 0x1ef10f4d540
				if (_t165 == 0) goto 0xaf45f3;
				_t88 =  *_t165;
				_t158 = _t159 - __rcx;
				_t98 = _t165;
				if (_t88 == 0) goto 0xaf467a;
				E00007FF67FF600B000FC(_t51, _t98, __rcx, _t88, 0, _t144, _t158, _t156);
				if (_t88 != 0) goto 0xaf4668;
				_t89 =  *_t98;
				if ( *((char*)(_t158 + _t89)) == 0x3d) goto 0xaf4671;
				if ( *((intOrPtr*)(_t158 + _t89)) == sil) goto 0xaf4671;
				goto 0xaf4641;
				goto 0xaf4684;
				_t104 =  ~((_t98 + 8 - _t165 >> 3) - _t165 >> 3);
				if (_t104 < 0) goto 0xaf46e0;
				if ( *_t165 == 0) goto 0xaf46e0;
				_t37 = E00007FF67FF600AE8E1C( *((intOrPtr*)(_t98 + 8)),  *(_t165 + _t104 * 8));
				if (bpl == 0) goto 0xaf46b1;
				 *(_t165 + _t104 * 8) = __rcx;
				goto 0xaf473a;
				_t91 =  *((intOrPtr*)(_t165 + 8 + _t104 * 8));
				 *(_t165 + _t104 * 8) = _t91;
				if ( *((intOrPtr*)(_t165 + (_t104 + 1) * 8)) != 0) goto 0xaf46a5;
				r8d = 8;
				E00007FF67FF600AF8FE0(_t37, _t49, _t104 + 1, _t165, _t104 + 1, 0, _t144, _t158);
				_t106 = _t91;
				_t39 = E00007FF67FF600AE8E1C(_t91, 0);
				if (_t106 == 0) goto 0xaf473d;
				 *0xb36280 = _t106;
				goto 0xaf473d;
				if (bpl == 0) goto 0xaf47d1;
				_t107 =  ~_t106;
				_t18 = _t107 + 2; // 0x1ef10f4d542
				_t131 = _t18;
				if (_t131 - _t107 >= 0) goto 0xaf46fe;
				_t145 = _t144 | 0xffffffff;
				goto 0xaf47d3;
				if (_t131 - 0xffffffff >= 0) goto 0xaf46f5;
				r8d = 8;
				E00007FF67FF600AF8FE0(_t39, _t49, _t107, _t165, _t131, 0, _t145, _t158);
				_t41 = E00007FF67FF600AE8E1C(0xffffffff, 0);
				if (0xffffffff == 0) goto 0xaf46f5;
				 *((long long*)(0xffffffff + _t107 * 8)) = _t169;
				 *((long long*)(0xffffffff + 8 + _t107 * 8)) = 0;
				 *0xb36280 = 0xffffffff;
				if ( *((intOrPtr*)(_t152 + 0x78)) == 0) goto 0xaf47d5;
				if ( *((intOrPtr*)(_t169 + (_t145 | 0xffffffff) + 1)) != sil) goto 0xaf474e;
				E00007FF67FF600AEC120(_t41, 0, 0x1);
				if (0xffffffff == 0) goto 0xaf47b4;
				E00007FF67FF600ACF7BC(0xffffffff, 0xffffffff, (_t145 | 0xffffffff) + 3, _t169);
				if (0xffffffff != 0) goto 0xaf47f7;
				_t27 = _t159 + 1; // 0x1
				_t94 = 0xffffffff - _t169;
				 *(_t152 + 0x70) =  ~( *(_t152 + 0x70));
				asm("dec eax");
				 *((intOrPtr*)(_t27 + _t94 - 1)) = sil;
				E00007FF67FF600B003B8(_t49, 0xffffffff, 0xffffffff, 0xffffffff, (_t145 | 0xffffffff) + 3 & _t27 + _t94, 0, 0, _t169, _t156);
				if (_t94 != 0) goto 0xaf47b4;
				E00007FF67FF600AE8D04(_t94);
				 *_t94 = 0x2a;
				E00007FF67FF600AE8E1C(_t94, 0xffffffff);
				goto 0xaf47d5;
				E00007FF67FF600AE8D04(_t94);
				 *_t94 = 0x16;
				return E00007FF67FF600AE8E1C(_t94, 0);
			}








































                                                0x7ff600af44ec
                                                0x7ff600af44f1
                                                0x7ff600af4508
                                                0x7ff600af450b
                                                0x7ff600af450e
                                                0x7ff600af4510
                                                0x7ff600af4515
                                                0x7ff600af451b
                                                0x7ff600af451f
                                                0x7ff600af452d
                                                0x7ff600af452f
                                                0x7ff600af4531
                                                0x7ff600af4537
                                                0x7ff600af4540
                                                0x7ff600af4546
                                                0x7ff600af454d
                                                0x7ff600af4554
                                                0x7ff600af4558
                                                0x7ff600af455d
                                                0x7ff600af4562
                                                0x7ff600af456a
                                                0x7ff600af4571
                                                0x7ff600af457a
                                                0x7ff600af4582
                                                0x7ff600af4584
                                                0x7ff600af458b
                                                0x7ff600af458d
                                                0x7ff600af4595
                                                0x7ff600af459b
                                                0x7ff600af45a2
                                                0x7ff600af45a9
                                                0x7ff600af45b2
                                                0x7ff600af45ba
                                                0x7ff600af45c1
                                                0x7ff600af45c3
                                                0x7ff600af45c6
                                                0x7ff600af45d5
                                                0x7ff600af45da
                                                0x7ff600af45db
                                                0x7ff600af45e2
                                                0x7ff600af45e7
                                                0x7ff600af45f1
                                                0x7ff600af45f7
                                                0x7ff600af45fc
                                                0x7ff600af4603
                                                0x7ff600af460e
                                                0x7ff600af460f
                                                0x7ff600af4611
                                                0x7ff600af4613
                                                0x7ff600af4613
                                                0x7ff600af4614
                                                0x7ff600af461b
                                                0x7ff600af4620
                                                0x7ff600af4627
                                                0x7ff600af4629
                                                0x7ff600af4633
                                                0x7ff600af4635
                                                0x7ff600af463b
                                                0x7ff600af463e
                                                0x7ff600af4644
                                                0x7ff600af464f
                                                0x7ff600af4656
                                                0x7ff600af4658
                                                0x7ff600af4660
                                                0x7ff600af4666
                                                0x7ff600af466f
                                                0x7ff600af4678
                                                0x7ff600af4681
                                                0x7ff600af4687
                                                0x7ff600af468c
                                                0x7ff600af4692
                                                0x7ff600af469a
                                                0x7ff600af469c
                                                0x7ff600af46a0
                                                0x7ff600af46a5
                                                0x7ff600af46aa
                                                0x7ff600af46b5
                                                0x7ff600af46b7
                                                0x7ff600af46c3
                                                0x7ff600af46ca
                                                0x7ff600af46cd
                                                0x7ff600af46d5
                                                0x7ff600af46d7
                                                0x7ff600af46de
                                                0x7ff600af46e3
                                                0x7ff600af46e9
                                                0x7ff600af46ec
                                                0x7ff600af46ec
                                                0x7ff600af46f3
                                                0x7ff600af46f5
                                                0x7ff600af46f9
                                                0x7ff600af470b
                                                0x7ff600af470d
                                                0x7ff600af4716
                                                0x7ff600af4720
                                                0x7ff600af4728
                                                0x7ff600af472a
                                                0x7ff600af472e
                                                0x7ff600af4733
                                                0x7ff600af4741
                                                0x7ff600af4755
                                                0x7ff600af4760
                                                0x7ff600af476b
                                                0x7ff600af4777
                                                0x7ff600af477e
                                                0x7ff600af4783
                                                0x7ff600af4787
                                                0x7ff600af478d
                                                0x7ff600af4791
                                                0x7ff600af4797
                                                0x7ff600af479e
                                                0x7ff600af47a5
                                                0x7ff600af47a7
                                                0x7ff600af47ae
                                                0x7ff600af47b7
                                                0x7ff600af47bc
                                                0x7ff600af47be
                                                0x7ff600af47c7
                                                0x7ff600af47f6

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a534b961148f635d26d14c7f01859c8465233298bf6b5e977516b70dace21cc
                                                • Instruction ID: 36722fe60fc1319020048fa652a096a9ce39b589ca9eacac51261277754a0f0c
                                                • Opcode Fuzzy Hash: 4a534b961148f635d26d14c7f01859c8465233298bf6b5e977516b70dace21cc
                                                • Instruction Fuzzy Hash: 3102D523B4D69261FA51AB55980127B2698AF4ABA0F358735DD6DC73DFEF3DE8014300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF5AAC Relevance: 1.9, APIs: 1, Instructions: 371COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 38%
                                                			E00007FF67FF600AF5AAC(long long __rbx, long long __rcx, void* __rdx, long long __rsi) {
				void* __rdi;
				signed int _t128;
				int _t129;
				short _t136;
				short _t139;
				signed char _t149;
				char _t151;
				void* _t152;
				char _t155;
				void* _t156;
				signed long long _t192;
				signed long long _t193;
				signed long long _t196;
				signed long long _t199;
				intOrPtr* _t202;
				signed long long _t205;
				long long _t213;
				signed char* _t239;
				long long _t245;
				signed long long _t247;
				signed int* _t263;
				signed long long _t273;
				signed char* _t280;
				long long _t289;
				void* _t294;
				void* _t296;
				signed long long _t297;
				signed long long _t299;
				char* _t303;
				void* _t311;
				signed int* _t314;
				signed long long _t317;
				void* _t318;
				signed long long _t321;
				intOrPtr* _t324;

				_t311 = _t296;
				 *((long long*)(_t311 + 0x10)) = __rbx;
				 *((long long*)(_t311 + 0x18)) = _t289;
				 *((long long*)(_t311 + 0x20)) = __rsi;
				_t297 = _t296 - 0xa0;
				_t192 =  *0xb2fde8; // 0xc4f55cf73642
				_t193 = _t192 ^ _t297;
				 *(_t297 + 0x98) = _t193;
				 *((long long*)(_t311 - 0x58)) = __rcx;
				 *((long long*)(_t311 - 0x50)) = 0;
				r13d = _t151;
				r14d = _t151;
				r12d = _t151;
				if ( *((intOrPtr*)(__rcx + 0x138)) == 0) goto 0xaf608f;
				_t324 = __rcx + 0xc;
				 *((long long*)(_t297 + 0x58)) = 0;
				if ( *_t324 != _t151) goto 0xaf5b34;
				 *((long long*)(_t297 + 0x20)) = _t324;
				r9d = 0x1004;
				E00007FF67FF600B006CC(_t152, _t156, _t311 - 0x58,  *((intOrPtr*)(__rcx + 0x138)));
				if (_t193 != 0) goto 0xaf605f;
				asm("fbld tword [ebp-0x1]");
				_push( *((long long*)(0)));
				 *0x00000058 = _t193;
				E00007FF67FF600AE8E1C(_t193, _t311 - 0x58);
				 *0x65C2E8CD =  *((intOrPtr*)(0x65c2e8cd)) + _t152;
				asm("invalid");
				_t317 = _t193;
				E00007FF67FF600AEC120(E00007FF67FF600AE8E1C(_t193, 0), 0x180, 1);
				_t321 = _t193;
				E00007FF67FF600AEC120(E00007FF67FF600AE8E1C(_t193, 0), 0x180, 1);
				E00007FF67FF600AE8E1C(_t193, 0);
				_push( *((long long*)(0)));
				_t299 = _t193;
				_pop(_t294);
				_t314 = _t193;
				_t128 = E00007FF67FF600AE8E1C(_t193, 0x101);
				if ( *((intOrPtr*)(_t299 + 0x58)) == 0) goto 0xaf605f;
				if (_t317 == 0) goto 0xaf605f;
				if (_t314 == 0) goto 0xaf605f;
				if (_t321 == 0) goto 0xaf605f;
				if (_t294 == 0) goto 0xaf605f;
				 *_t314 = _t128;
				if (1 - 0x100 < 0) goto 0xaf5bdb;
				_t129 = GetCPInfo(??, ??);
				if (1 == 0) goto 0xaf605f;
				if ( *(_t299 + 0x80) - 5 > 0) goto 0xaf605f;
				_t196 =  *(_t299 + 0x80) & 0x0000ffff;
				 *(_t299 + 0x50) = _t196;
				if (_t196 - 1 <= 0) goto 0xaf5c7b;
				if ( *_t324 != 0xfde9) goto 0xaf5c40;
				_t21 =  &(_t314[0x20]); // 0x80
				r8d = 0x80;
				E00007FF67FF600AA7EF0(_t129, 0x20, _t21, _t299 + 0x80,  *((intOrPtr*)(__rcx + 0x138)));
				goto 0xaf5c7b;
				_t239 = _t299 + 0x86;
				if ( *((intOrPtr*)(_t299 + 0x86)) == _t151) goto 0xaf5c7b;
				if (_t239[1] == _t151) goto 0xaf5c7b;
				_t273 =  *_t239 & 0x000000ff;
				if (_t273 - (_t239[1] & 0x000000ff) > 0) goto 0xaf5c73;
				 *((char*)(0x20 + _t314)) = 0x20;
				_t199 = _t239[1] & 0x000000ff;
				if (_t273 + 1 - _t199 <= 0) goto 0xaf5c61;
				if (_t239[2] != _t151) goto 0xaf5c51;
				_t28 = _t321 + 0x81; // 0x81
				_t30 =  &(_t314[0]); // 0x1
				 *((long long*)(_t299 + 0x40)) = 0;
				 *(_t299 + 0x38) = _t199;
				 *((long long*)(_t299 + 0x28)) = _t28;
				 *((long long*)(_t299 + 0x20)) = 0xff;
				r8d = 0x3024448900000100;
				E00007FF67FF600AFFF0C(_t151,  *_t324, 0x20, _t239[2] - _t151, 0xff, 0, 0,  *((intOrPtr*)(__rcx + 0x138)), 1, _t30);
				if (0xff == 0) goto 0xaf605f;
				_t36 = _t294 + 0x81; // 0x81
				_t38 =  &(_t314[0]); // 0x1
				 *((long long*)(_t299 + 0x40)) = 0;
				r8d = 0x200;
				 *(_t299 + 0x38) = 0xff;
				 *((long long*)(_t299 + 0x28)) = _t36;
				 *((long long*)(_t299 + 0x20)) = 0xff;
				E00007FF67FF600AFFF0C(_t151,  *_t324, 0x20, 0xff, 0xff, 0, 0,  *((intOrPtr*)(__rcx + 0x138)), 1, _t38);
				if (0xff == 0) goto 0xaf605f;
				_t43 = _t317 + 0x100; // 0x100
				_t245 = _t43;
				 *((long long*)(_t299 + 0x30)) = 0;
				r9d = 0x100;
				 *((long long*)(_t299 + 0x28)) = 0xff;
				 *((long long*)(_t299 + 0x60)) = _t245;
				 *((long long*)(_t299 + 0x20)) = _t245;
				_t136 = E00007FF67FF600AF7428(0x20, 0xff, 0, 0, __rcx, 1, _t314);
				if (0xff == 0) goto 0xaf605f;
				_t48 = _t317 + 0xfe; // 0xfe
				_t202 = _t48;
				 *_t202 = _t151;
				 *((char*)(_t321 + 0x7f)) = _t151;
				 *((char*)(_t294 + 0x7f)) = _t151;
				 *((char*)(_t321 + 0x80)) = _t151;
				 *((char*)(_t294 + 0x80)) = _t151;
				 *((long long*)(_t299 + 0x68)) = _t202;
				if ( *(_t299 + 0x50) - 1 <= 0) goto 0xaf5e10;
				if ( *_t324 != 0xfde9) goto 0xaf5dbc;
				_t55 = _t294 + 0x100; // 0x100
				_t303 = _t55;
				_t56 = _t317 + 0x200; // 0x200
				 *_t202 =  *_t202 + _t136;
				_t155 =  >  ? _t151 : r11d;
				 *_t56 = _t155;
				 *((char*)(_t321 - _t294 + _t303)) = 0x20;
				 *_t303 = 0x20;
				if (0x8000bb4100000081 - 0xff <= 0) goto 0xaf5d8e;
				goto 0xaf5e10;
				_t280 = _t299 + 0x86;
				if ( *((intOrPtr*)(_t299 + 0x86)) == _t151) goto 0xaf5e10;
				r11d = 0x8000;
				if (_t280[1] == _t151) goto 0xaf5e10;
				_t247 =  *_t280 & 0x000000ff;
				if (_t247 - (_t280[1] & 0x000000ff) > 0) goto 0xaf5e08;
				_t205 = _t155;
				 *((intOrPtr*)(_t317 + 0x100 + _t205 * 2)) = r11w;
				 *((char*)(_t205 + _t321 + 0x80)) = _t155;
				 *((char*)(_t205 + _t294 + 0x80)) = _t155;
				if (_t247 + 1 - (_t280[1] & 0x000000ff) <= 0) goto 0xaf5de3;
				if (_t280[2] != _t151) goto 0xaf5dd3;
				_t72 = _t317 + 0x200; // 0x200
				asm("movups xmm0, [ecx]");
				asm("movups xmm1, [ecx+0x10]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx-0x60]");
				asm("movups xmm1, [ecx-0x50]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx-0x40]");
				asm("movups xmm1, [ecx-0x30]");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [ecx-0x20]");
				asm("movups xmm1, [ecx-0x10]");
				asm("inc ecx");
				_t318 = _t317 - 0xffffff80;
				asm("movups xmm0, [ecx]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x10]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x20]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x30]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x40]");
				asm("inc ecx");
				asm("movups xmm1, [ecx+0x50]");
				asm("inc ecx");
				asm("movups xmm0, [ecx+0x60]");
				asm("inc ecx");
				asm("inc ecx");
				 *((long long*)(_t318 + 0x70)) =  *((intOrPtr*)(_t72 + 0xf0));
				 *((intOrPtr*)(_t318 + 0x78)) = _t136;
				 *((short*)(_t318 + 0x7c)) = _t136;
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				asm("inc ecx");
				asm("repne inc ecx");
				 *((intOrPtr*)(_t321 + 0x78)) =  *((intOrPtr*)(_t321 + 0x178));
				 *((short*)(_t321 + 0x7c)) =  *(_t321 + 0x17c) & 0x0000ffff;
				_t139 =  *((intOrPtr*)(_t321 + 0x17e));
				 *((char*)(_t321 + 0x7e)) = _t139;
				asm("movups xmm0, [ebp+0x100]");
				asm("movups xmm1, [ebp+0x110]");
				asm("movups [ebp], xmm0");
				asm("movups xmm0, [ebp+0x120]");
				asm("movups [ebp+0x10], xmm1");
				asm("movups xmm1, [ebp+0x130]");
				asm("movups [ebp+0x20], xmm0");
				asm("movups xmm0, [ebp+0x140]");
				asm("movups [ebp+0x30], xmm1");
				asm("movups xmm1, [ebp+0x150]");
				asm("movups [ebp+0x40], xmm0");
				asm("movups xmm0, [ebp+0x160]");
				asm("movups [ebp+0x50], xmm1");
				asm("movsd xmm1, [ebp+0x170]");
				asm("movups [ebp+0x60], xmm0");
				asm("movsd [ebp+0x70], xmm1");
				 *((long long*)(_t294 + 0x78)) =  *((intOrPtr*)(_t294 + 0x178));
				 *((short*)(_t294 + 0x7c)) = _t139;
				 *((char*)(_t294 + 0x7e)) =  *((intOrPtr*)(_t294 + 0x17e));
				if ( *((intOrPtr*)(__rcx + 0x100)) == 0) goto 0xaf6018;
				asm("lock xadd [ecx], eax");
				if (( *(_t294 + 0x17c) & 0x0000ffff | 0xffffffff) != 1) goto 0xaf6018;
				E00007FF67FF600AE8E1C( *(_t294 + 0x17c) & 0x0000ffff | 0xffffffff,  *((intOrPtr*)(__rcx + 0x108)) - 0xfe);
				E00007FF67FF600AE8E1C( *(_t294 + 0x17c) & 0x0000ffff | 0xffffffff,  *((intOrPtr*)(__rcx + 0x110)) + 0xffffff80);
				E00007FF67FF600AE8E1C( *(_t294 + 0x17c) & 0x0000ffff | 0xffffffff,  *((intOrPtr*)(__rcx + 0x118)) + 0xffffff80);
				E00007FF67FF600AE8E1C( *(_t294 + 0x17c) & 0x0000ffff | 0xffffffff,  *((intOrPtr*)(__rcx + 0x100)));
				_t213 =  *((intOrPtr*)(_t299 + 0x58));
				 *_t213 = 1;
				 *((long long*)(__rcx + 0x100)) = _t213;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(_t299 + 0x60));
				 *((long long*)(__rcx + 0x108)) =  *((intOrPtr*)(_t299 + 0x68));
				_t102 = _t321 + 0x80; // 0x80
				 *((long long*)(__rcx + 0x110)) = _t102;
				_t104 = _t294 + 0x80; // 0x80
				 *((long long*)(__rcx + 0x118)) = _t104;
				_t218 =  *(_t299 + 0x50);
				 *((long long*)(__rcx + 8)) =  *(_t299 + 0x50);
				goto 0xaf6083;
				E00007FF67FF600AE8E1C( *(_t299 + 0x50),  *((intOrPtr*)(_t299 + 0x58)));
				E00007FF67FF600AE8E1C( *(_t299 + 0x50), _t318);
				E00007FF67FF600AE8E1C( *(_t299 + 0x50), _t321);
				E00007FF67FF600AE8E1C( *(_t299 + 0x50), _t294);
				_t263 = _t314;
				_t149 = E00007FF67FF600AE8E1C(_t218, _t263);
				goto 0xaf60dc;
				if (_t263[0x40] == 0) goto 0xaf609e;
				asm("lock dec dword [eax]");
				_t263[0x40] = 1;
				 *_t263 = 0xb13e90;
				asm("loopne 0x3");
				 *0x7FF600B13E19 =  *((intOrPtr*)(0x7ff600b13e19)) + _t155;
				asm("cdq");
				 *_t263 =  *_t263 | _t149;
				 *0xb13e90 =  *0xb13e90 + _t149;
				_t263[0x44] = 0xb13e90;
				_t263[0x46] = 0xb14290;
				_t263[2] = 0x1;
				return E00007FF67FF600AA5980(_t149, _t155,  *(_t299 + 0x98) ^ _t299);
			}






































                                                0x7ff600af5aac
                                                0x7ff600af5aaf
                                                0x7ff600af5ab3
                                                0x7ff600af5ab7
                                                0x7ff600af5ac4
                                                0x7ff600af5acb
                                                0x7ff600af5ad2
                                                0x7ff600af5ad5
                                                0x7ff600af5ae6
                                                0x7ff600af5aed
                                                0x7ff600af5af1
                                                0x7ff600af5af4
                                                0x7ff600af5af9
                                                0x7ff600af5aff
                                                0x7ff600af5b05
                                                0x7ff600af5b09
                                                0x7ff600af5b14
                                                0x7ff600af5b18
                                                0x7ff600af5b1d
                                                0x7ff600af5b27
                                                0x7ff600af5b2e
                                                0x7ff600af5b3d
                                                0x7ff600af5b40
                                                0x7ff600af5b43
                                                0x7ff600af5b48
                                                0x7ff600af5b56
                                                0x7ff600af5b5c
                                                0x7ff600af5b60
                                                0x7ff600af5b6d
                                                0x7ff600af5b74
                                                0x7ff600af5b81
                                                0x7ff600af5b8b
                                                0x7ff600af5b9c
                                                0x7ff600af5b9e
                                                0x7ff600af5b9e
                                                0x7ff600af5b9f
                                                0x7ff600af5ba2
                                                0x7ff600af5bac
                                                0x7ff600af5bb5
                                                0x7ff600af5bbe
                                                0x7ff600af5bc7
                                                0x7ff600af5bd0
                                                0x7ff600af5bdb
                                                0x7ff600af5be7
                                                0x7ff600af5bf4
                                                0x7ff600af5bfc
                                                0x7ff600af5c0a
                                                0x7ff600af5c10
                                                0x7ff600af5c18
                                                0x7ff600af5c1e
                                                0x7ff600af5c27
                                                0x7ff600af5c29
                                                0x7ff600af5c31
                                                0x7ff600af5c39
                                                0x7ff600af5c3e
                                                0x7ff600af5c40
                                                0x7ff600af5c4f
                                                0x7ff600af5c54
                                                0x7ff600af5c56
                                                0x7ff600af5c5f
                                                0x7ff600af5c66
                                                0x7ff600af5c6b
                                                0x7ff600af5c71
                                                0x7ff600af5c79
                                                0x7ff600af5c7e
                                                0x7ff600af5c8c
                                                0x7ff600af5c91
                                                0x7ff600af5c95
                                                0x7ff600af5ca2
                                                0x7ff600af5ca9
                                                0x7ff600af5cad
                                                0x7ff600af5cb1
                                                0x7ff600af5cb8
                                                0x7ff600af5cc1
                                                0x7ff600af5ccf
                                                0x7ff600af5cd4
                                                0x7ff600af5cd8
                                                0x7ff600af5cde
                                                0x7ff600af5ceb
                                                0x7ff600af5cf2
                                                0x7ff600af5cf6
                                                0x7ff600af5cfd
                                                0x7ff600af5d06
                                                0x7ff600af5d06
                                                0x7ff600af5d0d
                                                0x7ff600af5d11
                                                0x7ff600af5d17
                                                0x7ff600af5d1e
                                                0x7ff600af5d25
                                                0x7ff600af5d2c
                                                0x7ff600af5d33
                                                0x7ff600af5d39
                                                0x7ff600af5d39
                                                0x7ff600af5d40
                                                0x7ff600af5d43
                                                0x7ff600af5d47
                                                0x7ff600af5d4a
                                                0x7ff600af5d51
                                                0x7ff600af5d57
                                                0x7ff600af5d60
                                                0x7ff600af5d6d
                                                0x7ff600af5d72
                                                0x7ff600af5d72
                                                0x7ff600af5d7c
                                                0x7ff600af5d8c
                                                0x7ff600af5d9a
                                                0x7ff600af5d9e
                                                0x7ff600af5da6
                                                0x7ff600af5daa
                                                0x7ff600af5db8
                                                0x7ff600af5dba
                                                0x7ff600af5dbc
                                                0x7ff600af5dcb
                                                0x7ff600af5dcd
                                                0x7ff600af5dd6
                                                0x7ff600af5dd8
                                                0x7ff600af5de1
                                                0x7ff600af5de3
                                                0x7ff600af5de6
                                                0x7ff600af5def
                                                0x7ff600af5df7
                                                0x7ff600af5e06
                                                0x7ff600af5e0e
                                                0x7ff600af5e10
                                                0x7ff600af5e17
                                                0x7ff600af5e1a
                                                0x7ff600af5e25
                                                0x7ff600af5e2e
                                                0x7ff600af5e33
                                                0x7ff600af5e37
                                                0x7ff600af5e3b
                                                0x7ff600af5e40
                                                0x7ff600af5e45
                                                0x7ff600af5e49
                                                0x7ff600af5e4d
                                                0x7ff600af5e52
                                                0x7ff600af5e57
                                                0x7ff600af5e5b
                                                0x7ff600af5e5f
                                                0x7ff600af5e64
                                                0x7ff600af5e68
                                                0x7ff600af5e6b
                                                0x7ff600af5e70
                                                0x7ff600af5e74
                                                0x7ff600af5e79
                                                0x7ff600af5e7d
                                                0x7ff600af5e82
                                                0x7ff600af5e86
                                                0x7ff600af5e8b
                                                0x7ff600af5e8f
                                                0x7ff600af5e94
                                                0x7ff600af5e98
                                                0x7ff600af5e9d
                                                0x7ff600af5ea1
                                                0x7ff600af5ea6
                                                0x7ff600af5eab
                                                0x7ff600af5eb2
                                                0x7ff600af5eba
                                                0x7ff600af5ec6
                                                0x7ff600af5ece
                                                0x7ff600af5ed6
                                                0x7ff600af5eda
                                                0x7ff600af5ee2
                                                0x7ff600af5ee7
                                                0x7ff600af5eef
                                                0x7ff600af5ef4
                                                0x7ff600af5efc
                                                0x7ff600af5f01
                                                0x7ff600af5f09
                                                0x7ff600af5f0e
                                                0x7ff600af5f16
                                                0x7ff600af5f1b
                                                0x7ff600af5f24
                                                0x7ff600af5f29
                                                0x7ff600af5f2f
                                                0x7ff600af5f3b
                                                0x7ff600af5f40
                                                0x7ff600af5f47
                                                0x7ff600af5f4b
                                                0x7ff600af5f58
                                                0x7ff600af5f5f
                                                0x7ff600af5f63
                                                0x7ff600af5f6a
                                                0x7ff600af5f6e
                                                0x7ff600af5f75
                                                0x7ff600af5f79
                                                0x7ff600af5f80
                                                0x7ff600af5f84
                                                0x7ff600af5f8b
                                                0x7ff600af5f8f
                                                0x7ff600af5f96
                                                0x7ff600af5f9a
                                                0x7ff600af5fa2
                                                0x7ff600af5fa6
                                                0x7ff600af5fab
                                                0x7ff600af5fb5
                                                0x7ff600af5fbf
                                                0x7ff600af5fcc
                                                0x7ff600af5fd1
                                                0x7ff600af5fd7
                                                0x7ff600af5fe7
                                                0x7ff600af5ff7
                                                0x7ff600af6007
                                                0x7ff600af6013
                                                0x7ff600af6018
                                                0x7ff600af601d
                                                0x7ff600af601f
                                                0x7ff600af602b
                                                0x7ff600af6033
                                                0x7ff600af603a
                                                0x7ff600af6041
                                                0x7ff600af6048
                                                0x7ff600af604f
                                                0x7ff600af6056
                                                0x7ff600af605a
                                                0x7ff600af605d
                                                0x7ff600af6064
                                                0x7ff600af606c
                                                0x7ff600af6074
                                                0x7ff600af607c
                                                0x7ff600af6083
                                                0x7ff600af6086
                                                0x7ff600af608d
                                                0x7ff600af6099
                                                0x7ff600af609b
                                                0x7ff600af60a5
                                                0x7ff600af60ac
                                                0x7ff600af60b8
                                                0x7ff600af60ba
                                                0x7ff600af60bd
                                                0x7ff600af60be
                                                0x7ff600af60c0
                                                0x7ff600af60c2
                                                0x7ff600af60d0
                                                0x7ff600af60d9
                                                0x7ff600af610c

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Info
                                                • String ID:
                                                • API String ID: 1807457897-0
                                                • Opcode ID: 8e0ed202863a3c7404d3e85a630362de531c2a7c708eb7437705dbbdf6b9117a
                                                • Instruction ID: f40f746619478f8aa197f0e64fb9a1cae5b51828aaf21febc886f19761c4a485
                                                • Opcode Fuzzy Hash: 8e0ed202863a3c7404d3e85a630362de531c2a7c708eb7437705dbbdf6b9117a
                                                • Instruction Fuzzy Hash: AC128523A08BC196E751CF2894052F973A8FB58748F259235EB9C8379BEF39E595C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B050CC Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: 8520d4aa01d68724934428e78db0d620daa9067d5f2c0f172a722713d8f4a272
                                                • Instruction ID: 59248af724255e867e4847c4bde7f2c6faf52a6c6dc88dde82c598937b45896c
                                                • Opcode Fuzzy Hash: 8520d4aa01d68724934428e78db0d620daa9067d5f2c0f172a722713d8f4a272
                                                • Instruction Fuzzy Hash: A4B16073604B448BEB25CF29C98636D77A0F745B88F258921DB5E87BA8CF3AD451CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF1BA0 Relevance: 1.6, APIs: 1, Instructions: 148COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 84%
                                                			E00007FF67FF600AF1BA0(long long __rbx, void* __rcx, void* __rdx, long long __rsi, signed int __r8, void* __r9) {
				void* _t8;
				void* _t9;
				signed long long _t24;
				signed long long _t26;
				void* _t29;

				 *((long long*)(_t29 + 8)) = __rbx;
				 *(_t29 + 0x10) = _t24;
				 *((long long*)(_t29 + 0x18)) = __rsi;
				_t26 = (_t24 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(__rcx + _t26 * 2)) != _t9) goto 0xaf1bce;
				if (_t26 + 1 -  !__r8 <= 0) goto 0xaf1c07;
				asm("pushad");
				return _t8;
			}








                                                0x7ff600af1ba0
                                                0x7ff600af1ba5
                                                0x7ff600af1baa
                                                0x7ff600af1bce
                                                0x7ff600af1bd5
                                                0x7ff600af1be3
                                                0x7ff600af1bee
                                                0x7ff600af1c06

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b2f846fb139afb25c982bee60ed8c23a4f68c2ba15596246e16af699e5b80ea1
                                                • Instruction ID: bb61d46a10cc16867c7f372b24b5cbe0efeb1a197aae45b90ed7daf67d31da53
                                                • Opcode Fuzzy Hash: b2f846fb139afb25c982bee60ed8c23a4f68c2ba15596246e16af699e5b80ea1
                                                • Instruction Fuzzy Hash: F651B323B08791A4F7209BB6A9405BE7BA5AB44BD4F244235EE9D87B8ADF3CD441C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF89CC Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 62%
                                                			E00007FF67FF600AF89CC(void* __ecx, void* __edx, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r9, long long _a16, long long _a24) {
				void* _v8;
				signed int _v24;
				void* _v264;
				void* _t26;
				void* _t28;
				void* _t29;
				signed long long _t38;
				signed long long _t39;
				long long _t46;
				signed long long _t47;
				intOrPtr _t54;
				signed long long* _t66;
				signed long long _t68;
				void* _t70;

				_t75 = __r9;
				_t49 = __rcx;
				_t29 = __edx;
				_t28 = __ecx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t38 =  *0xb2fde8; // 0xc4f55cf73642
				_t39 = _t38 ^ _t70 - 0x00000120;
				_v24 = _t39;
				_t46 = __rcx;
				E00007FF67FF600AEA310(_t39, __rcx, __rcx, __rdx, __rsi, __r9);
				_t68 = _t39;
				E00007FF67FF600AEA310(_t39, _t46, _t49, __rdx, _t68, __r9);
				_t66 =  *((intOrPtr*)(_t39 + 0x3a0));
				E00007FF67FF600AF8AD4(_t46, __rdx);
				r9d = 0x78;
				_t47 = _t39;
				asm("sbb edx, edx");
				GetLocaleInfoW(??, ??, ??, ??);
				if (_t39 != 0) goto 0xaf8a47;
				 *_t66 =  *_t66 & _t39;
				ds =  *0x8B4868EB48000001;
				E00007FF67FF600ACE450(0x1, _t39);
				_t54 =  *((intOrPtr*)(_t68 + 0xb0));
				if (0x1 != 0) goto 0xaf8a6b;
				if (_t54 != 0) goto 0xaf8a9c;
				goto 0xaf8a8e;
				if (_t54 != 0) goto 0xaf8aa5;
				if ( *((intOrPtr*)(_t68 + 0xac)) == _t54) goto 0xaf8aa5;
				E00007FF67FF600ACE450(0x1,  *((intOrPtr*)(_t68 + 0x98)));
				if (0x1 != 0) goto 0xaf8aa5;
				_t26 = E00007FF67FF600AF8BF8(_t28, _t29, 0x1, _t47, _t47, 0, _t68, _t75);
				if (0x1 == 0) goto 0xaf8aa5;
				 *_t66 =  *_t66 | 0x00000004;
				_t66[0] = _t47;
				_t66[1] = _t47;
				return E00007FF67FF600AA5980(_t26, _t28, _v24 ^ _t70 - 0x00000120);
			}

















                                                0x7ff600af89cc
                                                0x7ff600af89cc
                                                0x7ff600af89cc
                                                0x7ff600af89cc
                                                0x7ff600af89cc
                                                0x7ff600af89d1
                                                0x7ff600af89de
                                                0x7ff600af89e5
                                                0x7ff600af89e8
                                                0x7ff600af89f0
                                                0x7ff600af89f3
                                                0x7ff600af89f8
                                                0x7ff600af89fb
                                                0x7ff600af8a03
                                                0x7ff600af8a0a
                                                0x7ff600af8a1c
                                                0x7ff600af8a24
                                                0x7ff600af8a26
                                                0x7ff600af8a34
                                                0x7ff600af8a3c
                                                0x7ff600af8a3e
                                                0x7ff600af8a49
                                                0x7ff600af8a53
                                                0x7ff600af8a58
                                                0x7ff600af8a60
                                                0x7ff600af8a64
                                                0x7ff600af8a69
                                                0x7ff600af8a6d
                                                0x7ff600af8a75
                                                0x7ff600af8a83
                                                0x7ff600af8a8a
                                                0x7ff600af8a93
                                                0x7ff600af8a9a
                                                0x7ff600af8a9c
                                                0x7ff600af8a9f
                                                0x7ff600af8aa2
                                                0x7ff600af8ad3

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • GetLocaleInfoW.KERNEL32 ref: 00007FF600AF8A34
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$InfoLocale
                                                • String ID:
                                                • API String ID: 3736152602-0
                                                • Opcode ID: 673631853fb50ac6e3f60e7cb1d444cc3513e331558ce1049eb050b2e6a85dd4
                                                • Instruction ID: 978415ce68781cb9ce56f7ed75d0ae5c4eb9e8f9e4801ed04c3d80f1eba11e45
                                                • Opcode Fuzzy Hash: 673631853fb50ac6e3f60e7cb1d444cc3513e331558ce1049eb050b2e6a85dd4
                                                • Instruction Fuzzy Hash: 2331C333B0868296EB28DB61D8413BA73A5FB89780F258035DA5EC378ADF3CE4018700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF85F0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 61%
                                                			E00007FF67FF600AF85F0(signed char __ecx, signed int __edx, signed long long __rax, long long __rbx, long long __rcx, void* __rdx, signed int __r8, void* __r9, long long _a8) {
				signed int _t32;
				signed char _t33;
				signed char _t34;
				signed char _t35;
				signed int _t36;
				signed short* _t39;
				signed int _t47;
				signed long long _t49;
				long long* _t55;
				signed short** _t63;
				void* _t66;
				signed long long _t71;
				signed long long _t75;

				_t49 = __rax;
				_t36 = __edx;
				_t35 = __ecx;
				_a8 = __rbx;
				_t55 = __rcx;
				E00007FF67FF600AEA310(__rax, __rcx, __rcx, __rdx, _t66, __r9);
				_t71 = __r8 | 0xffffffff;
				_t2 = _t49 + 0x98; // 0x98
				_t63 = _t2;
				_t75 = _t71 + 1;
				if (( *_t63)[_t75] != _t39) goto 0xaf8615;
				_t63[3] = 0;
				if (_t63[1][_t71 + 1] != _t39) goto 0xaf862f;
				r8d = 2;
				_t63[3] = 0;
				 *((long long*)(_t55 + 4)) = 0;
				if (_t63[3] != 0) goto 0xaf867e;
				r10d = _t39;
				r9d =  *( *_t63) & 0x0000ffff;
				_t16 = _t75 - 0x41; // 0x58
				_t32 = _t16;
				if (_t32 - 0x19 <= 0) goto 0xaf8676;
				r9w = r9w - 0x61;
				if (r9w - 0x19 > 0) goto 0xaf867b;
				r10d =  &(r10d[0]);
				goto 0xaf8659;
				r8d = r10d;
				_t63[2] = r8d;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) + _t32;
				_t47 = _t35 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t47 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t47 > 0x00000000;
				if ((_t34 & (_t36 & 0xffffff00 | _t47 != 0x00000000) & _t33) != 0) goto 0xaf86b2;
				 *_t55 = 0;
				return _t34;
			}
















                                                0x7ff600af85f0
                                                0x7ff600af85f0
                                                0x7ff600af85f0
                                                0x7ff600af85f0
                                                0x7ff600af85fa
                                                0x7ff600af85fd
                                                0x7ff600af8602
                                                0x7ff600af860b
                                                0x7ff600af860b
                                                0x7ff600af8615
                                                0x7ff600af861d
                                                0x7ff600af8628
                                                0x7ff600af8637
                                                0x7ff600af863f
                                                0x7ff600af8648
                                                0x7ff600af864b
                                                0x7ff600af8651
                                                0x7ff600af8656
                                                0x7ff600af8659
                                                0x7ff600af8660
                                                0x7ff600af8660
                                                0x7ff600af8668
                                                0x7ff600af866a
                                                0x7ff600af8674
                                                0x7ff600af8676
                                                0x7ff600af8679
                                                0x7ff600af867b
                                                0x7ff600af867e
                                                0x7ff600af8692
                                                0x7ff600af8696
                                                0x7ff600af869c
                                                0x7ff600af86a0
                                                0x7ff600af86a5
                                                0x7ff600af86a9
                                                0x7ff600af86ae
                                                0x7ff600af86b0
                                                0x7ff600af86bc

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF600AF8E27,?,00000000,00000092,?,?,00000000,?,00007FF600AE543D), ref: 00007FF600AF868E
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2417226690-0
                                                • Opcode ID: 12c1d7bb6c56051116a4226746c753ee8c1640f3fe42efc60e413223609d6a56
                                                • Instruction ID: 19f8fe3881ad2430bafab11381956cd3a8c24c2fb6f4e02ab27b9a10f29a87ca
                                                • Opcode Fuzzy Hash: 12c1d7bb6c56051116a4226746c753ee8c1640f3fe42efc60e413223609d6a56
                                                • Instruction Fuzzy Hash: 6E11CD63E486459AEB548F69D0406B87BA1FB90BE4F648135C62A833DADE2CE5D1C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF8BF8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 56%
                                                			E00007FF67FF600AF8BF8(void* __ecx, void* __edx, signed long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, void* __r9, intOrPtr _a8, long long _a16, long long _a24) {
				void* _t12;
				void* _t13;
				long long _t28;
				void* _t40;
				signed short* _t49;

				_t13 = __ecx;
				_a16 = __rbx;
				_a24 = __rsi;
				_t28 = __rcx;
				_t12 = E00007FF67FF600AEA310(__rax, __rcx, __rcx, __rdx, __rdx, __r9);
				r9d = 2;
				asm("bts ecx, 0xa");
				asm("adc eax, 0xe9c3");
				r10d = 0;
				if (__rax == 0) goto 0xaf8c91;
				if (_t28 == _a8) goto 0xaf8c8a;
				if (__rdx == 0) goto 0xaf8c8a;
				_t49 =  *((intOrPtr*)(_t40 + 0x98));
				r8d = r10d;
				if (_t12 - 0x19 <= 0) goto 0xaf8c6b;
				if (( *_t49 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0xaf8c77;
				r8d = r8d + 1;
				goto 0xaf8c58;
				if (_t49[( &(_t49[2]) | 0xffffffff) + 1] != r10w) goto 0xaf8c7b;
				if (r8d == _t13) goto 0xaf8c91;
				return _t12;
			}








                                                0x7ff600af8bf8
                                                0x7ff600af8bf8
                                                0x7ff600af8bfd
                                                0x7ff600af8c09
                                                0x7ff600af8c0b
                                                0x7ff600af8c1d
                                                0x7ff600af8c23
                                                0x7ff600af8c30
                                                0x7ff600af8c35
                                                0x7ff600af8c3a
                                                0x7ff600af8c40
                                                0x7ff600af8c44
                                                0x7ff600af8c46
                                                0x7ff600af8c4d
                                                0x7ff600af8c5f
                                                0x7ff600af8c69
                                                0x7ff600af8c6e
                                                0x7ff600af8c75
                                                0x7ff600af8c83
                                                0x7ff600af8c88
                                                0x7ff600af8ca2

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • GetLocaleInfoW.KERNEL32(?,?,?,00007FF600AF897D), ref: 00007FF600AF8C2F
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$InfoLocale
                                                • String ID:
                                                • API String ID: 3736152602-0
                                                • Opcode ID: 9fbc0463090328315cbcf954a53b042a9dd66fda6aec79c4d662850213bee28a
                                                • Instruction ID: f0f4de9c504033090a2fdc2d31b35e64ad67f687d49252d97f298f9a8cd5f44a
                                                • Opcode Fuzzy Hash: 9fbc0463090328315cbcf954a53b042a9dd66fda6aec79c4d662850213bee28a
                                                • Instruction Fuzzy Hash: F1115C33A5D59292E7644752D04167E2364EB00760F244232DB2D877CECF3DE4828740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF86C0 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 63%
                                                			E00007FF67FF600AF86C0(void* __ecx, void* __edx, signed long long __rax, long long __rbx, long long __rcx, void* __rdx, signed int __r8, long long _a8) {
				void* _t12;
				intOrPtr _t17;
				signed char* _t26;
				signed short* _t31;
				void* _t35;
				signed long long _t41;
				void* _t42;

				_a8 = __rbx;
				_t26 = __rcx;
				E00007FF67FF600AEA310(__rax, __rcx, __rcx, __rdx, _t35, _t42);
				_t31 =  *((intOrPtr*)(__rax + 0x98));
				_t41 = (__r8 | 0xffffffff) + 1;
				if (_t31[_t41] != _t17) goto 0xaf86e2;
				_t31[0x58] = 0;
				if (_t41 == 3) goto 0xaf872b;
				r9d = _t17;
				r8d =  *_t31 & 0x0000ffff;
				_t12 = _t41 - 0x41;
				if (_t12 - 0x19 <= 0) goto 0xaf8723;
				r8w = r8w - 0x61;
				if (r8w - 0x19 > 0) goto 0xaf8728;
				r9d = r9d + 1;
				goto 0xaf8706;
				 *((intOrPtr*)(__rax + 0xac)) = r9d;
				dil = dil + dil;
				asm("adc eax, 0xeecc");
				if (( *_t26 & 0x00000004) != 0) goto 0xaf874b;
				 *_t26 = 0;
				return _t12 +  *((intOrPtr*)(0));
			}










                                                0x7ff600af86c0
                                                0x7ff600af86ca
                                                0x7ff600af86cd
                                                0x7ff600af86db
                                                0x7ff600af86e2
                                                0x7ff600af86ea
                                                0x7ff600af86fb
                                                0x7ff600af8701
                                                0x7ff600af8703
                                                0x7ff600af8706
                                                0x7ff600af870d
                                                0x7ff600af8715
                                                0x7ff600af8717
                                                0x7ff600af8721
                                                0x7ff600af8723
                                                0x7ff600af8726
                                                0x7ff600af872b
                                                0x7ff600af873d
                                                0x7ff600af873f
                                                0x7ff600af8747
                                                0x7ff600af8749
                                                0x7ff600af8755

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF600AF8DE3,?,00000000,00000092,?,?,00000000,?,00007FF600AE543D), ref: 00007FF600AF873E
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2417226690-0
                                                • Opcode ID: 219eb37c5c9e095f572d5ff1b3f92041622900217aa2d3861ccb734721c19170
                                                • Instruction ID: 2e0ebc415c23be65091c7ac7947b5bc82b850dace12e7226ca4806623a0859f3
                                                • Opcode Fuzzy Hash: 219eb37c5c9e095f572d5ff1b3f92041622900217aa2d3861ccb734721c19170
                                                • Instruction Fuzzy Hash: 83012873F0C28296E7105F65E4407B976D5EB50BA4F758231D269877CADF7DA480CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEC1C8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 58%
                                                			E00007FF67FF600AEC1C8(void* __edx, long long __rbx, void* __rdx, intOrPtr* __r8, long long __r9, long long _a8, long long _a32) {
				void* _t5;
				long long _t19;

				_a8 = __rbx;
				_a32 = __r9;
				E00007FF67FF600AF087C();
				asm("enter 0x334c, 0xc2");
				 *0xb36920 =  *((intOrPtr*)( *__r8));
				asm("invalid");
				asm("invalid");
				asm("adc eax, 0x1b3f3");
				_t19 =  *0xb2fde8; // 0xc4f55cf73642
				 *0xb36920 = _t19;
				E00007FF67FF600AF08D0();
				return _t5;
			}





                                                0x7ff600aec1c8
                                                0x7ff600aec1cd
                                                0x7ff600aec1df
                                                0x7ff600aec200
                                                0x7ff600aec204
                                                0x7ff600aec214
                                                0x7ff600aec216
                                                0x7ff600aec218
                                                0x7ff600aec21f
                                                0x7ff600aec226
                                                0x7ff600aec22f
                                                0x7ff600aec240

                                                APIs
                                                • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF600AED081,?,?,?,?,?,?,?,?,00000000,00007FF600AF7B10), ref: 00007FF600AEC217
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2099609381-0
                                                • Opcode ID: a41542a6186c3b9737bbd801b3c1c233e7a75171b7bbe284fb1296c9de023619
                                                • Instruction ID: cfb3e404a1200476200acd73013999abe3d49be64a653fd50e07cc3044a45952
                                                • Opcode Fuzzy Hash: a41542a6186c3b9737bbd801b3c1c233e7a75171b7bbe284fb1296c9de023619
                                                • Instruction Fuzzy Hash: 06F06972A08A45A3E700CB19E8406A93366EB9D7C0F248135DA0EC336ADF3CD8918340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF856C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 50%
                                                			E00007FF67FF600AF856C(void* __edx, signed long long __rax, long long __rbx, long long __rcx, signed int __rdx, long long _a8) {
				int _t11;
				void* _t13;
				signed char* _t21;
				void* _t30;
				void* _t35;

				_a8 = __rbx;
				_t21 = __rcx;
				E00007FF67FF600AEA310(__rax, __rcx, __rcx, __rdx, _t30, _t35);
				if ( *((intOrPtr*)( *((intOrPtr*)(__rax + 0xa0)) + ((__rdx | 0xffffffff) + 1) * 2)) != _t13) goto 0xaf858e;
				 *0x000000B4 = 0;
				_t11 = EnumSystemLocalesW(??, ??);
				if (( *_t21 & 0x00000004) != 0) goto 0xaf85c0;
				 *_t21 = 0;
				return _t11;
			}








                                                0x7ff600af856c
                                                0x7ff600af8576
                                                0x7ff600af8579
                                                0x7ff600af8595
                                                0x7ff600af85ad
                                                0x7ff600af85b3
                                                0x7ff600af85bc
                                                0x7ff600af85be
                                                0x7ff600af85ca

                                                APIs
                                                  • Part of subcall function 00007FF600AEA310: GetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA31F
                                                  • Part of subcall function 00007FF600AEA310: SetLastError.KERNEL32(?,?,?,00007FF600ABD27F,?,?,?,00007FF600ACE4E7), ref: 00007FF600AEA3BD
                                                • EnumSystemLocalesW.KERNEL32 ref: 00007FF600AF85B3
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2417226690-0
                                                • Opcode ID: 4f35de9b6803554e2eaf2e29f6402ca17a1d069863b106195f2838cf3ba6fb50
                                                • Instruction ID: 1241d439d47bc337f31a8cc2f9643ca8023ec6eacf17ded2967e3e744a3ba0a7
                                                • Opcode Fuzzy Hash: 4f35de9b6803554e2eaf2e29f6402ca17a1d069863b106195f2838cf3ba6fb50
                                                • Instruction Fuzzy Hash: 47F05463A0868552EB105F65E540369BAE5EB51BA0F258231D679833EADF7CD4808701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEC2EC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00007FF67FF600AEC2EC(void* __rcx) {
				signed int* _t4;
				signed long long _t8;
				signed long long _t13;

				_t13 =  *0xb2fde8; // 0xc4f55cf73642
				asm("enter 0x8b48, 0x2");
				asm("dec eax");
				 *0xb36920 =  *_t4 ^ _t13;
				 *_t4 = _t4 +  *_t4;
				_t8 =  *0xb2fde8; // 0xc4f55cf73642
				 *0xb36920 = _t8;
				return r8d;
			}






                                                0x7ff600aec2f0
                                                0x7ff600aec306
                                                0x7ff600aec30d
                                                0x7ff600aec31a
                                                0x7ff600aec32a
                                                0x7ff600aec32c
                                                0x7ff600aec333
                                                0x7ff600aec33e

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2099609381-0
                                                • Opcode ID: e6e8d84d63df8e63a82d0d13ffa6a70c62a5e998ed7f7eb6ca94c190ba9b7f8e
                                                • Instruction ID: ba30e0dc3d80222b97c32a0ec88a1a85c4f358fa446d09bc98452789c8950a9e
                                                • Opcode Fuzzy Hash: e6e8d84d63df8e63a82d0d13ffa6a70c62a5e998ed7f7eb6ca94c190ba9b7f8e
                                                • Instruction Fuzzy Hash: 93E012A5B59A02A1FB04DB15EC552753361AB9EBD0F609136D90EC7328DF3DD4968300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEC368 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2099609381-0
                                                • Opcode ID: a7f3c290f57d5791c414e21ce719c86892a4a7ef8406031881f20a7ad22c9ade
                                                • Instruction ID: 5fbb42c0cb7a4227b8e85822b0db2eda5742ae626d3eb9bb14eee6ddc907764b
                                                • Opcode Fuzzy Hash: a7f3c290f57d5791c414e21ce719c86892a4a7ef8406031881f20a7ad22c9ade
                                                • Instruction Fuzzy Hash: 8DE08661E59A43A2E7049B41FC507742331AFDE790FB04135D90F87328EF3EA5964300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7A230 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00007FF67FF600A7A230() {
				long long _v24;
				long _t4;
				signed long long _t6;

				_t4 = GetVersion();
				if ((_t6 & 0x80000000) != 0) goto 0xa7a24d;
				_v24 = 1;
				goto 0xa7a255;
				_v24 = 0;
				return _t4;
			}






                                                0x7ff600a7a234
                                                0x7ff600a7a241
                                                0x7ff600a7a243
                                                0x7ff600a7a24b
                                                0x7ff600a7a24d
                                                0x7ff600a7a25d

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Version
                                                • String ID:
                                                • API String ID: 1889659487-0
                                                • Opcode ID: 3d727bdde7665e745d9c4b5f05e7e3c57a6d5b39fe0d9a26b38765753eebf77f
                                                • Instruction ID: 33ed5a396777b8faed09b606b2c57c91ae78ab1c17ccc63fe8cfeda1c69d3d25
                                                • Opcode Fuzzy Hash: 3d727bdde7665e745d9c4b5f05e7e3c57a6d5b39fe0d9a26b38765753eebf77f
                                                • Instruction Fuzzy Hash: B6D0C972D0C582E7F3305B44D80536AA7A0BBE5308F640234EA9D8976EDF7EE5548E45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEA720 Relevance: 1.5, Strings: 1, Instructions: 251COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 84%
                                                			E00007FF67FF600AEA720(void* __rax, long long __rbx, unsigned int* __rcx, signed char* __rdx, long long __rsi, signed int __r8, void* __r9) {
				void* __rdi;
				void* _t67;
				intOrPtr _t74;
				void* _t75;
				signed char _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				void* _t82;
				signed char _t86;
				signed char* _t101;
				void* _t107;
				unsigned long long _t125;
				signed char* _t130;
				void* _t147;
				signed char* _t165;
				signed char* _t178;
				intOrPtr* _t179;
				signed long long _t184;
				signed long long _t185;
				signed long long _t186;
				void* _t205;
				long long _t206;
				signed char* _t207;
				void* _t208;
				long long _t216;
				intOrPtr* _t218;
				signed int* _t219;
				void* _t221;
				void* _t222;
				signed int* _t227;
				signed int* _t228;
				signed int* _t229;
				signed int* _t232;
				void* _t233;
				void* _t235;
				void* _t237;
				void* _t239;
				long long _t241;
				char* _t242;
				void* _t243;
				void* _t246;
				unsigned int* _t247;

				_t235 = _t221;
				 *((long long*)(_t235 + 8)) = __rbx;
				 *((long long*)(_t235 + 0x10)) = _t216;
				 *((long long*)(_t235 + 0x18)) = __rsi;
				_push(_t205);
				_push(_t237);
				_t222 = _t221 - 0x70;
				r14d = 0;
				 *__rdx = r14b;
				_t165 = __rdx;
				_t247 = __rcx;
				_t206 =  >=  ?  *((intOrPtr*)(_t222 + 0xc8)) : _t205;
				_t67 = E00007FF67FF600ABD240( *((intOrPtr*)(_t222 + 0xc8)), __rdx, _t235 - 0x48,  *((intOrPtr*)(_t222 + 0xe0)), __r8, _t246);
				_t7 = _t206 + 0xb; // 0xb
				_t125 = _t7;
				if (__r8 - _t67 > 0) goto 0xaea78e;
				E00007FF67FF600AE8D04(_t125);
				_t8 = _t241 + 0x22; // 0x22
				 *_t125 = _t206;
				E00007FF67FF600ACE12C();
				goto 0xaeaa6d;
				if ((_t125 >> 0x00000034 & 0x000007ff) != 0x7ff) goto 0xaea82a;
				 *((long long*)(_t222 + 0x48)) =  *((intOrPtr*)(_t222 + 0xe8));
				_t225 = __r8;
				 *((long long*)(_t222 + 0x40)) = _t241;
				 *((long long*)(_t222 + 0x38)) =  *((intOrPtr*)(_t222 + 0xd8));
				_t130 =  *((intOrPtr*)(_t222 + 0xc0));
				 *(_t222 + 0x30) = r14b;
				 *((long long*)(_t222 + 0x28)) = _t206;
				 *(_t222 + 0x20) = _t130;
				E00007FF67FF600AEAAA0(_t165, __rcx, _t165, __r8, __r8, _t233);
				_t207 = _t130;
				_t101 = _t130;
				if (_t101 == 0) goto 0xaea7f9;
				 *_t165 = r14b;
				goto 0xaeaa6d;
				if (_t101 != 0) goto 0xaea7b7;
				 *_t130 =  &(_t130[ *_t130]);
				if (_t130 == 0) goto 0xaeaa6a;
				_t86 = (( *(_t222 + 0xd0) ^ 0x00000001) << 5) + 0x50;
				 *_t130 = _t86;
				_t130[3] = r14b;
				goto 0xaeaa6a;
				 *0x79C98547C3FF4830 =  *0x79C98547C3FF4830 | _t86;
				_t23 =  &(_t165[1]); // 0x3
				_t218 = _t23;
				r12d = 0x3ff;
				r13d = ( *(_t222 + 0xd0) ^ 0x00000001) & 0x000000ff;
				r9d = 0x30;
				if ((0x00000000 &  *_t247) != 0) goto 0xaea893;
				 *_t165 = r9b;
				asm("dec ebp");
				r12d = r12d & 0x000003fe;
				goto 0xaea896;
				 *_t165 = 0x31;
				_t26 = _t218 + 1; // 0x3
				_t242 = _t26;
				if (_t207 != 0) goto 0xaea8a4;
				goto 0xaea8b5;
				_t74 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t222 + 0x58)) + 0xf8))))));
				 *_t218 = _t74;
				if (( *_t247 & 0xffffffff) <= 0) goto 0xaea952;
				r8d = r9w & 0xffffffff;
				if (_t207 <= 0) goto 0xaea902;
				_t75 = _t74 + r9w;
				_t107 = _t75 - 0x39;
				if (_t107 <= 0) goto 0xaea8ef;
				 *_t242 = _t75 + r13d;
				_t208 = _t207 - 1;
				_t243 = _t242 + 1;
				r8w = r8w + 0xfffc;
				if (_t107 >= 0) goto 0xaea8cf;
				if (r8w < 0) goto 0xaea952;
				r9d =  *((intOrPtr*)(_t222 + 0xe8));
				_t77 = E00007FF67FF600AEB1A8(_t75 + r13d, _t82, 0, _t247, 0 >> 4, _t208, (__r8 << 5) + 7, _t218, _t241, _t239);
				r9d = 0x30;
				if (_t77 == 0) goto 0xaea952;
				_t32 = _t243 - 1; // 0x3
				_t178 = _t32;
				if ((_t77 & 0x000000df) != 0) goto 0xaea937;
				 *_t178 = r9b;
				_t179 = _t178 - 1;
				goto 0xaea926;
				if (_t179 == _t218) goto 0xaea94f;
				if ( *_t178 != 0x39) goto 0xaea947;
				sil = sil + 0x3a;
				goto 0xaea94a;
				 *_t179 = sil;
				goto 0xaea952;
				 *((char*)(_t179 - 1)) =  *((char*)(_t179 - 1)) + 1;
				if (_t208 <= 0) goto 0xaea96b;
				r8d = _t8;
				_t78 = E00007FF67FF600AA7EF0(_t77, r9b, _t243, 0 >> 4, _t225);
				_t219 =  !=  ? _t243 + _t208 : _t218;
				r13b = r13b << 5;
				r13b = r13b + 0x50;
				 *_t219 = r13b;
				_t39 =  &(_t219[0]); // 0x4
				_t232 = _t39;
				if ( *_t218 - _t82 >= 0) goto 0xaea99e;
				_t184 = _t237 - ( *_t247 >> 0x00000034 & 0x000007ff);
				_t147 =  <  ? 0x48f633450000002d : 0x2b;
				_t219[0] = _t78;
				 *_t232 = 0x30;
				if (_t184 - 0x3e8 < 0) goto 0xaea9f1;
				_t42 =  &(_t232[0]); // 0x5
				_t227 = _t42;
				_t79 = _t78 * _t184;
				 *_t232 = _t79;
				_t185 = _t184 + 0x175b7544c2bc870;
				if (_t227 != _t232) goto 0xaea9fc;
				if (_t185 - 0x64 < 0) goto 0xaeaa2a;
				_t80 = _t79 * _t185;
				 *_t227 = _t80;
				_t228 =  &(_t227[0]);
				_t186 = _t185 + ((0x175b75a + _t185 >> 6) + (0x175b75a + _t185 >> 6 >> 0x3f)) * 0xffffff9c;
				if (_t228 != _t232) goto 0xaeaa35;
				if (_t186 - 0xa < 0) goto 0xaeaa60;
				_t81 = _t80 * _t186;
				 *_t228 = _t81;
				_t229 =  &(_t228[0]);
				 *_t229 = r8b + 0x30;
				_t229[0] = r14b;
				if ( *((intOrPtr*)(_t222 + 0x68)) == r14b) goto 0xaeaa80;
				 *( *((intOrPtr*)(_t222 + 0x50)) + 0x3a8) =  *( *((intOrPtr*)(_t222 + 0x50)) + 0x3a8) & 0xfffffffd;
				return _t81;
			}















































                                                0x7ff600aea720
                                                0x7ff600aea723
                                                0x7ff600aea727
                                                0x7ff600aea72b
                                                0x7ff600aea72f
                                                0x7ff600aea730
                                                0x7ff600aea738
                                                0x7ff600aea743
                                                0x7ff600aea748
                                                0x7ff600aea74b
                                                0x7ff600aea74e
                                                0x7ff600aea763
                                                0x7ff600aea769
                                                0x7ff600aea76e
                                                0x7ff600aea76e
                                                0x7ff600aea777
                                                0x7ff600aea779
                                                0x7ff600aea77e
                                                0x7ff600aea782
                                                0x7ff600aea784
                                                0x7ff600aea789
                                                0x7ff600aea7a3
                                                0x7ff600aea7b3
                                                0x7ff600aea7b7
                                                0x7ff600aea7c4
                                                0x7ff600aea7cc
                                                0x7ff600aea7d0
                                                0x7ff600aea7d8
                                                0x7ff600aea7dd
                                                0x7ff600aea7e1
                                                0x7ff600aea7e6
                                                0x7ff600aea7eb
                                                0x7ff600aea7ed
                                                0x7ff600aea7ef
                                                0x7ff600aea7f1
                                                0x7ff600aea7f4
                                                0x7ff600aea802
                                                0x7ff600aea804
                                                0x7ff600aea809
                                                0x7ff600aea81c
                                                0x7ff600aea81f
                                                0x7ff600aea821
                                                0x7ff600aea825
                                                0x7ff600aea833
                                                0x7ff600aea843
                                                0x7ff600aea843
                                                0x7ff600aea849
                                                0x7ff600aea84f
                                                0x7ff600aea853
                                                0x7ff600aea879
                                                0x7ff600aea87b
                                                0x7ff600aea887
                                                0x7ff600aea88a
                                                0x7ff600aea891
                                                0x7ff600aea893
                                                0x7ff600aea898
                                                0x7ff600aea898
                                                0x7ff600aea89e
                                                0x7ff600aea8a2
                                                0x7ff600aea8b3
                                                0x7ff600aea8b5
                                                0x7ff600aea8bb
                                                0x7ff600aea8c1
                                                0x7ff600aea8d1
                                                0x7ff600aea8e2
                                                0x7ff600aea8e6
                                                0x7ff600aea8ea
                                                0x7ff600aea8ef
                                                0x7ff600aea8f2
                                                0x7ff600aea8f4
                                                0x7ff600aea8fb
                                                0x7ff600aea900
                                                0x7ff600aea906
                                                0x7ff600aea908
                                                0x7ff600aea913
                                                0x7ff600aea918
                                                0x7ff600aea920
                                                0x7ff600aea922
                                                0x7ff600aea922
                                                0x7ff600aea92d
                                                0x7ff600aea92f
                                                0x7ff600aea932
                                                0x7ff600aea935
                                                0x7ff600aea93a
                                                0x7ff600aea93f
                                                0x7ff600aea941
                                                0x7ff600aea945
                                                0x7ff600aea94a
                                                0x7ff600aea94d
                                                0x7ff600aea94f
                                                0x7ff600aea954
                                                0x7ff600aea956
                                                0x7ff600aea961
                                                0x7ff600aea96e
                                                0x7ff600aea972
                                                0x7ff600aea976
                                                0x7ff600aea97a
                                                0x7ff600aea97e
                                                0x7ff600aea97e
                                                0x7ff600aea996
                                                0x7ff600aea99b
                                                0x7ff600aea9af
                                                0x7ff600aea9b2
                                                0x7ff600aea9b5
                                                0x7ff600aea9c0
                                                0x7ff600aea9cc
                                                0x7ff600aea9cc
                                                0x7ff600aea9d0
                                                0x7ff600aea9e4
                                                0x7ff600aea9ee
                                                0x7ff600aea9f4
                                                0x7ff600aea9fa
                                                0x7ff600aeaa06
                                                0x7ff600aeaa1d
                                                0x7ff600aeaa20
                                                0x7ff600aeaa27
                                                0x7ff600aeaa2d
                                                0x7ff600aeaa33
                                                0x7ff600aeaa3f
                                                0x7ff600aeaa53
                                                0x7ff600aeaa56
                                                0x7ff600aeaa63
                                                0x7ff600aeaa66
                                                0x7ff600aeaa72
                                                0x7ff600aeaa79
                                                0x7ff600aeaa9f

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: gfffffff
                                                • API String ID: 0-1523873471
                                                • Opcode ID: 4b09da894ff4a5c2b6b9f214abffdc3a29621b19cc545953aa57769cdb2db590
                                                • Instruction ID: fe8bd078ea27cd7faf1c91dfb3ace71235cc9a6bb4cb170efb998c6e0f51c28e
                                                • Opcode Fuzzy Hash: 4b09da894ff4a5c2b6b9f214abffdc3a29621b19cc545953aa57769cdb2db590
                                                • Instruction Fuzzy Hash: C4912763B097C65AEB15CB2994107B97B91AB61BC4F258032CE4D8778BEE3CF502C702
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEB2C8 Relevance: 1.5, Strings: 1, Instructions: 229COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 94%
                                                			E00007FF67FF600AEB2C8(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* __r14, intOrPtr _a40, intOrPtr _a48, void* _a64) {
				void* _t19;
				unsigned long long _t21;
				intOrPtr _t29;
				void* _t38;

				_t19 = _t38;
				 *((long long*)(_t19 + 8)) = __rbx;
				 *((long long*)(_t19 + 0x10)) = __rbp;
				 *((long long*)(_t19 + 0x18)) = __rsi;
				 *((long long*)(_t19 + 0x20)) = __rdi;
				if (__rdx != 0) goto 0xaeb30a;
				E00007FF67FF600AE8D04(_t19);
				asm("invalid");
				goto 0xaeb5ce;
				if (__r8 == 0) goto 0xaeb2f2;
				if (__r9 == 0) goto 0xaeb2f2;
				if (_a40 == 0) goto 0xaeb2f2;
				_t29 = _a48;
				if (_t29 == 0x41) goto 0xaeb33a;
				_t21 = _t29 - 0x45;
				if (_t21 - 2 <= 0) goto 0xaeb33a;
				r11b = 0;
				goto 0xaeb33d;
				r11b = 1;
				if ((r8b & 0x00000008) != 0) goto 0xaeb432;
				if ((_t21 >> 0x00000034 & 0x000007ff) != 0x7ff) goto 0xaeb432;
				r8d = 0xc;
			}







                                                0x7ff600aeb2c8
                                                0x7ff600aeb2cb
                                                0x7ff600aeb2cf
                                                0x7ff600aeb2d3
                                                0x7ff600aeb2d7
                                                0x7ff600aeb2f0
                                                0x7ff600aeb2f2
                                                0x7ff600aeb300
                                                0x7ff600aeb305
                                                0x7ff600aeb30d
                                                0x7ff600aeb312
                                                0x7ff600aeb31f
                                                0x7ff600aeb321
                                                0x7ff600aeb32b
                                                0x7ff600aeb32d
                                                0x7ff600aeb333
                                                0x7ff600aeb335
                                                0x7ff600aeb338
                                                0x7ff600aeb33a
                                                0x7ff600aeb349
                                                0x7ff600aeb364
                                                0x7ff600aeb377

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                • String ID: -
                                                • API String ID: 1010374628-2547889144
                                                • Opcode ID: 07db88fc6cc789df9ac3736d80a9e4567e4e2b8d82cc472b2ffcffde63f02fcc
                                                • Instruction ID: 660d916f3b0f6ebd17bb49d65fe761de9e5a070348c3295fbbde6995c7ab8880
                                                • Opcode Fuzzy Hash: 07db88fc6cc789df9ac3736d80a9e4567e4e2b8d82cc472b2ffcffde63f02fcc
                                                • Instruction Fuzzy Hash: FE91F373A187C596EB30CB25950837AB691FB55B90F644235EA9D87BDEEF3CE4008B10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC54E8 Relevance: 1.5, Strings: 1, Instructions: 213COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 54%
                                                			E00007FF67FF600AC54E8(long long __rbx, unsigned int __rcx, long long __rsi, long long __rbp, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed long long _v48;
				void* _v52;
				signed int _v56;
				void* _v72;
				void* __rdi;
				void* _t71;
				signed char _t73;
				void* _t80;
				void* _t87;
				signed char _t89;
				signed char _t90;
				void* _t94;
				short _t95;
				void* _t96;
				void* _t97;
				signed long long _t137;
				signed long long _t139;
				long long _t155;
				unsigned int _t157;
				signed long long _t178;
				void* _t190;
				signed long long _t191;
				void* _t193;
				void* _t199;
				signed long long _t202;

				_t185 = __rbp;
				_t157 = __rcx;
				_t155 = __rbx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t191 = _t190 - 0x40;
				_t137 =  *0xb2fde8; // 0xc4f55cf73642
				_v48 = _t137 ^ _t191;
				_t139 =  *(__rcx + 0x42) & 0x0000ffff;
				asm("outsb");
				asm("loopne 0x46");
				_t97 = _t71 - 0x64;
				if (_t97 > 0) goto 0xac5591;
				if (_t97 == 0) goto 0xac560f;
				if (_t71 == 0x41) goto 0xac5622;
				if (_t71 == 0x43) goto 0xac557b;
				if (_t71 - 0x44 <= 0) goto 0xac562b;
				if (_t71 - 0x47 <= 0) goto 0xac5622;
				if (_t71 == 0x53) goto 0xac55cb;
				if (_t71 == _t96) goto 0xac55e0;
				if (_t71 == 0x5a) goto 0xac5587;
				if (_t71 == 0x61) goto 0xac5622;
				if (_t71 != 0x63) goto 0xac562b;
				E00007FF67FF600AC846C(__rbx, __rcx, 0x78);
				goto 0xac5627;
				_t73 = E00007FF67FF600AC6464(_t89, _t155, __rcx, 0x78);
				goto 0xac5627;
				if (_t73 - 0x67 <= 0) goto 0xac5622;
				if (_t73 == 0x69) goto 0xac560f;
				if (_t73 == 0x6e) goto 0xac5608;
				if (_t73 == 0x6f) goto 0xac55ea;
				if (_t73 == 0x70) goto 0xac55d2;
				if (_t73 == 0x73) goto 0xac55cb;
				if (_t73 == 0x75) goto 0xac5613;
				if (_t73 != _t95) goto 0xac562b;
				 *_t139 =  *_t139 + _t73;
				goto 0xac5627;
				 *((long long*)(_t157 + 0x38)) = 0x10;
				 *((long long*)(_t157 + 0x3c)) = 0xb;
				r8b = r15b;
				 *(_t155 + 0x5e8c1c1) =  *(_t155 + 0x5e8c1c1) ^ _t89;
				if ((r15b & _t73) == 0) goto 0xac55fe;
				asm("bts ecx, 0x7");
				 *(_t155 + 0x30) = _t157;
				asm("adc al, ch");
				asm("sbb [ebx-0x45efcfb7], al");
				 *_t139 =  *_t139 + (_t73 |  *_t139);
				r8d = 0;
				E00007FF67FF600AC9638(_t87 + bpl, _t90, _t94, _t95, r15b & _t73, _t139, _t155, _t157 -  *_t157, __rbp, _t193, _t199);
				goto 0xac5627;
				if (E00007FF67FF600AC7814(_t90, _t95, _t155, _t157 -  *_t157, 0x8dd98b4800000001, 0x78, _t185) != 0) goto 0xac5632;
				goto 0xac579d;
				if ( *((long long*)(_t155 + 0x47c)) != 2) goto 0xac5648;
				if ( *((intOrPtr*)(_t155 + 0x478)) == r15d) goto 0xac579a;
				if ( *((char*)(_t155 + 0x40)) != 0) goto 0xac579a;
				 *((long long*)(_t191 + 0x30)) = 0;
				 *((short*)(_t191 + 0x34)) = 0;
				r13d = 0x20;
				if ((r15b & 0) == 0) goto 0xac56a2;
				if ((r15b & 0) == 0) goto 0xac5684;
				 *((short*)(_t191 + 0x30)) = 0;
				goto 0xac569f;
				if ((r15b & _t90) == 0) goto 0xac5690;
				if ((r15b & 0) == 0) goto 0xac56a2;
				 *((intOrPtr*)(_t191 + 0x30)) = r13w;
				_t178 = _t202;
				r9d = 0xffdf;
				if ((r9w & 0 - _t96) != 0) goto 0xac56c7;
				if ((r15b & 0) == 0) goto 0xac56c7;
				r8b = r15b;
				goto 0xac56ca;
				r8b = 0;
				r12d = 0x30;
				if (r8b != 0) goto 0xac56e3;
				if (0 == 0) goto 0xac5700;
				 *((intOrPtr*)(_t191 + 0x30 + _t178 * 2)) = r12w;
				if (_t89 == _t96) goto 0xac56f4;
				if (_t89 != 0x41) goto 0xac56f7;
				 *((short*)(_t191 + 0x32 + _t178 * 2)) = _t95;
				_t183 = _t155 + 0x468;
				if ((_t90 & 0x0000000c) != 0) goto 0xac5729;
				r8d = _t96;
				_t80 = E00007FF67FF600ABC8A4(r13b, _t155, _t155 + 0x468, _t178 + 2, _t155 + 0x28, __r10, _t191);
				r8d = _t94;
				 *((long long*)(_t191 + 0x20)) = _t155 + 0x10;
				E00007FF67FF600ACD400(_t80, _t95, _t155, _t155 + 0x468, _t155 + 0x468,  *((intOrPtr*)(_t155 + 0x34)) -  *((intOrPtr*)(_t155 + 0x50)) - _t178 + 2, _t155 + 0x28);
				if ((r15b & 0) == 0) goto 0xac576b;
				if ((r15b & _t89) != 0) goto 0xac576b;
				r8d = _t96;
				E00007FF67FF600ABC8A4(r12b, _t155, _t155 + 0x468, _t178 + 2, _t155 + 0x28, __r10);
				E00007FF67FF600ACD144(_t155, _t155, _t183,  *((intOrPtr*)(_t155 + 0x34)) -  *((intOrPtr*)(_t155 + 0x50)) - _t178 + 2);
				if ( *((intOrPtr*)(_t155 + 0x28)) < 0) goto 0xac579a;
				r10d =  *(_t155 + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0xac579a;
				r8d = _t96;
				E00007FF67FF600ABC8A4(r13b, _t155, _t183, _t178 + 2, _t155 + 0x28, __r10);
				return E00007FF67FF600AA5980(r15b, _t89, _v56 ^ _t191);
			}





























                                                0x7ff600ac54e8
                                                0x7ff600ac54e8
                                                0x7ff600ac54e8
                                                0x7ff600ac54e8
                                                0x7ff600ac54ed
                                                0x7ff600ac54f2
                                                0x7ff600ac5500
                                                0x7ff600ac5504
                                                0x7ff600ac550e
                                                0x7ff600ac5513
                                                0x7ff600ac5520
                                                0x7ff600ac5521
                                                0x7ff600ac5526
                                                0x7ff600ac552a
                                                0x7ff600ac552c
                                                0x7ff600ac5536
                                                0x7ff600ac5540
                                                0x7ff600ac5546
                                                0x7ff600ac5550
                                                0x7ff600ac555a
                                                0x7ff600ac555f
                                                0x7ff600ac5565
                                                0x7ff600ac556b
                                                0x7ff600ac5575
                                                0x7ff600ac557d
                                                0x7ff600ac5582
                                                0x7ff600ac5587
                                                0x7ff600ac558c
                                                0x7ff600ac5595
                                                0x7ff600ac559f
                                                0x7ff600ac55a5
                                                0x7ff600ac55ab
                                                0x7ff600ac55b1
                                                0x7ff600ac55b7
                                                0x7ff600ac55bd
                                                0x7ff600ac55c2
                                                0x7ff600ac55ce
                                                0x7ff600ac55d0
                                                0x7ff600ac55d2
                                                0x7ff600ac55d9
                                                0x7ff600ac55e0
                                                0x7ff600ac55ec
                                                0x7ff600ac55f5
                                                0x7ff600ac55f7
                                                0x7ff600ac55fb
                                                0x7ff600ac5607
                                                0x7ff600ac560e
                                                0x7ff600ac5616
                                                0x7ff600ac5618
                                                0x7ff600ac561b
                                                0x7ff600ac5620
                                                0x7ff600ac5629
                                                0x7ff600ac562d
                                                0x7ff600ac5639
                                                0x7ff600ac5642
                                                0x7ff600ac564c
                                                0x7ff600ac5657
                                                0x7ff600ac565d
                                                0x7ff600ac5667
                                                0x7ff600ac566e
                                                0x7ff600ac5678
                                                0x7ff600ac567d
                                                0x7ff600ac5682
                                                0x7ff600ac5687
                                                0x7ff600ac5697
                                                0x7ff600ac5699
                                                0x7ff600ac569f
                                                0x7ff600ac56a6
                                                0x7ff600ac56b6
                                                0x7ff600ac56c0
                                                0x7ff600ac56c2
                                                0x7ff600ac56c5
                                                0x7ff600ac56c7
                                                0x7ff600ac56cd
                                                0x7ff600ac56dd
                                                0x7ff600ac56e1
                                                0x7ff600ac56e3
                                                0x7ff600ac56ec
                                                0x7ff600ac56f2
                                                0x7ff600ac56f7
                                                0x7ff600ac570a
                                                0x7ff600ac5716
                                                0x7ff600ac571b
                                                0x7ff600ac5724
                                                0x7ff600ac5730
                                                0x7ff600ac5733
                                                0x7ff600ac5740
                                                0x7ff600ac5750
                                                0x7ff600ac5758
                                                0x7ff600ac575d
                                                0x7ff600ac5766
                                                0x7ff600ac5770
                                                0x7ff600ac577d
                                                0x7ff600ac577f
                                                0x7ff600ac5783
                                                0x7ff600ac578a
                                                0x7ff600ac578c
                                                0x7ff600ac5795
                                                0x7ff600ac57c7

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: f7f44b0d5ff8a70d9c14970bc79f4078557a4ba02e712eee94d46be3ffc146a7
                                                • Instruction ID: bcdcdbbbc7282aa95a79c6d64eb2763408623f305385e0d06644aaa5cb874f00
                                                • Opcode Fuzzy Hash: f7f44b0d5ff8a70d9c14970bc79f4078557a4ba02e712eee94d46be3ffc146a7
                                                • Instruction Fuzzy Hash: 6481F627E18A03A6EB689A394100DB96291EF40744FE95935FD4D8779FCF2DF8C38A04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC3CFC Relevance: 1.5, Strings: 1, Instructions: 210COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 49%
                                                			E00007FF67FF600AC3CFC(long long __rbx, signed int __rcx, void* __rdx, long long __rsi, long long __rbp, signed char _a8, signed char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t77;
				signed char _t79;
				signed char _t81;
				signed char _t93;
				signed char _t94;
				signed char _t95;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t141;
				signed long long _t159;
				void* _t183;
				void* _t184;
				long long* _t186;
				void* _t193;
				void* _t194;
				void* _t201;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t194 = _t193 - 0x30;
				_t77 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t101 = _t77 - 0x64;
				if (_t101 > 0) goto 0xac3d83;
				if (_t101 == 0) goto 0xac3def;
				if (_t77 == r14b) goto 0xac3e02;
				if (_t77 == 0x43) goto 0xac3d6d;
				if (_t77 - 0x44 <= 0) goto 0xac3e0b;
				if (_t77 - 0x47 <= 0) goto 0xac3e02;
				if (_t77 == 0x53) goto 0xac3dab;
				if (_t77 == bpl) goto 0xac3dc0;
				if (_t77 == 0x5a) goto 0xac3d79;
				if (_t77 == 0x61) goto 0xac3e02;
				if (_t77 != 0x63) goto 0xac3e0b;
				E00007FF67FF600AC7D38(_t77 - 0x63, __rcx, __rcx);
				goto 0xac3e07;
				_t79 = E00007FF67FF600AC5FBC(__rcx);
				goto 0xac3e07;
				if (_t79 - 0x67 <= 0) goto 0xac3e02;
				if (_t79 == 0x69) goto 0xac3def;
				if (_t79 == 0x6e) goto 0xac3de8;
				if (_t79 == 0x6f) goto 0xac3dca;
				if (_t79 == 0x70) goto 0xac3db2;
				if (_t79 == 0x73) goto 0xac3dab;
				if (_t79 == 0x75) goto 0xac3df3;
				if (_t79 != sil) goto 0xac3e0b;
				 *[gs:rax] =  *[gs:rax] + _t79;
				goto 0xac3e07;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(__rcx + 0x5e8c1c1) =  *(__rcx + 0x5e8c1c1) ^ _t93;
				if ((r15b & _t79) == 0) goto 0xac3dde;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = __rcx;
				asm("adc al, ch");
				_t159 = __rcx |  *(_t141 + _t141);
				goto 0xac3e07;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				 *0xa =  *0xa & _t93;
				 *((intOrPtr*)(_t141 + 0x292de8 + _t142 * 8 - 0x3fcdf88b)) =  *((intOrPtr*)(_t141 + 0x292de8 + (_t141 + 0x292de8) * 8 - 0x3fcdf88b)) + _t79;
				goto 0xac3f7d;
				if ( *((long long*)(_t159 + 0x47c)) != 2) goto 0xac3e28;
				if ( *((intOrPtr*)(_t159 + 0x478)) == r15d) goto 0xac3f7a;
				if ( *((char*)(_t159 + 0x40)) != 0) goto 0xac3f7a;
				_a8 = _t79;
				_a10 = _t79;
				if ((r15b & _t79) == 0) goto 0xac3e7a;
				if ((r15b & _t79) == 0) goto 0xac3e5d;
				_a8 = 0x2d;
				goto 0xac3e77;
				if ((r15b & _t95) == 0) goto 0xac3e69;
				_a8 = 0x2b;
				goto 0xac3e77;
				if ((r15b & _t79) == 0) goto 0xac3e7a;
				_a8 = 0x20;
				_t183 = _t201;
				_t94 =  *((intOrPtr*)(_t159 + 0x41));
				_t81 = _t94 - bpl;
				if ((_t81 & 0x000000df) != 0) goto 0xac3e95;
				if ((r15b & _t81) == 0) goto 0xac3e95;
				r8b = r15b;
				goto 0xac3e98;
				r8b = 0;
				_t83 = _t94 - r14b;
				if (r8b != 0) goto 0xac3eab;
				if ((_t94 - r14b & 0xffffff00 | (_t83 & 0x000000df) == 0x00000000) == 0) goto 0xac3ec6;
				 *((char*)(_t194 + _t183 + 0x50)) = 0x30;
				if (_t94 == bpl) goto 0xac3eba;
				if (_t94 != r14b) goto 0xac3ebd;
				sil = bpl;
				 *((intOrPtr*)(_t194 + _t183 + 0x51)) = sil;
				_t184 = _t183 + 2;
				_t191 =  *((intOrPtr*)(_t159 + 0x34)) -  *((intOrPtr*)(_t159 + 0x50)) - _t184;
				if ((_t95 & 0x0000000c) != 0) goto 0xac3ee8;
				r8d = _t100;
				E00007FF67FF600ABC70C(0x20, _t159, _t159 + 0x468, _t184, __rsi,  *((intOrPtr*)(_t159 + 0x34)) -  *((intOrPtr*)(_t159 + 0x50)) - _t184, _t159 + 0x28);
				_t200 = _t159 + 0x468;
				_t186 = _t159 + 0x28;
				if ((r15b & _t94) == 0) goto 0xac3f0f;
				if ( *((long long*)( *((intOrPtr*)(_t159 + 0x468)) + 8)) != 0) goto 0xac3f0f;
				 *_t186 =  *_t186 + _t184;
				goto 0xac3f2b;
				r8d = _t99;
				_v40 = _t159 + 0x10;
				if ((r15b & E00007FF67FF600ACD4A8(_t159, _t200,  &_a8, _t184, _t186,  *((intOrPtr*)(_t159 + 0x34)) -  *((intOrPtr*)(_t159 + 0x50)) - _t184, _t186)) == 0) goto 0xac3f50;
				if ((r15b & _t94) != 0) goto 0xac3f50;
				r8d = _t100;
				E00007FF67FF600ABC70C(0x30, _t159, _t200, _t184, _t186,  *((intOrPtr*)(_t159 + 0x34)) -  *((intOrPtr*)(_t159 + 0x50)) - _t184, _t186);
				E00007FF67FF600ACC874(_t159, _t159, _t186);
				if ( *_t186 < 0) goto 0xac3f7a;
				if ((r15b & _t94) == 0) goto 0xac3f7a;
				r8d = _t100;
				E00007FF67FF600ABC70C(0x20, _t159, _t200, _t184, _t186, _t191, _t186);
				return r15b;
			}






















                                                0x7ff600ac3cfc
                                                0x7ff600ac3d01
                                                0x7ff600ac3d06
                                                0x7ff600ac3d10
                                                0x7ff600ac3d14
                                                0x7ff600ac3d1a
                                                0x7ff600ac3d20
                                                0x7ff600ac3d23
                                                0x7ff600ac3d26
                                                0x7ff600ac3d29
                                                0x7ff600ac3d2b
                                                0x7ff600ac3d2d
                                                0x7ff600ac3d36
                                                0x7ff600ac3d3e
                                                0x7ff600ac3d42
                                                0x7ff600ac3d4a
                                                0x7ff600ac3d52
                                                0x7ff600ac3d57
                                                0x7ff600ac3d5b
                                                0x7ff600ac3d5f
                                                0x7ff600ac3d67
                                                0x7ff600ac3d6f
                                                0x7ff600ac3d74
                                                0x7ff600ac3d79
                                                0x7ff600ac3d7e
                                                0x7ff600ac3d85
                                                0x7ff600ac3d89
                                                0x7ff600ac3d8d
                                                0x7ff600ac3d91
                                                0x7ff600ac3d95
                                                0x7ff600ac3d99
                                                0x7ff600ac3d9d
                                                0x7ff600ac3da2
                                                0x7ff600ac3dad
                                                0x7ff600ac3db0
                                                0x7ff600ac3db2
                                                0x7ff600ac3db9
                                                0x7ff600ac3dc0
                                                0x7ff600ac3dcc
                                                0x7ff600ac3dd5
                                                0x7ff600ac3dd7
                                                0x7ff600ac3ddb
                                                0x7ff600ac3de7
                                                0x7ff600ac3de9
                                                0x7ff600ac3ded
                                                0x7ff600ac3def
                                                0x7ff600ac3dfc
                                                0x7ff600ac3e06
                                                0x7ff600ac3e0d
                                                0x7ff600ac3e19
                                                0x7ff600ac3e22
                                                0x7ff600ac3e2c
                                                0x7ff600ac3e37
                                                0x7ff600ac3e3e
                                                0x7ff600ac3e4a
                                                0x7ff600ac3e54
                                                0x7ff600ac3e56
                                                0x7ff600ac3e5b
                                                0x7ff600ac3e60
                                                0x7ff600ac3e62
                                                0x7ff600ac3e67
                                                0x7ff600ac3e70
                                                0x7ff600ac3e72
                                                0x7ff600ac3e77
                                                0x7ff600ac3e7a
                                                0x7ff600ac3e7f
                                                0x7ff600ac3e84
                                                0x7ff600ac3e8e
                                                0x7ff600ac3e90
                                                0x7ff600ac3e93
                                                0x7ff600ac3e95
                                                0x7ff600ac3e9a
                                                0x7ff600ac3ea5
                                                0x7ff600ac3ea9
                                                0x7ff600ac3eab
                                                0x7ff600ac3eb3
                                                0x7ff600ac3eb8
                                                0x7ff600ac3eba
                                                0x7ff600ac3ebd
                                                0x7ff600ac3ec2
                                                0x7ff600ac3ecc
                                                0x7ff600ac3ed1
                                                0x7ff600ac3ed7
                                                0x7ff600ac3ee3
                                                0x7ff600ac3ee8
                                                0x7ff600ac3ef2
                                                0x7ff600ac3eff
                                                0x7ff600ac3f09
                                                0x7ff600ac3f0b
                                                0x7ff600ac3f0d
                                                0x7ff600ac3f16
                                                0x7ff600ac3f19
                                                0x7ff600ac3f36
                                                0x7ff600ac3f3e
                                                0x7ff600ac3f43
                                                0x7ff600ac3f4b
                                                0x7ff600ac3f55
                                                0x7ff600ac3f5d
                                                0x7ff600ac3f68
                                                0x7ff600ac3f6d
                                                0x7ff600ac3f75
                                                0x7ff600ac3f95

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 0d475f2e0507b7541c2e17fed9c837c23a5d073ef485c8d34e7cdf6241fdd3fe
                                                • Instruction ID: 8105d6848a647a1414430bb96bcbb67ba5148d6770691371ed14ddbf9d90e05d
                                                • Opcode Fuzzy Hash: 0d475f2e0507b7541c2e17fed9c837c23a5d073ef485c8d34e7cdf6241fdd3fe
                                                • Instruction Fuzzy Hash: 1F71C613A0C747A2FE658A299000BBA6BD19F41744F768D35DD4A8B3DFCF2DEA428741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC521C Relevance: 1.5, Strings: 1, Instructions: 209COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 51%
                                                			E00007FF67FF600AC521C(long long __rbx, unsigned int __rcx, long long __rsi, long long __rbp, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v48;
				short _v52;
				short _v56;
				long long _v72;
				void* __rdi;
				void* _t71;
				signed char _t73;
				void* _t78;
				signed char _t85;
				signed char _t86;
				void* _t90;
				short _t91;
				void* _t92;
				void* _t93;
				signed long long _t131;
				long long _t149;
				signed long long _t172;
				void* _t184;
				signed long long _t186;
				intOrPtr* _t188;
				signed long long _t196;

				_t149 = __rbx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t131 =  *0xb2fde8; // 0xc4f55cf73642
				_v48 = _t131 ^ _t184 - 0x00000040;
				asm("outsb");
				asm("loopne 0x46");
				_t93 = _t71 - 0x64;
				if (_t93 > 0) goto 0xac52c5;
				if (_t93 == 0) goto 0xac5343;
				if (_t71 == 0x41) goto 0xac5356;
				if (_t71 == 0x43) goto 0xac52af;
				if (_t71 - 0x44 <= 0) goto 0xac535f;
				if (_t71 - 0x47 <= 0) goto 0xac5356;
				if (_t71 == 0x53) goto 0xac52ff;
				if (_t71 == _t92) goto 0xac5314;
				if (_t71 == 0x5a) goto 0xac52bb;
				if (_t71 == 0x61) goto 0xac5356;
				if (_t71 != 0x63) goto 0xac535f;
				E00007FF67FF600AC83C4(_t71 - 0x63, __rbx, __rcx, 0x78);
				goto 0xac535b;
				_t73 = E00007FF67FF600AC63E8(_t85, _t149, __rcx, 0x78);
				goto 0xac535b;
				if (_t73 - 0x67 <= 0) goto 0xac5356;
				if (_t73 == 0x69) goto 0xac5343;
				if (_t73 == 0x6e) goto 0xac533c;
				if (_t73 == 0x6f) goto 0xac531e;
				if (_t73 == 0x70) goto 0xac5306;
				if (_t73 == 0x73) goto 0xac52ff;
				if (_t73 == 0x75) goto 0xac5347;
				if (_t73 != _t91) goto 0xac535f;
				_push(0x78);
				 *( *(__rcx + 0x42) & 0x0000ffff) =  *( *(__rcx + 0x42) & 0x0000ffff) + _t73;
				goto 0xac535b;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(_t149 + 0x5e8c1c1) =  *(_t149 + 0x5e8c1c1) ^ _t85;
				if ((r15b & _t73) == 0) goto 0xac5332;
				asm("bts ecx, 0x7");
				 *(_t149 + 0x30) = __rcx;
				asm("adc al, ch");
				asm("outsd");
				 *_t188 =  *_t188 + _t73;
				goto 0xac535b;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				_pop(_t186);
				 *_t188 =  *_t188 + _t73;
				goto 0xac535b;
				if (E00007FF67FF600AC7634(_t86, _t91, _t149, __rcx, 0x8dd98b4800000001, 0x78, __rbp, _t188) != 0) goto 0xac5366;
				goto 0xac54bb;
				if ( *((char*)(_t149 + 0x40)) != 0) goto 0xac54b8;
				_v56 = 0;
				_v52 = 0;
				r13d = 0x20;
				if ((r15b & 0) == 0) goto 0xac53c0;
				if ((r15b & 0) == 0) goto 0xac53a2;
				_v56 = 0;
				goto 0xac53bd;
				if ((r15b & _t86) == 0) goto 0xac53ae;
				if ((r15b & 0) == 0) goto 0xac53c0;
				_v56 = r13w;
				_t172 = _t196;
				r9d = 0xffdf;
				if ((r9w & 0 - _t92) != 0) goto 0xac53e5;
				if ((r15b & 0) == 0) goto 0xac53e5;
				r8b = r15b;
				goto 0xac53e8;
				r8b = 0;
				r12d = 0x30;
				if (r8b != 0) goto 0xac5401;
				if (0 == 0) goto 0xac541e;
				 *((intOrPtr*)(_t186 + 0x30 + _t172 * 2)) = r12w;
				if (_t85 == _t92) goto 0xac5412;
				if (_t85 != 0x41) goto 0xac5415;
				 *((short*)(_t186 + 0x32 + _t172 * 2)) = _t91;
				_t177 = _t149 + 0x468;
				if ((_t86 & 0x0000000c) != 0) goto 0xac5447;
				r8d = _t92;
				_t78 = E00007FF67FF600ABC8A4(r13b, _t149, _t149 + 0x468, _t172 + 2, _t149 + 0x28, __r10);
				r8d = _t90;
				_v72 = _t149 + 0x10;
				E00007FF67FF600ACD400(_t78, _t91, _t149, _t149 + 0x468, _t149 + 0x468,  *((intOrPtr*)(_t149 + 0x34)) -  *((intOrPtr*)(_t149 + 0x50)) - _t172 + 2, _t149 + 0x28);
				if ((r15b & 0) == 0) goto 0xac5489;
				if ((r15b & _t85) != 0) goto 0xac5489;
				r8d = _t92;
				E00007FF67FF600ABC8A4(r12b, _t149, _t149 + 0x468, _t172 + 2, _t149 + 0x28, __r10);
				E00007FF67FF600ACD05C(_t149, _t149, _t177,  *((intOrPtr*)(_t149 + 0x34)) -  *((intOrPtr*)(_t149 + 0x50)) - _t172 + 2);
				if ( *((intOrPtr*)(_t149 + 0x28)) < 0) goto 0xac54b8;
				r10d =  *(_t149 + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0xac54b8;
				r8d = _t92;
				E00007FF67FF600ABC8A4(r13b, _t149, _t177, _t172 + 2, _t149 + 0x28, __r10);
				return E00007FF67FF600AA5980(r15b, _t85, _v48 ^ _t186);
			}

























                                                0x7ff600ac521c
                                                0x7ff600ac521c
                                                0x7ff600ac5221
                                                0x7ff600ac5226
                                                0x7ff600ac5238
                                                0x7ff600ac5242
                                                0x7ff600ac5254
                                                0x7ff600ac5255
                                                0x7ff600ac525a
                                                0x7ff600ac525e
                                                0x7ff600ac5260
                                                0x7ff600ac526a
                                                0x7ff600ac5274
                                                0x7ff600ac527a
                                                0x7ff600ac5284
                                                0x7ff600ac528e
                                                0x7ff600ac5293
                                                0x7ff600ac5299
                                                0x7ff600ac529f
                                                0x7ff600ac52a9
                                                0x7ff600ac52b1
                                                0x7ff600ac52b6
                                                0x7ff600ac52bb
                                                0x7ff600ac52c0
                                                0x7ff600ac52c9
                                                0x7ff600ac52d3
                                                0x7ff600ac52d9
                                                0x7ff600ac52df
                                                0x7ff600ac52e5
                                                0x7ff600ac52eb
                                                0x7ff600ac52f1
                                                0x7ff600ac52f6
                                                0x7ff600ac5301
                                                0x7ff600ac5302
                                                0x7ff600ac5304
                                                0x7ff600ac5306
                                                0x7ff600ac530d
                                                0x7ff600ac5314
                                                0x7ff600ac5320
                                                0x7ff600ac5329
                                                0x7ff600ac532b
                                                0x7ff600ac532f
                                                0x7ff600ac533b
                                                0x7ff600ac533d
                                                0x7ff600ac533e
                                                0x7ff600ac5341
                                                0x7ff600ac5343
                                                0x7ff600ac5350
                                                0x7ff600ac5351
                                                0x7ff600ac5354
                                                0x7ff600ac535d
                                                0x7ff600ac5361
                                                0x7ff600ac536a
                                                0x7ff600ac5375
                                                0x7ff600ac537b
                                                0x7ff600ac5385
                                                0x7ff600ac538c
                                                0x7ff600ac5396
                                                0x7ff600ac539b
                                                0x7ff600ac53a0
                                                0x7ff600ac53a5
                                                0x7ff600ac53b5
                                                0x7ff600ac53b7
                                                0x7ff600ac53bd
                                                0x7ff600ac53c4
                                                0x7ff600ac53d4
                                                0x7ff600ac53de
                                                0x7ff600ac53e0
                                                0x7ff600ac53e3
                                                0x7ff600ac53e5
                                                0x7ff600ac53eb
                                                0x7ff600ac53fb
                                                0x7ff600ac53ff
                                                0x7ff600ac5401
                                                0x7ff600ac540a
                                                0x7ff600ac5410
                                                0x7ff600ac5415
                                                0x7ff600ac5428
                                                0x7ff600ac5434
                                                0x7ff600ac5439
                                                0x7ff600ac5442
                                                0x7ff600ac544e
                                                0x7ff600ac5451
                                                0x7ff600ac545e
                                                0x7ff600ac546e
                                                0x7ff600ac5476
                                                0x7ff600ac547b
                                                0x7ff600ac5484
                                                0x7ff600ac548e
                                                0x7ff600ac549b
                                                0x7ff600ac549d
                                                0x7ff600ac54a1
                                                0x7ff600ac54a8
                                                0x7ff600ac54aa
                                                0x7ff600ac54b3
                                                0x7ff600ac54e5

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: dbe08283739da5b3da2534f486bb6965a6dc9b844c1ad6ef4f5e9b1139d86c5d
                                                • Instruction ID: 23562cd77cdd654c6b0a7c1129d42fc9cc40eb5ac6e3f22e6eb3876182de87d3
                                                • Opcode Fuzzy Hash: dbe08283739da5b3da2534f486bb6965a6dc9b844c1ad6ef4f5e9b1139d86c5d
                                                • Instruction Fuzzy Hash: 7F71E913E18A82A2EB689A3540109BD2691EF40784FA55931FD4E8B79FCF6DF8C38605
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC57C8 Relevance: 1.5, Strings: 1, Instructions: 209COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 41%
                                                			E00007FF67FF600AC57C8(long long __rbx, unsigned int __rcx, long long __rsi, long long __rbp, void* __r10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed long long _v48;
				void* _v52;
				signed int _v56;
				void* _v72;
				void* __rdi;
				void* _t77;
				signed char _t79;
				signed short _t80;
				void* _t82;
				signed char _t89;
				signed char _t90;
				void* _t94;
				short _t95;
				void* _t96;
				void* _t97;
				signed long long _t134;
				signed long long _t136;
				long long _t153;
				signed long long _t176;
				void* _t188;
				signed long long _t189;
				signed long long _t198;

				_t153 = __rbx;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t189 = _t188 - 0x40;
				_t134 =  *0xb2fde8; // 0xc4f55cf73642
				_v48 = _t134 ^ _t189;
				_t136 =  *(__rcx + 0x42) & 0x0000ffff;
				asm("outsb");
				asm("loopne 0x46");
				_t97 = _t77 - 0x64;
				if (_t97 > 0) goto 0xac5871;
				if (_t97 == 0) goto 0xac58ef;
				if (_t77 == 0x41) goto 0xac5902;
				if (_t77 == 0x43) goto 0xac585b;
				if (_t77 - 0x44 <= 0) goto 0xac590b;
				if (_t77 - 0x47 <= 0) goto 0xac5902;
				if (_t77 == 0x53) goto 0xac58ab;
				if (_t77 == _t96) goto 0xac58c0;
				if (_t77 == 0x5a) goto 0xac5867;
				if (_t77 == 0x61) goto 0xac5902;
				if (_t77 != 0x63) goto 0xac590b;
				E00007FF67FF600AC8538(_t77 - 0x63, __rbx, __rcx, 0x78);
				goto 0xac5907;
				_t79 = E00007FF67FF600AC64FC(_t89, _t153, __rcx, 0x78);
				goto 0xac5907;
				if (_t79 - 0x67 <= 0) goto 0xac5902;
				if (_t79 == 0x69) goto 0xac58ef;
				if (_t79 == 0x6e) goto 0xac58e8;
				if (_t79 == 0x6f) goto 0xac58ca;
				if (_t79 == 0x70) goto 0xac58b2;
				if (_t79 == 0x73) goto 0xac58ab;
				if (_t79 == 0x75) goto 0xac58f3;
				if (_t79 != _t95) goto 0xac590b;
				 *_t136 =  *_t136 + _t79;
				goto 0xac5907;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(_t153 + 0x5e8c1c1) =  *(_t153 + 0x5e8c1c1) ^ _t89;
				if ((r15b & _t79) == 0) goto 0xac58de;
				asm("bts ecx, 0x7");
				 *(_t153 + 0x30) = __rcx;
				asm("adc al, ch");
				asm("sti");
				 *_t136 =  *_t136 + r8b;
				goto 0xac5907;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				0xebac593f();
				 *((intOrPtr*)(_t136 + 0x2129e8 + (_t136 + 0x2129e8) * 8 - 0x3fcdf88b)) =  *((intOrPtr*)(_t136 + 0x2129e8 + (_t136 + 0x2129e8) * 8 - 0x3fcdf88b)) + _t79;
				goto 0xac5a67;
				if ( *((char*)(_t153 + 0x40)) != 0) goto 0xac5a64;
				 *(_t189 + 0x30) = 0;
				 *(_t189 + 0x34) = _t79;
				r13d = 0x20;
				if ((r15b & _t79) == 0) goto 0xac596c;
				if ((r15b & _t79) == 0) goto 0xac594e;
				 *(_t189 + 0x30) = _t79;
				goto 0xac5969;
				if ((r15b & _t90) == 0) goto 0xac595a;
				if ((r15b & _t79) == 0) goto 0xac596c;
				 *(_t189 + 0x30) = r13w;
				_t176 = _t198;
				r9d = 0xffdf;
				_t80 = _t79 - _t96;
				if ((r9w & _t80) != 0) goto 0xac5991;
				if ((r15b & _t80) == 0) goto 0xac5991;
				r8b = r15b;
				goto 0xac5994;
				r8b = 0;
				r12d = 0x30;
				if (r8b != 0) goto 0xac59ad;
				if ((_t80 & 0xffffff00 | (r9w & _t80) == 0x00000000) == 0) goto 0xac59ca;
				 *((intOrPtr*)(_t189 + 0x30 + _t176 * 2)) = r12w;
				if (_t89 == _t96) goto 0xac59be;
				if (_t89 != 0x41) goto 0xac59c1;
				 *((short*)(_t189 + 0x32 + _t176 * 2)) = _t95;
				_t181 = _t153 + 0x468;
				if ((_t90 & 0x0000000c) != 0) goto 0xac59f3;
				r8d = _t96;
				_t82 = E00007FF67FF600ABC8A4(r13b, _t153, _t153 + 0x468, _t176 + 2, _t153 + 0x28, __r10, 0x10);
				r8d = _t94;
				 *((long long*)(_t189 + 0x20)) = _t153 + 0x10;
				if ((r15b & E00007FF67FF600ACD400(_t82, _t95, _t153, _t153 + 0x468, _t153 + 0x468,  *((intOrPtr*)(_t153 + 0x34)) -  *((intOrPtr*)(_t153 + 0x50)) - _t176 + 2, _t153 + 0x28)) == 0) goto 0xac5a35;
				if ((r15b & _t89) != 0) goto 0xac5a35;
				r8d = _t96;
				E00007FF67FF600ABC8A4(r12b, _t153, _t153 + 0x468, _t176 + 2, _t153 + 0x28, __r10);
				E00007FF67FF600ACD22C(_t153, _t153, _t153 + 0x468,  *((intOrPtr*)(_t153 + 0x34)) -  *((intOrPtr*)(_t153 + 0x50)) - _t176 + 2);
				if ( *((intOrPtr*)(_t153 + 0x28)) < 0) goto 0xac5a64;
				r10d =  *(_t153 + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0xac5a64;
				r8d = _t96;
				E00007FF67FF600ABC8A4(r13b, _t153, _t181, _t176 + 2, _t153 + 0x28, __r10);
				return E00007FF67FF600AA5980(r15b, _t89, _v56 ^ _t189);
			}


























                                                0x7ff600ac57c8
                                                0x7ff600ac57c8
                                                0x7ff600ac57cd
                                                0x7ff600ac57d2
                                                0x7ff600ac57e0
                                                0x7ff600ac57e4
                                                0x7ff600ac57ee
                                                0x7ff600ac57f3
                                                0x7ff600ac5800
                                                0x7ff600ac5801
                                                0x7ff600ac5806
                                                0x7ff600ac580a
                                                0x7ff600ac580c
                                                0x7ff600ac5816
                                                0x7ff600ac5820
                                                0x7ff600ac5826
                                                0x7ff600ac5830
                                                0x7ff600ac583a
                                                0x7ff600ac583f
                                                0x7ff600ac5845
                                                0x7ff600ac584b
                                                0x7ff600ac5855
                                                0x7ff600ac585d
                                                0x7ff600ac5862
                                                0x7ff600ac5867
                                                0x7ff600ac586c
                                                0x7ff600ac5875
                                                0x7ff600ac587f
                                                0x7ff600ac5885
                                                0x7ff600ac588b
                                                0x7ff600ac5891
                                                0x7ff600ac5897
                                                0x7ff600ac589d
                                                0x7ff600ac58a2
                                                0x7ff600ac58ae
                                                0x7ff600ac58b0
                                                0x7ff600ac58b2
                                                0x7ff600ac58b9
                                                0x7ff600ac58c0
                                                0x7ff600ac58cc
                                                0x7ff600ac58d5
                                                0x7ff600ac58d7
                                                0x7ff600ac58db
                                                0x7ff600ac58e7
                                                0x7ff600ac58e9
                                                0x7ff600ac58ea
                                                0x7ff600ac58ed
                                                0x7ff600ac58ef
                                                0x7ff600ac58fc
                                                0x7ff600ac5906
                                                0x7ff600ac590d
                                                0x7ff600ac5916
                                                0x7ff600ac5921
                                                0x7ff600ac5927
                                                0x7ff600ac5931
                                                0x7ff600ac5938
                                                0x7ff600ac5942
                                                0x7ff600ac5947
                                                0x7ff600ac594c
                                                0x7ff600ac5951
                                                0x7ff600ac5961
                                                0x7ff600ac5963
                                                0x7ff600ac5969
                                                0x7ff600ac5970
                                                0x7ff600ac5979
                                                0x7ff600ac5980
                                                0x7ff600ac598a
                                                0x7ff600ac598c
                                                0x7ff600ac598f
                                                0x7ff600ac5991
                                                0x7ff600ac5997
                                                0x7ff600ac59a7
                                                0x7ff600ac59ab
                                                0x7ff600ac59ad
                                                0x7ff600ac59b6
                                                0x7ff600ac59bc
                                                0x7ff600ac59c1
                                                0x7ff600ac59d4
                                                0x7ff600ac59e0
                                                0x7ff600ac59e5
                                                0x7ff600ac59ee
                                                0x7ff600ac59fa
                                                0x7ff600ac59fd
                                                0x7ff600ac5a1a
                                                0x7ff600ac5a22
                                                0x7ff600ac5a27
                                                0x7ff600ac5a30
                                                0x7ff600ac5a3a
                                                0x7ff600ac5a47
                                                0x7ff600ac5a49
                                                0x7ff600ac5a4d
                                                0x7ff600ac5a54
                                                0x7ff600ac5a56
                                                0x7ff600ac5a5f
                                                0x7ff600ac5a91

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: d3f864f90030e0ae93c84f72cf8c656ba1196082aab46e7275dc2189bfca7ce7
                                                • Instruction ID: 2201d8cd81be2ccca966d54c92cd4f214ac13deea33fc6ccf86f40ce6c4eaed2
                                                • Opcode Fuzzy Hash: d3f864f90030e0ae93c84f72cf8c656ba1196082aab46e7275dc2189bfca7ce7
                                                • Instruction Fuzzy Hash: DB71E517E18A06A2EB689A398040AB92390EF44B54FA55931FD4D8779FCF3DF8C39705
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC3A78 Relevance: 1.5, Strings: 1, Instructions: 206COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 52%
                                                			E00007FF67FF600AC3A78(long long __rbx, signed long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* _a8, void* _a10, char _a16, long long _a24, long long _a32) {
				void* _v40;
				void* __rdi;
				intOrPtr _t68;
				signed char _t70;
				signed char _t75;
				signed char _t85;
				signed char _t86;
				signed char _t87;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				intOrPtr* _t133;
				void* _t173;
				void* _t174;
				void* _t176;
				long long* _t177;
				void* _t184;
				void* _t185;
				void* _t187;
				void* _t193;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t185 = _t184 - 0x30;
				_t68 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t94 = _t68 - 0x64;
				if (_t94 > 0) goto 0xac3aff;
				if (_t94 == 0) goto 0xac3b6b;
				if (_t68 == r14b) goto 0xac3b7e;
				if (_t68 == 0x43) goto 0xac3ae9;
				if (_t68 - 0x44 <= 0) goto 0xac3b87;
				if (_t68 - 0x47 <= 0) goto 0xac3b7e;
				if (_t68 == 0x53) goto 0xac3b27;
				if (_t68 == bpl) goto 0xac3b3c;
				if (_t68 == 0x5a) goto 0xac3af5;
				if (_t68 == 0x61) goto 0xac3b7e;
				if (_t68 != 0x63) goto 0xac3b87;
				E00007FF67FF600AC7C70(_t68 - 0x63, __rcx);
				goto 0xac3b83;
				_t70 = E00007FF67FF600AC5F48(__rcx);
				goto 0xac3b83;
				if (_t70 - 0x67 <= 0) goto 0xac3b7e;
				if (_t70 == 0x69) goto 0xac3b6b;
				if (_t70 == 0x6e) goto 0xac3b64;
				if (_t70 == 0x6f) goto 0xac3b46;
				if (_t70 == 0x70) goto 0xac3b2e;
				if (_t70 == 0x73) goto 0xac3b27;
				if (_t70 == 0x75) goto 0xac3b6f;
				if (_t70 != sil) goto 0xac3b87;
				 *_t70 =  *_t70 + _t70;
				goto 0xac3b83;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(__rcx + 0x5e8c1c1) =  *(__rcx + 0x5e8c1c1) ^ _t85;
				if ((r15b & _t70) == 0) goto 0xac3b5a;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = __rcx;
				asm("adc al, ch");
				asm("pop es");
				_pop(_t176);
				 *_t133 =  *_t133 + _t70;
				goto 0xac3b83;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				 *_t133 =  *_t133 + (_t70 & 0x0000004b);
				goto 0xac3b83;
				if (E00007FF67FF600AC6578(_t87, _t92, __rcx, __rcx, _t176, __rbp, _t187) != 0) goto 0xac3b8e;
				goto 0xac3ce3;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0xac3ce0;
				_a16 = 0;
				 *((char*)(_t185 + 0x52)) = 0;
				if ((r15b & 0) == 0) goto 0xac3be0;
				if ((r15b & 0) == 0) goto 0xac3bc3;
				_a16 = 0x2d;
				goto 0xac3bdd;
				if ((r15b & _t87) == 0) goto 0xac3bcf;
				_a16 = 0x2b;
				goto 0xac3bdd;
				if ((r15b & 0) == 0) goto 0xac3be0;
				_a16 = 0x20;
				_t173 = _t193;
				_t86 =  *((intOrPtr*)(__rcx + 0x41));
				_t75 = _t86 - bpl;
				if ((_t75 & 0x000000df) != 0) goto 0xac3bfb;
				if ((r15b & _t75) == 0) goto 0xac3bfb;
				r8b = r15b;
				goto 0xac3bfe;
				r8b = 0;
				_t77 = _t86 - r14b;
				if (r8b != 0) goto 0xac3c11;
				if ((_t86 - r14b & 0xffffff00 | (_t77 & 0x000000df) == 0x00000000) == 0) goto 0xac3c2c;
				 *((char*)(_t185 + _t173 + 0x50)) = 0x30;
				if (_t86 == bpl) goto 0xac3c20;
				if (_t86 != r14b) goto 0xac3c23;
				sil = bpl;
				 *((intOrPtr*)(_t185 + _t173 + 0x51)) = sil;
				_t174 = _t173 + 2;
				_t182 =  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t174;
				if ((_t87 & 0x0000000c) != 0) goto 0xac3c4e;
				r8d = _t93;
				E00007FF67FF600ABC70C(0x20, __rcx, __rcx + 0x468, _t174, _t176,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t174, __rcx + 0x28);
				_t192 = __rcx + 0x468;
				_t177 = __rcx + 0x28;
				if ((r15b & _t86) == 0) goto 0xac3c75;
				if ( *((long long*)( *((intOrPtr*)(__rcx + 0x468)) + 8)) != 0) goto 0xac3c75;
				 *_t177 =  *_t177 + _t174;
				goto 0xac3c91;
				r8d = _t91;
				 *((long long*)(_t185 + 0x20)) = __rcx + 0x10;
				if ((r15b & E00007FF67FF600ACD4A8(__rcx, _t192,  &_a16, _t174, _t177,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t174, _t177)) == 0) goto 0xac3cb6;
				if ((r15b & _t86) != 0) goto 0xac3cb6;
				r8d = _t93;
				E00007FF67FF600ABC70C(0x30, __rcx, _t192, _t174, _t177,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t174, _t177);
				E00007FF67FF600ACC750(__rcx, __rcx, _t177);
				if ( *_t177 < 0) goto 0xac3ce0;
				if ((r15b & _t86) == 0) goto 0xac3ce0;
				r8d = _t93;
				E00007FF67FF600ABC70C(0x20, __rcx, _t192, _t174, _t177, _t182, _t177);
				return r15b;
			}
























                                                0x7ff600ac3a78
                                                0x7ff600ac3a7d
                                                0x7ff600ac3a82
                                                0x7ff600ac3a8c
                                                0x7ff600ac3a90
                                                0x7ff600ac3a96
                                                0x7ff600ac3a9c
                                                0x7ff600ac3a9f
                                                0x7ff600ac3aa2
                                                0x7ff600ac3aa5
                                                0x7ff600ac3aa7
                                                0x7ff600ac3aa9
                                                0x7ff600ac3ab2
                                                0x7ff600ac3aba
                                                0x7ff600ac3abe
                                                0x7ff600ac3ac6
                                                0x7ff600ac3ace
                                                0x7ff600ac3ad3
                                                0x7ff600ac3ad7
                                                0x7ff600ac3adb
                                                0x7ff600ac3ae3
                                                0x7ff600ac3aeb
                                                0x7ff600ac3af0
                                                0x7ff600ac3af5
                                                0x7ff600ac3afa
                                                0x7ff600ac3b01
                                                0x7ff600ac3b05
                                                0x7ff600ac3b09
                                                0x7ff600ac3b0d
                                                0x7ff600ac3b11
                                                0x7ff600ac3b15
                                                0x7ff600ac3b19
                                                0x7ff600ac3b1e
                                                0x7ff600ac3b29
                                                0x7ff600ac3b2c
                                                0x7ff600ac3b2e
                                                0x7ff600ac3b35
                                                0x7ff600ac3b3c
                                                0x7ff600ac3b48
                                                0x7ff600ac3b51
                                                0x7ff600ac3b53
                                                0x7ff600ac3b57
                                                0x7ff600ac3b63
                                                0x7ff600ac3b65
                                                0x7ff600ac3b66
                                                0x7ff600ac3b67
                                                0x7ff600ac3b69
                                                0x7ff600ac3b6b
                                                0x7ff600ac3b7a
                                                0x7ff600ac3b7c
                                                0x7ff600ac3b85
                                                0x7ff600ac3b89
                                                0x7ff600ac3b92
                                                0x7ff600ac3b9d
                                                0x7ff600ac3ba4
                                                0x7ff600ac3bb0
                                                0x7ff600ac3bba
                                                0x7ff600ac3bbc
                                                0x7ff600ac3bc1
                                                0x7ff600ac3bc6
                                                0x7ff600ac3bc8
                                                0x7ff600ac3bcd
                                                0x7ff600ac3bd6
                                                0x7ff600ac3bd8
                                                0x7ff600ac3bdd
                                                0x7ff600ac3be0
                                                0x7ff600ac3be5
                                                0x7ff600ac3bea
                                                0x7ff600ac3bf4
                                                0x7ff600ac3bf6
                                                0x7ff600ac3bf9
                                                0x7ff600ac3bfb
                                                0x7ff600ac3c00
                                                0x7ff600ac3c0b
                                                0x7ff600ac3c0f
                                                0x7ff600ac3c11
                                                0x7ff600ac3c19
                                                0x7ff600ac3c1e
                                                0x7ff600ac3c20
                                                0x7ff600ac3c23
                                                0x7ff600ac3c28
                                                0x7ff600ac3c32
                                                0x7ff600ac3c37
                                                0x7ff600ac3c3d
                                                0x7ff600ac3c49
                                                0x7ff600ac3c4e
                                                0x7ff600ac3c58
                                                0x7ff600ac3c65
                                                0x7ff600ac3c6f
                                                0x7ff600ac3c71
                                                0x7ff600ac3c73
                                                0x7ff600ac3c7c
                                                0x7ff600ac3c7f
                                                0x7ff600ac3c9c
                                                0x7ff600ac3ca4
                                                0x7ff600ac3ca9
                                                0x7ff600ac3cb1
                                                0x7ff600ac3cbb
                                                0x7ff600ac3cc3
                                                0x7ff600ac3cce
                                                0x7ff600ac3cd3
                                                0x7ff600ac3cdb
                                                0x7ff600ac3cfb

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 827719068d585f8f0969a944c5dea55f7c70d87e8e70e125c8e0c5b7fe9d97f9
                                                • Instruction ID: 1170f07b9f066c2ac1738f8b50b2220118a8c2fa6aa5331488f50072eeb80b1a
                                                • Opcode Fuzzy Hash: 827719068d585f8f0969a944c5dea55f7c70d87e8e70e125c8e0c5b7fe9d97f9
                                                • Instruction Fuzzy Hash: 95713513A0C24662FE688A299000BBE6391EF41748F368935DD8D973DFCE2DEE468301
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC3F98 Relevance: 1.5, Strings: 1, Instructions: 206COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 53%
                                                			E00007FF67FF600AC3F98(long long __rbx, signed long long __rcx, void* __rdx, long long __rsi, long long __rbp, void* _a8, void* _a10, char _a16, long long _a24, long long _a32) {
				void* _v40;
				void* __rdi;
				intOrPtr _t68;
				signed char _t70;
				signed char _t75;
				signed char _t85;
				signed char _t86;
				signed char _t87;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				intOrPtr* _t133;
				void* _t174;
				void* _t175;
				long long* _t177;
				void* _t184;
				void* _t185;
				void* _t187;
				void* _t193;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t185 = _t184 - 0x30;
				_t68 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t94 = _t68 - 0x64;
				if (_t94 > 0) goto 0xac401f;
				if (_t94 == 0) goto 0xac408b;
				if (_t68 == r14b) goto 0xac409e;
				if (_t68 == 0x43) goto 0xac4009;
				if (_t68 - 0x44 <= 0) goto 0xac40a7;
				if (_t68 - 0x47 <= 0) goto 0xac409e;
				if (_t68 == 0x53) goto 0xac4047;
				if (_t68 == bpl) goto 0xac405c;
				if (_t68 == 0x5a) goto 0xac4015;
				if (_t68 == 0x61) goto 0xac409e;
				if (_t68 != 0x63) goto 0xac40a7;
				E00007FF67FF600AC7E44(_t68 - 0x63, __rcx);
				goto 0xac40a3;
				_t70 = E00007FF67FF600AC605C(__rcx);
				goto 0xac40a3;
				if (_t70 - 0x67 <= 0) goto 0xac409e;
				if (_t70 == 0x69) goto 0xac408b;
				if (_t70 == 0x6e) goto 0xac4084;
				if (_t70 == 0x6f) goto 0xac4066;
				if (_t70 == 0x70) goto 0xac404e;
				if (_t70 == 0x73) goto 0xac4047;
				if (_t70 == 0x75) goto 0xac408f;
				if (_t70 != sil) goto 0xac40a7;
				 *[fs:rax] =  *[fs:rax] + _t70;
				goto 0xac40a3;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(__rcx + 0x5e8c1c1) =  *(__rcx + 0x5e8c1c1) ^ _t85;
				if ((r15b & _t70) == 0) goto 0xac407a;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = __rcx;
				asm("adc al, ch");
				asm("pop ds");
				 *_t133 =  *_t133 + _t70;
				goto 0xac40a3;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				 *_t133 =  *_t133 + _t70 - 0x49;
				goto 0xac40a3;
				if (E00007FF67FF600AC692C(_t87, _t92, __rcx, __rcx, __rsi, __rbp, _t187) != 0) goto 0xac40ae;
				goto 0xac4203;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0xac4200;
				_a16 = 0;
				 *((char*)(_t185 + 0x52)) = 0;
				if ((r15b & 0) == 0) goto 0xac4100;
				if ((r15b & 0) == 0) goto 0xac40e3;
				_a16 = 0x2d;
				goto 0xac40fd;
				if ((r15b & _t87) == 0) goto 0xac40ef;
				_a16 = 0x2b;
				goto 0xac40fd;
				if ((r15b & 0) == 0) goto 0xac4100;
				_a16 = 0x20;
				_t174 = _t193;
				_t86 =  *((intOrPtr*)(__rcx + 0x41));
				_t75 = _t86 - bpl;
				if ((_t75 & 0x000000df) != 0) goto 0xac411b;
				if ((r15b & _t75) == 0) goto 0xac411b;
				r8b = r15b;
				goto 0xac411e;
				r8b = 0;
				if (r8b != 0) goto 0xac4131;
				if ((_t86 - r14b & 0xffffff00 | (_t86 - r14b & 0x000000df) == 0x00000000) == 0) goto 0xac414c;
				 *((char*)(_t185 + _t174 + 0x50)) = 0x30;
				if (_t86 == bpl) goto 0xac4140;
				if (_t86 != r14b) goto 0xac4143;
				sil = bpl;
				 *((intOrPtr*)(_t185 + _t174 + 0x51)) = sil;
				_t175 = _t174 + 2;
				if ((_t87 & 0x0000000c) != 0) goto 0xac416e;
				r8d = _t93;
				E00007FF67FF600ABC70C(0x20, __rcx, __rcx + 0x468, _t175, __rsi,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t175, __rcx + 0x28);
				_t192 = __rcx + 0x468;
				_t177 = __rcx + 0x28;
				if ((r15b & _t86) == 0) goto 0xac4195;
				if ( *((long long*)( *((intOrPtr*)(__rcx + 0x468)) + 8)) != 0) goto 0xac4195;
				 *_t177 =  *_t177 + _t175;
				goto 0xac41b1;
				r8d = _t91;
				 *((long long*)(_t185 + 0x20)) = __rcx + 0x10;
				if ((r15b & E00007FF67FF600ACD4A8(__rcx, __rcx + 0x468,  &_a16, _t175, _t177,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t175, _t177)) == 0) goto 0xac41d6;
				if ((r15b & _t86) != 0) goto 0xac41d6;
				r8d = _t93;
				E00007FF67FF600ABC70C(0x30, __rcx, __rcx + 0x468, _t175, _t177,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t175, _t177);
				E00007FF67FF600ACC998(__rcx, __rcx, _t177);
				if ( *_t177 < 0) goto 0xac4200;
				if ((r15b & _t86) == 0) goto 0xac4200;
				r8d = _t93;
				E00007FF67FF600ABC70C(0x20, __rcx, _t192, _t175, _t177,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t175, _t177);
				return r15b;
			}























                                                0x7ff600ac3f98
                                                0x7ff600ac3f9d
                                                0x7ff600ac3fa2
                                                0x7ff600ac3fac
                                                0x7ff600ac3fb0
                                                0x7ff600ac3fb6
                                                0x7ff600ac3fbc
                                                0x7ff600ac3fbf
                                                0x7ff600ac3fc2
                                                0x7ff600ac3fc5
                                                0x7ff600ac3fc7
                                                0x7ff600ac3fc9
                                                0x7ff600ac3fd2
                                                0x7ff600ac3fda
                                                0x7ff600ac3fde
                                                0x7ff600ac3fe6
                                                0x7ff600ac3fee
                                                0x7ff600ac3ff3
                                                0x7ff600ac3ff7
                                                0x7ff600ac3ffb
                                                0x7ff600ac4003
                                                0x7ff600ac400b
                                                0x7ff600ac4010
                                                0x7ff600ac4015
                                                0x7ff600ac401a
                                                0x7ff600ac4021
                                                0x7ff600ac4025
                                                0x7ff600ac4029
                                                0x7ff600ac402d
                                                0x7ff600ac4031
                                                0x7ff600ac4035
                                                0x7ff600ac4039
                                                0x7ff600ac403e
                                                0x7ff600ac4049
                                                0x7ff600ac404c
                                                0x7ff600ac404e
                                                0x7ff600ac4055
                                                0x7ff600ac405c
                                                0x7ff600ac4068
                                                0x7ff600ac4071
                                                0x7ff600ac4073
                                                0x7ff600ac4077
                                                0x7ff600ac4083
                                                0x7ff600ac4085
                                                0x7ff600ac4087
                                                0x7ff600ac4089
                                                0x7ff600ac408b
                                                0x7ff600ac409a
                                                0x7ff600ac409c
                                                0x7ff600ac40a5
                                                0x7ff600ac40a9
                                                0x7ff600ac40b2
                                                0x7ff600ac40bd
                                                0x7ff600ac40c4
                                                0x7ff600ac40d0
                                                0x7ff600ac40da
                                                0x7ff600ac40dc
                                                0x7ff600ac40e1
                                                0x7ff600ac40e6
                                                0x7ff600ac40e8
                                                0x7ff600ac40ed
                                                0x7ff600ac40f6
                                                0x7ff600ac40f8
                                                0x7ff600ac40fd
                                                0x7ff600ac4100
                                                0x7ff600ac4105
                                                0x7ff600ac410a
                                                0x7ff600ac4114
                                                0x7ff600ac4116
                                                0x7ff600ac4119
                                                0x7ff600ac411b
                                                0x7ff600ac412b
                                                0x7ff600ac412f
                                                0x7ff600ac4131
                                                0x7ff600ac4139
                                                0x7ff600ac413e
                                                0x7ff600ac4140
                                                0x7ff600ac4143
                                                0x7ff600ac4148
                                                0x7ff600ac4157
                                                0x7ff600ac415d
                                                0x7ff600ac4169
                                                0x7ff600ac416e
                                                0x7ff600ac4178
                                                0x7ff600ac4185
                                                0x7ff600ac418f
                                                0x7ff600ac4191
                                                0x7ff600ac4193
                                                0x7ff600ac419c
                                                0x7ff600ac419f
                                                0x7ff600ac41bc
                                                0x7ff600ac41c4
                                                0x7ff600ac41c9
                                                0x7ff600ac41d1
                                                0x7ff600ac41db
                                                0x7ff600ac41e3
                                                0x7ff600ac41ee
                                                0x7ff600ac41f3
                                                0x7ff600ac41fb
                                                0x7ff600ac421b

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: aacb201154a358d6d04244212a9f70b69b78ca5aed80cddbd2320ecf37f12c7d
                                                • Instruction ID: 6aa55b2ee89f19acaa01b772f950c92af00f632cc9cee6ca707882626aae55b6
                                                • Opcode Fuzzy Hash: aacb201154a358d6d04244212a9f70b69b78ca5aed80cddbd2320ecf37f12c7d
                                                • Instruction Fuzzy Hash: B2716913A4C34662FA648A289020BBE67919F59744F351935DE8D877DFCE3DE883C709
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC4484 Relevance: 1.4, Strings: 1, Instructions: 200COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 59%
                                                			E00007FF67FF600AC4484(long long __rbx, unsigned int __rcx, long long __rsi, long long __rbp, void* _a8, void* _a10, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				void* __rdi;
				intOrPtr _t64;
				signed char _t66;
				signed char _t70;
				void* _t74;
				signed char _t80;
				signed char _t81;
				signed char _t82;
				void* _t86;
				void* _t87;
				void* _t88;
				intOrPtr* _t127;
				void* _t160;
				long long* _t168;
				void* _t170;
				void* _t171;
				intOrPtr* _t173;
				void* _t178;
				void* _t179;
				void* _t181;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t171 = _t170 - 0x30;
				_t64 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t88 = _t64 - 0x64;
				if (_t88 > 0) goto 0xac450b;
				if (_t88 == 0) goto 0xac4577;
				if (_t64 == r14b) goto 0xac458a;
				if (_t64 == 0x43) goto 0xac44f5;
				if (_t64 - 0x44 <= 0) goto 0xac4593;
				if (_t64 - 0x47 <= 0) goto 0xac458a;
				if (_t64 == 0x53) goto 0xac4533;
				if (_t64 == bpl) goto 0xac4548;
				if (_t64 == 0x5a) goto 0xac4501;
				if (_t64 == 0x61) goto 0xac458a;
				if (_t64 != 0x63) goto 0xac4593;
				E00007FF67FF600AC7FD4(_t64 - 0x63, __rcx, __rcx);
				goto 0xac458f;
				_t66 = E00007FF67FF600AC6144(__rcx);
				goto 0xac458f;
				if (_t66 - 0x67 <= 0) goto 0xac458a;
				if (_t66 == 0x69) goto 0xac4577;
				if (_t66 == 0x6e) goto 0xac4570;
				if (_t66 == 0x6f) goto 0xac4552;
				if (_t66 == 0x70) goto 0xac453a;
				if (_t66 == 0x73) goto 0xac4533;
				if (_t66 == 0x75) goto 0xac457b;
				if (_t66 != sil) goto 0xac4593;
				asm("pushad");
				 *_t127 =  *_t127 + _t66;
				goto 0xac458f;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(__rcx + 0x5e8c1c1) =  *(__rcx + 0x5e8c1c1) ^ _t80;
				if ((r15b & _t66) == 0) goto 0xac4566;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = __rcx;
				asm("adc al, ch");
				 *_t127 =  *_t127 + _t66;
				goto 0xac458f;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				 *_t173 =  *_t173 + r8b;
				goto 0xac458f;
				if (E00007FF67FF600AC6CA4(_t82, _t87, __rcx, __rcx, __rsi, __rbp) != 0) goto 0xac459a;
				goto 0xac46e7;
				if ( *((long long*)(__rcx + 0x47c)) != 2) goto 0xac45b0;
				if ( *((intOrPtr*)(__rcx + 0x478)) == r15d) goto 0xac46e4;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0xac46e4;
				 *((short*)(_t171 + 0x50)) = 0;
				 *((char*)(_t171 + 0x52)) = 0;
				if ((r15b & 0) == 0) goto 0xac4602;
				if ((r15b & 0) == 0) goto 0xac45e5;
				 *((char*)(_t171 + 0x50)) = 0x2d;
				goto 0xac45ff;
				if ((r15b & _t82) == 0) goto 0xac45f1;
				 *((char*)(_t171 + 0x50)) = 0x2b;
				goto 0xac45ff;
				if ((r15b & 0) == 0) goto 0xac4602;
				 *((char*)(_t171 + 0x50)) = 0x20;
				_t160 = _t181;
				_t81 =  *((intOrPtr*)(__rcx + 0x41));
				_t70 = _t81 - bpl;
				if ((_t70 & 0x000000df) != 0) goto 0xac461d;
				if ((r15b & _t70) == 0) goto 0xac461d;
				r8b = r15b;
				goto 0xac4620;
				r8b = 0;
				_t72 = _t81 - r14b;
				if (r8b != 0) goto 0xac4633;
				if ((_t81 - r14b & 0xffffff00 | (_t72 & 0x000000df) == 0x00000000) == 0) goto 0xac464e;
				 *((char*)(_t171 + _t160 + 0x50)) = 0x30;
				if (_t81 == bpl) goto 0xac4642;
				if (_t81 != r14b) goto 0xac4645;
				sil = bpl;
				 *((intOrPtr*)(_t171 + _t160 + 0x51)) = sil;
				_t161 = _t160 + 2;
				_t168 = __rcx + 0x28;
				_t180 = __rcx + 0x468;
				if ((_t82 & 0x0000000c) != 0) goto 0xac4676;
				r8d = _t87;
				_t74 = E00007FF67FF600ABC82C(0x20, __rcx, __rcx + 0x468, _t160 + 2, _t168, _t178, _t179);
				r8d = _t86;
				 *((long long*)(_t171 + 0x20)) = __rcx + 0x10;
				if ((r15b & E00007FF67FF600ACD35C(_t74, _t86, _t87, __rcx, __rcx + 0x468, _t160 + 2,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t160 + 2, _t168, _t168)) == 0) goto 0xac46b7;
				if ((r15b & _t81) != 0) goto 0xac46b7;
				r8d = _t87;
				E00007FF67FF600ABC82C(0x30, __rcx, _t180, _t161, _t168, _t178);
				E00007FF67FF600ACCB98(__rcx, __rcx,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t160 + 2);
				if ( *_t168 < 0) goto 0xac46e4;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0xac46e4;
				r8d = _t87;
				E00007FF67FF600ABC82C(0x20, __rcx, _t180, _t161, _t168, _t178);
				return r15b;
			}
























                                                0x7ff600ac4484
                                                0x7ff600ac4489
                                                0x7ff600ac448e
                                                0x7ff600ac4498
                                                0x7ff600ac449c
                                                0x7ff600ac44a2
                                                0x7ff600ac44a8
                                                0x7ff600ac44ab
                                                0x7ff600ac44ae
                                                0x7ff600ac44b1
                                                0x7ff600ac44b3
                                                0x7ff600ac44b5
                                                0x7ff600ac44be
                                                0x7ff600ac44c6
                                                0x7ff600ac44ca
                                                0x7ff600ac44d2
                                                0x7ff600ac44da
                                                0x7ff600ac44df
                                                0x7ff600ac44e3
                                                0x7ff600ac44e7
                                                0x7ff600ac44ef
                                                0x7ff600ac44f7
                                                0x7ff600ac44fc
                                                0x7ff600ac4501
                                                0x7ff600ac4506
                                                0x7ff600ac450d
                                                0x7ff600ac4511
                                                0x7ff600ac4515
                                                0x7ff600ac4519
                                                0x7ff600ac451d
                                                0x7ff600ac4521
                                                0x7ff600ac4525
                                                0x7ff600ac452a
                                                0x7ff600ac4535
                                                0x7ff600ac4536
                                                0x7ff600ac4538
                                                0x7ff600ac453a
                                                0x7ff600ac4541
                                                0x7ff600ac4548
                                                0x7ff600ac4554
                                                0x7ff600ac455d
                                                0x7ff600ac455f
                                                0x7ff600ac4563
                                                0x7ff600ac456f
                                                0x7ff600ac4573
                                                0x7ff600ac4575
                                                0x7ff600ac4577
                                                0x7ff600ac4584
                                                0x7ff600ac4588
                                                0x7ff600ac4591
                                                0x7ff600ac4595
                                                0x7ff600ac45a1
                                                0x7ff600ac45aa
                                                0x7ff600ac45b4
                                                0x7ff600ac45bf
                                                0x7ff600ac45c6
                                                0x7ff600ac45d2
                                                0x7ff600ac45dc
                                                0x7ff600ac45de
                                                0x7ff600ac45e3
                                                0x7ff600ac45e8
                                                0x7ff600ac45ea
                                                0x7ff600ac45ef
                                                0x7ff600ac45f8
                                                0x7ff600ac45fa
                                                0x7ff600ac45ff
                                                0x7ff600ac4602
                                                0x7ff600ac4607
                                                0x7ff600ac460c
                                                0x7ff600ac4616
                                                0x7ff600ac4618
                                                0x7ff600ac461b
                                                0x7ff600ac461d
                                                0x7ff600ac4622
                                                0x7ff600ac462d
                                                0x7ff600ac4631
                                                0x7ff600ac4633
                                                0x7ff600ac463b
                                                0x7ff600ac4640
                                                0x7ff600ac4642
                                                0x7ff600ac4645
                                                0x7ff600ac464a
                                                0x7ff600ac4651
                                                0x7ff600ac4658
                                                0x7ff600ac4664
                                                0x7ff600ac4669
                                                0x7ff600ac4671
                                                0x7ff600ac467d
                                                0x7ff600ac4680
                                                0x7ff600ac469d
                                                0x7ff600ac46a5
                                                0x7ff600ac46aa
                                                0x7ff600ac46b2
                                                0x7ff600ac46bc
                                                0x7ff600ac46c5
                                                0x7ff600ac46c7
                                                0x7ff600ac46cb
                                                0x7ff600ac46d2
                                                0x7ff600ac46d7
                                                0x7ff600ac46df
                                                0x7ff600ac46ff

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 6127568d650971eef5dcbf44166104c26728768c401b65706faae22394660384
                                                • Instruction ID: ac7080731a2e09ebe5958a6a8f573e77b5833296c6e9a815a9a927e36a34c104
                                                • Opcode Fuzzy Hash: 6127568d650971eef5dcbf44166104c26728768c401b65706faae22394660384
                                                • Instruction Fuzzy Hash: EC711713E0C24B67FA648A295020BB937D19F49748F7A1931DD88C778FCE2DEC428749
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC421C Relevance: 1.4, Strings: 1, Instructions: 196COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 61%
                                                			E00007FF67FF600AC421C(long long __rbx, signed int __rcx, long long __rsi, long long __rbp, char _a8, char _a10, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rdi;
				intOrPtr _t60;
				signed char _t62;
				signed char _t68;
				void* _t72;
				void* _t78;
				signed char _t80;
				signed char _t81;
				signed char _t82;
				void* _t86;
				void* _t87;
				void* _t88;
				signed int* _t125;
				signed long long _t140;
				void* _t157;
				void* _t159;
				long long* _t167;
				void* _t169;
				void* _t170;
				void* _t172;
				void* _t177;
				void* _t178;
				void* _t180;

				_t166 = __rbp;
				_t161 = __rsi;
				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t170 = _t169 - 0x30;
				_t60 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t88 = _t60 - 0x64;
				if (_t88 > 0) goto 0xac42a3;
				if (_t88 == 0) goto 0xac430f;
				if (_t60 == r14b) goto 0xac4322;
				if (_t60 == 0x43) goto 0xac428d;
				if (_t60 - 0x44 <= 0) goto 0xac432b;
				if (_t60 - 0x47 <= 0) goto 0xac4322;
				if (_t60 == 0x53) goto 0xac42cb;
				if (_t60 == bpl) goto 0xac42e0;
				if (_t60 == 0x5a) goto 0xac4299;
				if (_t60 == 0x61) goto 0xac4322;
				if (_t60 != 0x63) goto 0xac432b;
				E00007FF67FF600AC7F0C(_t60 - 0x63, __rcx);
				goto 0xac4327;
				_t62 = E00007FF67FF600AC60D0(__rcx);
				goto 0xac4327;
				if (_t62 - 0x67 <= 0) goto 0xac4322;
				if (_t62 == 0x69) goto 0xac430f;
				if (_t62 == 0x6e) goto 0xac4308;
				if (_t62 == 0x6f) goto 0xac42ea;
				if (_t62 == 0x70) goto 0xac42d2;
				if (_t62 == 0x73) goto 0xac42cb;
				if (_t62 == 0x75) goto 0xac4313;
				if (_t62 != sil) goto 0xac432b;
				asm("bound eax, [eax]");
				 *_t125 =  *_t125 + _t62;
				goto 0xac4327;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(__rcx + 0x5e8c1c1) =  *(__rcx + 0x5e8c1c1) ^ _t80;
				if ((r15b & _t62) == 0) goto 0xac42fe;
				asm("bts ecx, 0x7");
				 *((long long*)(__rcx + 0x30)) = __rcx;
				asm("adc al, ch");
				_t140 = __rcx &  *_t125;
				asm("sbb [ebx-0x45efcfb7], al");
				 *_t125 =  *_t125 + (_t62 |  *_t125);
				r8d = 0;
				E00007FF67FF600AC8B48(_t78 + bpl, _t82, _t87, r15b & _t62, _t140, __rcx, _t157, __rsi, __rbp, _t178);
				goto 0xac4327;
				if (E00007FF67FF600AC6AE8(_t82, _t87, _t140, __rcx, _t161, _t166, _t172) != 0) goto 0xac4332;
				goto 0xac4469;
				if ( *((char*)(_t140 + 0x40)) != 0) goto 0xac4466;
				_a8 = 0;
				_a10 = 0;
				if ((r15b & 0) == 0) goto 0xac4384;
				if ((r15b & 0) == 0) goto 0xac4367;
				_a8 = 0x2d;
				goto 0xac4381;
				if ((r15b & _t82) == 0) goto 0xac4373;
				_a8 = 0x2b;
				goto 0xac4381;
				if ((r15b & 0) == 0) goto 0xac4384;
				_a8 = 0x20;
				_t159 = _t180;
				_t81 =  *((intOrPtr*)(_t140 + 0x41));
				_t68 = _t81 - bpl;
				if ((_t68 & 0x000000df) != 0) goto 0xac439f;
				if ((r15b & _t68) == 0) goto 0xac439f;
				r8b = r15b;
				goto 0xac43a2;
				r8b = 0;
				if (r8b != 0) goto 0xac43b5;
				if ((_t81 - r14b & 0xffffff00 | (_t81 - r14b & 0x000000df) == 0x00000000) == 0) goto 0xac43d0;
				 *((char*)(_t170 + _t159 + 0x50)) = 0x30;
				if (_t81 == bpl) goto 0xac43c4;
				if (_t81 != r14b) goto 0xac43c7;
				sil = bpl;
				 *((intOrPtr*)(_t170 + _t159 + 0x51)) = sil;
				_t167 = _t140 + 0x28;
				if ((_t82 & 0x0000000c) != 0) goto 0xac43f8;
				r8d = _t87;
				_t72 = E00007FF67FF600ABC82C(0x20, _t140, _t140 + 0x468, _t159 + 2, _t167, _t177);
				r8d = _t86;
				_v40 = _t140 + 0x10;
				if ((r15b & E00007FF67FF600ACD35C(_t72, _t86, _t87, _t140, _t140 + 0x468, _t159 + 2,  *((intOrPtr*)(_t140 + 0x34)) -  *((intOrPtr*)(_t140 + 0x50)) - _t159 + 2, _t167, _t167)) == 0) goto 0xac4439;
				if ((r15b & _t81) != 0) goto 0xac4439;
				r8d = _t87;
				E00007FF67FF600ABC82C(0x30, _t140, _t140 + 0x468, _t159 + 2, _t167, _t177);
				E00007FF67FF600ACCABC(_t140, _t140,  *((intOrPtr*)(_t140 + 0x34)) -  *((intOrPtr*)(_t140 + 0x50)) - _t159 + 2);
				if ( *_t167 < 0) goto 0xac4466;
				r10d =  *(_t140 + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0xac4466;
				r8d = _t87;
				E00007FF67FF600ABC82C(0x20, _t140, _t140 + 0x468, _t159 + 2, _t167, _t177);
				return r15b;
			}



























                                                0x7ff600ac421c
                                                0x7ff600ac421c
                                                0x7ff600ac421c
                                                0x7ff600ac4221
                                                0x7ff600ac4226
                                                0x7ff600ac4230
                                                0x7ff600ac4234
                                                0x7ff600ac423a
                                                0x7ff600ac4240
                                                0x7ff600ac4243
                                                0x7ff600ac4246
                                                0x7ff600ac4249
                                                0x7ff600ac424b
                                                0x7ff600ac424d
                                                0x7ff600ac4256
                                                0x7ff600ac425e
                                                0x7ff600ac4262
                                                0x7ff600ac426a
                                                0x7ff600ac4272
                                                0x7ff600ac4277
                                                0x7ff600ac427b
                                                0x7ff600ac427f
                                                0x7ff600ac4287
                                                0x7ff600ac428f
                                                0x7ff600ac4294
                                                0x7ff600ac4299
                                                0x7ff600ac429e
                                                0x7ff600ac42a5
                                                0x7ff600ac42a9
                                                0x7ff600ac42ad
                                                0x7ff600ac42b1
                                                0x7ff600ac42b5
                                                0x7ff600ac42b9
                                                0x7ff600ac42bd
                                                0x7ff600ac42c2
                                                0x7ff600ac42cd
                                                0x7ff600ac42ce
                                                0x7ff600ac42d0
                                                0x7ff600ac42d2
                                                0x7ff600ac42d9
                                                0x7ff600ac42e0
                                                0x7ff600ac42ec
                                                0x7ff600ac42f5
                                                0x7ff600ac42f7
                                                0x7ff600ac42fb
                                                0x7ff600ac4307
                                                0x7ff600ac4309
                                                0x7ff600ac430e
                                                0x7ff600ac4316
                                                0x7ff600ac4318
                                                0x7ff600ac431b
                                                0x7ff600ac4320
                                                0x7ff600ac4329
                                                0x7ff600ac432d
                                                0x7ff600ac4336
                                                0x7ff600ac4341
                                                0x7ff600ac4348
                                                0x7ff600ac4354
                                                0x7ff600ac435e
                                                0x7ff600ac4360
                                                0x7ff600ac4365
                                                0x7ff600ac436a
                                                0x7ff600ac436c
                                                0x7ff600ac4371
                                                0x7ff600ac437a
                                                0x7ff600ac437c
                                                0x7ff600ac4381
                                                0x7ff600ac4384
                                                0x7ff600ac4389
                                                0x7ff600ac438e
                                                0x7ff600ac4398
                                                0x7ff600ac439a
                                                0x7ff600ac439d
                                                0x7ff600ac439f
                                                0x7ff600ac43af
                                                0x7ff600ac43b3
                                                0x7ff600ac43b5
                                                0x7ff600ac43bd
                                                0x7ff600ac43c2
                                                0x7ff600ac43c4
                                                0x7ff600ac43c7
                                                0x7ff600ac43d3
                                                0x7ff600ac43e6
                                                0x7ff600ac43eb
                                                0x7ff600ac43f3
                                                0x7ff600ac43ff
                                                0x7ff600ac4402
                                                0x7ff600ac441f
                                                0x7ff600ac4427
                                                0x7ff600ac442c
                                                0x7ff600ac4434
                                                0x7ff600ac443e
                                                0x7ff600ac4447
                                                0x7ff600ac4449
                                                0x7ff600ac444d
                                                0x7ff600ac4454
                                                0x7ff600ac4459
                                                0x7ff600ac4461
                                                0x7ff600ac4481

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 64b9c877dd9be707d1dfb87620868ebd18800ad62857a20d5fa26e957669691f
                                                • Instruction ID: 50e77ecc8d8b7691f32b8317ac2897de6d5fc6055754eb3ad27b55026ef91e5d
                                                • Opcode Fuzzy Hash: 64b9c877dd9be707d1dfb87620868ebd18800ad62857a20d5fa26e957669691f
                                                • Instruction Fuzzy Hash: A3612A13E0C28366FA784A295024BFD6791AF89B48F751931DD488F7CFCE2DE8468349
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC4700 Relevance: 1.4, Strings: 1, Instructions: 196COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 62%
                                                			E00007FF67FF600AC4700(long long __rbx, unsigned int __rcx, long long __rsi, long long __rbp, void* _a8, void* _a10, char _a16, long long _a24, long long _a32) {
				void* _v40;
				void* __rdi;
				intOrPtr _t62;
				signed char _t64;
				signed char _t68;
				void* _t72;
				signed char _t78;
				signed char _t79;
				signed char _t80;
				void* _t84;
				void* _t85;
				void* _t86;
				signed int _t104;
				intOrPtr* _t123;
				void* _t156;
				void* _t159;
				long long* _t165;
				void* _t167;
				void* _t168;
				void* _t170;
				void* _t175;
				void* _t177;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t168 = _t167 - 0x30;
				_t62 =  *((intOrPtr*)(__rcx + 0x41));
				r15d = 1;
				sil = 0x78;
				bpl = 0x58;
				r14b = 0x41;
				_t86 = _t62 - 0x64;
				if (_t86 > 0) goto 0xac4787;
				if (_t86 == 0) goto 0xac47f3;
				if (_t62 == r14b) goto 0xac4806;
				if (_t62 == 0x43) goto 0xac4771;
				if (_t62 - 0x44 <= 0) goto 0xac480f;
				if (_t62 - 0x47 <= 0) goto 0xac4806;
				if (_t62 == 0x53) goto 0xac47af;
				if (_t62 == bpl) goto 0xac47c4;
				if (_t62 == 0x5a) goto 0xac477d;
				if (_t62 == 0x61) goto 0xac4806;
				if (_t62 != 0x63) goto 0xac480f;
				E00007FF67FF600AC80E0(_t62 - 0x63, __rcx);
				goto 0xac480b;
				_t64 = E00007FF67FF600AC61E4(__rcx);
				goto 0xac480b;
				if (_t64 - 0x67 <= 0) goto 0xac4806;
				if (_t64 == 0x69) goto 0xac47f3;
				if (_t64 == 0x6e) goto 0xac47ec;
				if (_t64 == 0x6f) goto 0xac47ce;
				if (_t64 == 0x70) goto 0xac47b6;
				if (_t64 == 0x73) goto 0xac47af;
				if (_t64 == 0x75) goto 0xac47f7;
				if (_t64 != sil) goto 0xac480f;
				_pop(_t159);
				 *_t123 =  *_t123 + _t64;
				goto 0xac480b;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(__rcx + 0x5e8c1c1) =  *(__rcx + 0x5e8c1c1) ^ _t78;
				_t104 = r15b & _t64;
				if (_t104 == 0) goto 0xac47e2;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x30) = __rcx;
				asm("adc al, ch");
				if (_t104 > 0) goto 0xac4843;
				 *_t123 =  *_t123 + _t64;
				goto 0xac480b;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				asm("insb");
				 *_t123 =  *_t123 + r8b;
				goto 0xac480b;
				if (E00007FF67FF600AC6E9C(_t80, _t85, __rcx, __rcx, _t159, __rbp, _t170) != 0) goto 0xac4816;
				goto 0xac494d;
				if ( *((char*)(__rcx + 0x40)) != 0) goto 0xac494a;
				_a16 = 0;
				 *((char*)(_t168 + 0x52)) = 0;
				if ((r15b & 0) == 0) goto 0xac4868;
				if ((r15b & 0) == 0) goto 0xac484b;
				_a16 = 0x2d;
				goto 0xac4865;
				if ((r15b & _t80) == 0) goto 0xac4857;
				_a16 = 0x2b;
				goto 0xac4865;
				if ((r15b & 0) == 0) goto 0xac4868;
				_a16 = 0x20;
				_t156 = _t177;
				_t79 =  *((intOrPtr*)(__rcx + 0x41));
				_t68 = _t79 - bpl;
				if ((_t68 & 0x000000df) != 0) goto 0xac4883;
				if ((r15b & _t68) == 0) goto 0xac4883;
				r8b = r15b;
				goto 0xac4886;
				r8b = 0;
				_t70 = _t79 - r14b;
				if (r8b != 0) goto 0xac4899;
				if ((_t79 - r14b & 0xffffff00 | (_t70 & 0x000000df) == 0x00000000) == 0) goto 0xac48b4;
				 *((char*)(_t168 + _t156 + 0x50)) = 0x30;
				if (_t79 == bpl) goto 0xac48a8;
				if (_t79 != r14b) goto 0xac48ab;
				sil = bpl;
				 *((intOrPtr*)(_t168 + _t156 + 0x51)) = sil;
				_t157 = _t156 + 2;
				_t165 = __rcx + 0x28;
				_t176 = __rcx + 0x468;
				if ((_t80 & 0x0000000c) != 0) goto 0xac48dc;
				r8d = _t85;
				_t72 = E00007FF67FF600ABC82C(0x20, __rcx, __rcx + 0x468, _t156 + 2, _t165, _t175);
				r8d = _t84;
				 *((long long*)(_t168 + 0x20)) = __rcx + 0x10;
				if ((r15b & E00007FF67FF600ACD35C(_t72, _t84, _t85, __rcx, __rcx + 0x468, _t156 + 2,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t156 + 2, _t165, _t165)) == 0) goto 0xac491d;
				if ((r15b & _t79) != 0) goto 0xac491d;
				r8d = _t85;
				E00007FF67FF600ABC82C(0x30, __rcx, _t176, _t157, _t165, _t175);
				E00007FF67FF600ACCC74(__rcx, __rcx,  *((intOrPtr*)(__rcx + 0x34)) -  *((intOrPtr*)(__rcx + 0x50)) - _t156 + 2);
				if ( *_t165 < 0) goto 0xac494a;
				r10d =  *(__rcx + 0x30);
				r10d = r10d >> 2;
				if ((r15b & r10b) == 0) goto 0xac494a;
				r8d = _t85;
				E00007FF67FF600ABC82C(0x20, __rcx, _t176, _t157, _t165, _t175);
				return r15b;
			}

























                                                0x7ff600ac4700
                                                0x7ff600ac4705
                                                0x7ff600ac470a
                                                0x7ff600ac4714
                                                0x7ff600ac4718
                                                0x7ff600ac471e
                                                0x7ff600ac4724
                                                0x7ff600ac4727
                                                0x7ff600ac472a
                                                0x7ff600ac472d
                                                0x7ff600ac472f
                                                0x7ff600ac4731
                                                0x7ff600ac473a
                                                0x7ff600ac4742
                                                0x7ff600ac4746
                                                0x7ff600ac474e
                                                0x7ff600ac4756
                                                0x7ff600ac475b
                                                0x7ff600ac475f
                                                0x7ff600ac4763
                                                0x7ff600ac476b
                                                0x7ff600ac4773
                                                0x7ff600ac4778
                                                0x7ff600ac477d
                                                0x7ff600ac4782
                                                0x7ff600ac4789
                                                0x7ff600ac478d
                                                0x7ff600ac4791
                                                0x7ff600ac4795
                                                0x7ff600ac4799
                                                0x7ff600ac479d
                                                0x7ff600ac47a1
                                                0x7ff600ac47a6
                                                0x7ff600ac47b1
                                                0x7ff600ac47b2
                                                0x7ff600ac47b4
                                                0x7ff600ac47b6
                                                0x7ff600ac47bd
                                                0x7ff600ac47c4
                                                0x7ff600ac47d0
                                                0x7ff600ac47d6
                                                0x7ff600ac47d9
                                                0x7ff600ac47db
                                                0x7ff600ac47df
                                                0x7ff600ac47eb
                                                0x7ff600ac47ed
                                                0x7ff600ac47ef
                                                0x7ff600ac47f1
                                                0x7ff600ac47f3
                                                0x7ff600ac4800
                                                0x7ff600ac4801
                                                0x7ff600ac4804
                                                0x7ff600ac480d
                                                0x7ff600ac4811
                                                0x7ff600ac481a
                                                0x7ff600ac4825
                                                0x7ff600ac482c
                                                0x7ff600ac4838
                                                0x7ff600ac4842
                                                0x7ff600ac4844
                                                0x7ff600ac4849
                                                0x7ff600ac484e
                                                0x7ff600ac4850
                                                0x7ff600ac4855
                                                0x7ff600ac485e
                                                0x7ff600ac4860
                                                0x7ff600ac4865
                                                0x7ff600ac4868
                                                0x7ff600ac486d
                                                0x7ff600ac4872
                                                0x7ff600ac487c
                                                0x7ff600ac487e
                                                0x7ff600ac4881
                                                0x7ff600ac4883
                                                0x7ff600ac4888
                                                0x7ff600ac4893
                                                0x7ff600ac4897
                                                0x7ff600ac4899
                                                0x7ff600ac48a1
                                                0x7ff600ac48a6
                                                0x7ff600ac48a8
                                                0x7ff600ac48ab
                                                0x7ff600ac48b0
                                                0x7ff600ac48b7
                                                0x7ff600ac48be
                                                0x7ff600ac48ca
                                                0x7ff600ac48cf
                                                0x7ff600ac48d7
                                                0x7ff600ac48e3
                                                0x7ff600ac48e6
                                                0x7ff600ac4903
                                                0x7ff600ac490b
                                                0x7ff600ac4910
                                                0x7ff600ac4918
                                                0x7ff600ac4922
                                                0x7ff600ac492b
                                                0x7ff600ac492d
                                                0x7ff600ac4931
                                                0x7ff600ac4938
                                                0x7ff600ac493d
                                                0x7ff600ac4945
                                                0x7ff600ac4965

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 221c08d5e59fea412e2e94cad7c0cbc5a161ae557b6adb0889625c60547c5957
                                                • Instruction ID: 337a9f4534299e27a4f2e029b767d617f483578d029f1fbebf0d30693c45c402
                                                • Opcode Fuzzy Hash: 221c08d5e59fea412e2e94cad7c0cbc5a161ae557b6adb0889625c60547c5957
                                                • Instruction Fuzzy Hash: B2615C13E1C28266FA648A295020BBA17919F4AB44F761D31DD8DD77CFCF2DE8438349
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B006CC Relevance: 1.4, APIs: 1, Instructions: 137COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 80%
                                                			E00007FF67FF600B006CC(void* __ecx, void* __edx, void* __rcx, void* __r8, signed long long* _a40) {
				signed int _v72;
				char _v200;
				void* _v216;
				long long _v232;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t20;
				void* _t27;
				void* _t33;
				void* _t35;
				void* _t36;
				signed long long _t51;
				signed long long _t52;
				void* _t53;
				void* _t58;
				signed long long _t59;
				void* _t77;
				signed long long* _t90;
				void* _t91;
				signed long long _t92;
				void* _t100;

				_t35 = __edx;
				_t34 = __ecx;
				_t51 =  *0xb2fde8; // 0xc4f55cf73642
				_t52 = _t51 ^ _t92;
				_v72 = _t52;
				_t90 = _a40;
				_t36 = r9d;
				_t100 = __r8;
				 *_t90 = 0;
				if (_t77 != 1) goto 0xb007e9;
				_v232 = 0x80;
				r8d = _t36;
				_t59 = E00007FF67FF600B00550(__ecx, _t77 - 1, _t58, __rcx, __r8, 0, _t90, __r8,  &_v200, __rcx);
				if (_t52 == 0) goto 0xb00771;
				E00007FF67FF600AEC120(_t18, _t59, 1);
				 *_t90 = _t52;
				_t20 = E00007FF67FF600AE8E1C(_t52, 0);
				if ( *_t90 == 0) goto 0xb0085a;
				_t6 = _t59 - 1; // -1
				_t53 = _t6;
				E00007FF67FF600AFF618(_t53, _t59,  *_t90, _t59,  &_v200, _t20);
				if (_t53 != 0) goto 0xb0087f;
				goto 0xb0085d;
				GetLastError();
				if (0 != 0x7a) goto 0xb0085a;
				r9d = 0;
				_v232 = 0;
				r8d = _t36;
				E00007FF67FF600B00550(_t34, 0 - 0x7a, _t59, __rcx, _t100, 0, _t90,  &_v200, _t20, __rcx);
				if (0 == 0) goto 0xb0085a;
				 *0xFFFFFFFFFFFFFF8B =  *((long long*)(0xffffffffffffff8b)) - 1;
				 *(_t91 + 0x4c) =  *(_t91 + 0x4c) << 0x8b;
				asm("enter 0x8944, 0x7c");
				r8d = _t36;
				E00007FF67FF600B00550(_t34, 0, _t59, __rcx, _t100, 0, _t90,  &_v200, _t20, __rcx);
				if (0 == 0) goto 0xb007da;
				 *_t90 = _t59;
				goto 0xb007dd;
				E00007FF67FF600AE8E1C(_t59, 0);
				goto 0xb0085d;
				r9d = 0;
				r8d = 0;
				_t27 = E00007FF67FF600AED2B4(_t35, 0, 0xffffffff, 0x2, _t100, _t90, _t91,  &_v200);
				if (0xffffffff == 0) goto 0xb0085a;
				E00007FF67FF600AEC120(_t27, _t27, 0x2);
				if (0xffffffff == 0) goto 0xb007da;
				r9d = r15d;
				E00007FF67FF600AED2B4(_t35, 0xffffffff, 0xffffffff, 0xffffffff, _t100, _t90, _t91, 0xffffffff);
				goto 0xb007cb;
				if (_t91 != 0) goto 0xb0085a;
				asm("bts ebp, 0x1d");
				_v216 = 0xffffffff;
				r9d = _t33;
				E00007FF67FF600AED2B4(_t35, _t91, 0xffffffff, 0xffffffff, _t100, _t90, _t91,  &_v216);
				if (0xffffffff == 0) goto 0xb0085a;
				 *_t90 = _v216;
				goto 0xb0076a;
				return E00007FF67FF600AA5980(_v216, _t34, _v72 ^ _t92);
			}



























                                                0x7ff600b006cc
                                                0x7ff600b006cc
                                                0x7ff600b006de
                                                0x7ff600b006e5
                                                0x7ff600b006e8
                                                0x7ff600b006f0
                                                0x7ff600b006fa
                                                0x7ff600b006fd
                                                0x7ff600b00703
                                                0x7ff600b00709
                                                0x7ff600b00714
                                                0x7ff600b0071c
                                                0x7ff600b00727
                                                0x7ff600b0072c
                                                0x7ff600b00734
                                                0x7ff600b0073b
                                                0x7ff600b0073e
                                                0x7ff600b00746
                                                0x7ff600b0074f
                                                0x7ff600b0074f
                                                0x7ff600b0075d
                                                0x7ff600b00764
                                                0x7ff600b0076c
                                                0x7ff600b00771
                                                0x7ff600b0077a
                                                0x7ff600b00780
                                                0x7ff600b00783
                                                0x7ff600b00787
                                                0x7ff600b00790
                                                0x7ff600b0079a
                                                0x7ff600b007ac
                                                0x7ff600b007b2
                                                0x7ff600b007b7
                                                0x7ff600b007bd
                                                0x7ff600b007c6
                                                0x7ff600b007cd
                                                0x7ff600b007d5
                                                0x7ff600b007d8
                                                0x7ff600b007e0
                                                0x7ff600b007e7
                                                0x7ff600b007f2
                                                0x7ff600b007f5
                                                0x7ff600b007fd
                                                0x7ff600b00807
                                                0x7ff600b0080e
                                                0x7ff600b00819
                                                0x7ff600b0081b
                                                0x7ff600b00826
                                                0x7ff600b0082b
                                                0x7ff600b0082f
                                                0x7ff600b00831
                                                0x7ff600b00835
                                                0x7ff600b00840
                                                0x7ff600b00846
                                                0x7ff600b0084d
                                                0x7ff600b00853
                                                0x7ff600b00855
                                                0x7ff600b0087e

                                                APIs
                                                • GetLastError.KERNEL32 ref: 00007FF600B00771
                                                  • Part of subcall function 00007FF600AEC120: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF600AEA4E9,?,?,?,00007FF600AE8D0D,?,?,?,?,00007FF600ACF7DA), ref: 00007FF600AEC175
                                                  • Part of subcall function 00007FF600AE8E1C: HeapFree.KERNEL32(?,?,?,00007FF600AF6C1C,?,?,?,00007FF600AF703F,?,?,?,00007FF600AF780C,?,?,?,00007FF600AF773F), ref: 00007FF600AE8E32
                                                  • Part of subcall function 00007FF600AE8E1C: GetLastError.KERNEL32(?,?,?,00007FF600AF6C1C,?,?,?,00007FF600AF703F,?,?,?,00007FF600AF780C,?,?,?,00007FF600AF773F), ref: 00007FF600AE8E44
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorHeapLast$AllocateFree
                                                • String ID:
                                                • API String ID: 9605958-0
                                                • Opcode ID: 20a2b786f07d286370eb04fa40c4bad31e3e6476ab6730563e6246ee8f9a9846
                                                • Instruction ID: 1f7705724f71456f679ef5a13b99018a43af87db50b420d643501dd42c500fb2
                                                • Opcode Fuzzy Hash: 20a2b786f07d286370eb04fa40c4bad31e3e6476ab6730563e6246ee8f9a9846
                                                • Instruction Fuzzy Hash: F241F922F1D38361FA706A2669517BAA290BF96BC0F249135DE5EC77CAFF3DE4014640
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AD0E04 Relevance: .7, Instructions: 698COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 56%
                                                			E00007FF67FF600AD0E04(long long* __rax, signed int __rcx, intOrPtr* __rdx, long long __r8, void* _a8, char _a16, void* _a24, signed char _a32) {
				long long _v88;
				signed long long _v96;
				signed int _v104;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed char _t240;
				char _t255;
				char _t257;
				signed char _t273;
				void* _t287;
				void* _t308;
				intOrPtr _t309;
				long long _t311;
				void* _t313;
				signed char _t374;
				long long _t440;
				long long _t443;
				long long _t446;
				long long _t448;
				long long _t450;
				long long _t454;
				long long _t466;
				long long _t470;
				long long _t472;
				long long _t484;
				long long _t486;
				long long _t489;
				long long _t491;
				long long _t493;
				long long _t495;
				long long _t501;
				long long _t510;
				long long _t515;
				char* _t517;
				long long _t518;
				long long _t520;
				char* _t522;
				char* _t529;
				intOrPtr _t533;
				intOrPtr _t541;
				intOrPtr _t552;
				void* _t572;
				intOrPtr* _t575;
				intOrPtr* _t576;
				intOrPtr* _t577;
				intOrPtr* _t578;
				intOrPtr* _t579;
				intOrPtr* _t580;
				intOrPtr* _t581;
				intOrPtr* _t582;
				intOrPtr* _t583;
				intOrPtr* _t584;
				intOrPtr* _t585;
				intOrPtr* _t586;
				intOrPtr* _t587;
				intOrPtr* _t588;
				intOrPtr* _t589;
				intOrPtr* _t590;
				intOrPtr* _t591;
				signed long long _t593;
				void* _t595;
				void* _t599;
				void* _t602;
				void* _t603;
				intOrPtr _t613;
				intOrPtr* _t615;
				signed char* _t616;
				signed char* _t617;
				signed char* _t618;
				intOrPtr _t626;
				long long _t629;

				_a24 = __r8;
				_a8 = __rcx;
				_t575 =  *__rdx;
				_t629 = __r8;
				if (_t575 == 0) goto 0xad0e39;
				_t311 =  *((long long*)(__rdx + 0x18));
				if (_t311 != 0) goto 0xad0e53;
				E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x16;
				E00007FF67FF600ACE12C();
				 *0x7EEE8FFFFFF8A =  *((intOrPtr*)(0x7eee8ffffff8a)) + _t273;
				if (_t311 != 0) goto 0xad0e5f;
				 *((intOrPtr*)(__rdx + 0x6a + __rcx * 4)) =  *((intOrPtr*)(__rdx + 0x6a + __rcx * 4)) + _t273;
				asm("adc [ecx+ecx*4+0x6d], cl");
				asm("loopne 0x4b");
				_t440 = _t603 + 1;
				 *((long long*)(__rdx + 0x10)) = _t440;
				if (_t311 == 0) goto 0xad0e70;
				if (_t440 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad0e83;
				E00007FF67FF600AF0528(_t440, __rdx,  *_t575);
				_t313 = _t440 - 0xffffffff;
				if (_t313 == 0) goto 0xad0e83;
				 *((long long*)(_t575 + 8)) =  *((long long*)(_t575 + 8)) + 1;
				goto 0xad0e85;
				asm("inc ebx");
				asm("ror byte [eax-0x7d], 0x7b");
				 *((long long*)(__rdx + 0x10)) = _t440;
				if (_t313 == 0) goto 0xad0ea4;
				if (_t440 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad0eba;
				_t576 =  *__rdx;
				E00007FF67FF600AF0528(_t440, __rdx,  *_t576);
				if (_t440 == 0xffffffff) goto 0xad0eba;
				 *((long long*)(_t576 + 8)) =  *((long long*)(_t576 + 8)) + 1;
				goto 0xad0ebc;
				_a16 = 0;
				E00007FF67FF600AE1EF4(_t273, _t287, _t308, __rdx, 0x8, _t603, __rcx);
				if (_t440 != 0) goto 0xad0e8c;
				_t529 = __r8 + 0x308;
				_v88 = _t529;
				 *_t529 = 0;
				if (0 != 0) goto 0xad0f22;
				_t443 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t443;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad0f05;
				if (_t443 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad0f1d;
				_t577 =  *__rdx;
				E00007FF67FF600AF0528(_t443, __rdx,  *_t577);
				if (_t443 == 0xffffffff) goto 0xad0f1d;
				 *((long long*)(_t577 + 8)) =  *((long long*)(_t577 + 8)) + 1;
				goto 0xad0f1f;
				_a16 = 0;
				r12b = 0xdf;
				if ((r12b & 0) == 0) goto 0xad1632;
				if ((r12b & 0) == 0) goto 0xad1621;
				_a32 = 0;
				if (0 != 0x30) goto 0xad1007;
				_t593 =  *((intOrPtr*)(__rdx + 0x10));
				_t446 = _t593 + 1;
				 *((long long*)(__rdx + 0x10)) = _t446;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad0f63;
				if (_t446 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad0fc9;
				_t578 =  *__rdx;
				r8d = E00007FF67FF600AF0528(_t446, __rdx,  *_t578);
				if (_t446 == 0xffffffff) goto 0xad0fc6;
				 *((long long*)(_t578 + 8)) =  *((long long*)(_t578 + 8)) + 1;
				if ((r12b & _t273) != 0) goto 0xad0fc1;
				_t448 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				_a32 = 1;
				 *((long long*)(__rdx + 0x10)) = _t448;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad0f9e;
				if (_t448 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad0fb4;
				_t579 =  *__rdx;
				_t533 =  *_t579;
				E00007FF67FF600AF0528(_t448, __rdx, _t533);
				if (_t448 == 0xffffffff) goto 0xad0fb4;
				 *((long long*)(_t579 + 8)) =  *((long long*)(_t579 + 8)) + 1;
				goto 0xad0fb6;
				_a16 = 0;
				_v96 = _t593;
				goto 0xad1007;
				goto 0xad0fcc;
				r8b = 0;
				_t450 =  *((intOrPtr*)(__rdx + 0x10)) - 1;
				 *((long long*)(__rdx + 0x10)) = _t450;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad0fe4;
				if (_t450 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1007;
				if (0 - 1 <= 0) goto 0xad1007;
				_t451 =  *__rdx;
				if (_t533 == 0xffffffff) goto 0xad1007;
				 *((long long*)( *__rdx + 8)) =  *((long long*)( *__rdx + 8)) - 1;
				E00007FF67FF600AF0658(r8b, _a16, _t451, __rdx,  *_t451);
				_t616 = _t629 + 8;
				r15b = 0;
				_v104 = 0;
				if (_a16 != 0x30) goto 0xad1057;
				r15b = 1;
				_t454 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t454;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad1033;
				if (_t454 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1052;
				_t580 =  *__rdx;
				E00007FF67FF600AF0528(_t454, __rdx,  *_t580);
				if (_t454 == 0xffffffff) goto 0xad1052;
				 *((long long*)(_t580 + 8)) =  *((long long*)(_t580 + 8)) + 1;
				_a16 = 0;
				if (0 != 0x30) goto 0xad1057;
				goto 0xad101b;
				_a16 = 0;
				_t240 =  ~_a32;
				r14d = _v104;
				asm("sbb esi, esi");
				_t595 = (_t593 & 0x00000006) + 9;
				if (_t240 - 9 > 0) goto 0xad107b;
				goto 0xad109c;
				if (_t240 - 0x19 > 0) goto 0xad108a;
				goto 0xad109c;
				if (_t240 - 0x19 > 0) goto 0xad1099;
				goto 0xad109c;
				if (0xffffffffffffffff - _t595 > 0) goto 0xad10e9;
				r15b = 1;
				if (_t616 == _v88) goto 0xad10af;
				 *_t616 = _t240;
				_t617 =  &(_t616[1]);
				r14d = r14d + 1;
				_t466 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t466;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad10ca;
				if (_t466 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad10e0;
				_t581 =  *__rdx;
				E00007FF67FF600AF0528(_t466, __rdx,  *_t581);
				if (_t466 == 0xffffffff) goto 0xad10e0;
				 *((long long*)(_t581 + 8)) =  *((long long*)(_t581 + 8)) + 1;
				goto 0xad10e2;
				_a16 = 0;
				goto 0xad106c;
				_v104 = r14d;
				if (0 !=  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_a8 + 0xf8))))))) goto 0xad121c;
				_t470 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t470;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad1122;
				if (_t470 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1138;
				_t582 =  *__rdx;
				E00007FF67FF600AF0528(_t470, __rdx,  *_t582);
				if (_t470 == 0xffffffff) goto 0xad1138;
				 *((long long*)(_t582 + 8)) =  *((long long*)(_t582 + 8)) + 1;
				goto 0xad113a;
				_a16 = 0;
				if (_t617 != _a24 + 8) goto 0xad1198;
				if (0 != 0x30) goto 0xad1198;
				r15b = 1;
				_v104 = _v104 - 1;
				_t472 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t472;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad1170;
				if (_t472 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1191;
				_t583 =  *__rdx;
				E00007FF67FF600AF0528(_t472, __rdx,  *_t583);
				if (_t472 == 0xffffffff) goto 0xad1191;
				 *((long long*)(_t583 + 8)) =  *((long long*)(_t583 + 8)) + 1;
				_a16 = 0;
				if (0 != 0x30) goto 0xad1198;
				goto 0xad1155;
				_a16 = 0;
				if (0 - 9 > 0) goto 0xad11ab;
				goto 0xad11cc;
				if (0 - 0x19 > 0) goto 0xad11ba;
				goto 0xad11cc;
				if (0 - 0x19 > 0) goto 0xad11c9;
				goto 0xad11cc;
				if (0xffffffffffffffff - _t595 > 0) goto 0xad1218;
				r15b = 1;
				if (_t617 == _v88) goto 0xad11df;
				 *_t617 = 0;
				_t618 =  &(_t617[1]);
				_t484 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t484;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad11f7;
				if (_t484 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad120d;
				_t584 =  *__rdx;
				E00007FF67FF600AF0528(_t484, __rdx,  *_t584);
				if (_t484 == 0xffffffff) goto 0xad120d;
				 *((long long*)(_t584 + 8)) =  *((long long*)(_t584 + 8)) + 1;
				goto 0xad120f;
				_a16 = 0;
				goto 0xad119c;
				_t541 =  *((intOrPtr*)(__rdx + 8));
				_t486 =  *((intOrPtr*)(__rdx + 0x10)) - 1;
				 *((long long*)(__rdx + 0x10)) = _t486;
				if (r15b != 0) goto 0xad127b;
				if (_t541 == 0) goto 0xad123a;
				if (_t486 - _t541 > 0) goto 0xad125e;
				if (0 == 0) goto 0xad125e;
				if (0 == 0xff) goto 0xad125e;
				if (0 == 0xffffffff) goto 0xad125e;
				 *((long long*)( *__rdx + 8)) =  *((long long*)( *__rdx + 8)) - 1;
				E00007FF67FF600AF0658(0, 0, _t486, __rdx,  *((intOrPtr*)( *__rdx)));
				if (_v96 !=  *((intOrPtr*)(__rdx + 0x10))) goto 0xad152e;
				_t374 = _a32;
				if (_t374 == 0) goto 0xad0e49;
				 *0x3C6E8FFFFFF87 =  *((intOrPtr*)(0x3c6e8ffffff87));
				_pop(_t602);
				if (_t374 == 0) goto 0xad128b;
				if (0x2 > 0) goto 0xad12be;
				if (0 == 0) goto 0xad12be;
				if (0 == 0xff) goto 0xad12be;
				r9d = 0;
				if (r9d == 0xffffffff) goto 0xad12be;
				 *((long long*)( *__rdx + 8)) =  *((long long*)( *__rdx + 8)) - 1;
				E00007FF67FF600AF0658(r9d, 0, 0x2, __rdx,  *((intOrPtr*)( *__rdx)));
				_t613 =  *((intOrPtr*)(__rdx + 8));
				_t626 =  *((intOrPtr*)(__rdx + 0x10));
				_t489 = _t626 + 1;
				 *((long long*)(__rdx + 0x10)) = _t489;
				if (_t613 == 0) goto 0xad12d0;
				if (_t489 - _t613 > 0) goto 0xad12e8;
				_t585 =  *__rdx;
				E00007FF67FF600AF0528(_t489, __rdx,  *_t585);
				if (_t489 == 0xffffffff) goto 0xad12e8;
				 *((long long*)(_t585 + 8)) =  *((long long*)(_t585 + 8)) + 1;
				goto 0xad12ea;
				if (0 == 0x45) goto 0xad1305;
				if (0 == 0x50) goto 0xad1300;
				if (0 == 0x65) goto 0xad1305;
				if (0 != 0x70) goto 0xad130a;
				goto 0xad130a;
				if ((_a32 ^ 0x00000001) == 0) goto 0xad156b;
				_t491 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t491;
				if ( *((intOrPtr*)(__rdx + 8)) == 0) goto 0xad132b;
				if (_t491 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1386;
				_t586 =  *__rdx;
				_t255 = E00007FF67FF600AF0528(_t491, __rdx,  *_t586);
				r14d = _t255;
				if (_t491 == 0xffffffff) goto 0xad1386;
				 *((long long*)(_t586 + 8)) =  *((long long*)(_t586 + 8)) + 1;
				_a16 = _t255;
				if (_t255 == 0x2b) goto 0xad1351;
				if (_t255 != 0x2d) goto 0xad1390;
				_t493 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t493;
				if ( *((intOrPtr*)(__rdx + 8)) == 0) goto 0xad1368;
				if (_t493 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1380;
				_t587 =  *__rdx;
				E00007FF67FF600AF0528(_t493, __rdx,  *_t587);
				if (_t493 == 0xffffffff) goto 0xad1380;
				 *((long long*)(_t587 + 8)) =  *((long long*)(_t587 + 8)) + 1;
				goto 0xad1382;
				goto 0xad138d;
				r14b = 0;
				_a16 = 0;
				r15b = 0;
				if (0 != 0x30) goto 0xad13da;
				r15b = 1;
				_t495 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t495;
				if ( *((intOrPtr*)(__rdx + 8)) == 0) goto 0xad13b2;
				if (_t495 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad13d3;
				_t588 =  *__rdx;
				_t257 = E00007FF67FF600AF0528(_t495, __rdx,  *_t588);
				if (_t495 == 0xffffffff) goto 0xad13d3;
				 *((long long*)(_t588 + 8)) =  *((long long*)(_t588 + 8)) + 1;
				_a16 = _t257;
				if (_t257 != 0x30) goto 0xad13da;
				goto 0xad139b;
				_a16 = 0;
				if (_t257 - 9 > 0) goto 0xad13eb;
				r8d = 0;
				r8d = r8d - 0x30;
				goto 0xad1411;
				if (_t257 - 0x19 > 0) goto 0xad13fc;
				r8d = 0;
				r8d = r8d - 0x57;
				goto 0xad1411;
				if (_t257 - 0x19 > 0) goto 0xad140d;
				r8d = 0;
				r8d = r8d - 0x37;
				goto 0xad1411;
				r8d = r8d | 0xffffffff;
				if (r8d - 0xa >= 0) goto 0xad146a;
				r15b = 1;
				_t309 = _t613;
				if (0 - 0x1450 > 0) goto 0xad1465;
				_t501 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t501;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad1441;
				if (_t501 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1457;
				_t589 =  *__rdx;
				E00007FF67FF600AF0528(_t501, __rdx,  *_t589);
				if (_t501 == 0xffffffff) goto 0xad1457;
				 *((long long*)(_t589 + 8)) =  *((long long*)(_t589 + 8)) + 1;
				goto 0xad1459;
				_a16 = 0;
				goto 0xad13da;
				asm("lahf");
				if (0 - 0x19 > 0) goto 0xad148b;
				goto 0xad149d;
				if (0 - 0x19 > 0) goto 0xad149a;
				goto 0xad149d;
				if (0xffffffffffffffff - 0xa >= 0) goto 0xad14db;
				_t510 =  *((intOrPtr*)(__rdx + 0x10)) + 1;
				 *((long long*)(__rdx + 0x10)) = _t510;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad14ba;
				if (_t510 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad14d0;
				_t590 =  *__rdx;
				E00007FF67FF600AF0528(_t510, __rdx,  *_t590);
				if (_t510 == 0xffffffff) goto 0xad14d0;
				 *((long long*)(_t590 + 8)) =  *((long long*)(_t590 + 8)) + 1;
				goto 0xad14d2;
				_a16 = 0;
				goto 0xad146a;
				_t513 =  !=  ? 0xd0c083c1 :  ~0xd0c083c1;
				_t599 =  !=  ? 0xd0c083c1 :  ~0xd0c083c1;
				if (r15b != 0) goto 0xad156b;
				_t515 =  *((intOrPtr*)(__rdx + 0x10)) - 1;
				 *((long long*)(__rdx + 0x10)) = _t515;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad1505;
				if (_t515 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1529;
				if (0 == 0) goto 0xad1529;
				if (0 == 0xff) goto 0xad1529;
				if (0 == 0xffffffff) goto 0xad1529;
				 *((long long*)( *__rdx + 8)) =  *((long long*)( *__rdx + 8)) - 1;
				E00007FF67FF600AF0658(0, 0, _t515, __rdx,  *((intOrPtr*)( *__rdx)));
				if (_t626 ==  *((intOrPtr*)(__rdx + 0x10))) goto 0xad153a;
				_t517 =  *((intOrPtr*)(__rdx + 0x18));
				 *_t517 = 0;
				goto 0xad0e49;
				_t518 = _t517 + 1;
				 *((long long*)(__rdx + 0x10)) = _t518;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad154e;
				if (_t518 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad1564;
				_t591 =  *__rdx;
				_t552 =  *_t591;
				E00007FF67FF600AF0528(_t518, __rdx, _t552);
				if (_t518 == 0xffffffff) goto 0xad1564;
				 *((long long*)(_t591 + 8)) =  *((long long*)(_t591 + 8)) + 1;
				goto 0xad1566;
				_a16 = 0;
				_t520 =  *((intOrPtr*)(__rdx + 0x10)) - 1;
				 *((long long*)(__rdx + 0x10)) = _t520;
				if ( *((long long*)(__rdx + 8)) == 0) goto 0xad1583;
				if (_t520 -  *((intOrPtr*)(__rdx + 8)) > 0) goto 0xad15a1;
				_t211 = _t552 + 1; // 0x1
				if (0 - 1 <= 0) goto 0xad15a1;
				if (0 == 0xffffffff) goto 0xad15a1;
				 *((long long*)( *__rdx + 8)) =  *((long long*)( *__rdx + 8)) - 1;
				E00007FF67FF600AF0658(0, 0, _t211, __rdx,  *((intOrPtr*)( *__rdx)));
				_t615 = _a24;
				_t572 = _t615 + 8;
				if (_t618 == _t572) goto 0xad1271;
				_t522 = _t618 - 1;
				if ( *_t522 != 0) goto 0xad15c4;
				if (_t522 != _t572) goto 0xad15b2;
				if (_t522 == _t572) goto 0xad1271;
				if (_t599 - 0x1450 > 0) goto 0xad161a;
				r10d = 0xffffebb0;
				if (_t309 - r10d < 0) goto 0xad1613;
				r8d = _a32 & 0x000000ff;
				asm("sbb ecx, ecx");
				if (_t599 + 1 * _v104 - 0x1450 > 0) goto 0xad161a;
				if (_t309 - r10d < 0) goto 0xad1613;
				r12d = r12d;
				 *_t615 = _t309;
				 *((intOrPtr*)(_t615 + 4)) = r12d;
				goto 0xad1641;
				 *0x8 =  *0x8 + r8d;
				 *(_t602 - 0x75) =  *(_t602 - 0x75) & 0;
				asm("lds ecx, [eax-0x73]");
				E00007FF67FF600AD4CF0(__rdx,  &_a16, __rdx, _t599 + 1 * _v104, _t613);
				goto 0xad1641;
				return E00007FF67FF600AD4320(__rdx,  &_a16, __rdx, _t599 + 1 * _v104, _t626);
			}











































































                                                0x7ff600ad0e04
                                                0x7ff600ad0e09
                                                0x7ff600ad0e21
                                                0x7ff600ad0e24
                                                0x7ff600ad0e30
                                                0x7ff600ad0e32
                                                0x7ff600ad0e37
                                                0x7ff600ad0e39
                                                0x7ff600ad0e3e
                                                0x7ff600ad0e44
                                                0x7ff600ad0e52
                                                0x7ff600ad0e55
                                                0x7ff600ad0e57
                                                0x7ff600ad0e5b
                                                0x7ff600ad0e5f
                                                0x7ff600ad0e61
                                                0x7ff600ad0e64
                                                0x7ff600ad0e68
                                                0x7ff600ad0e6e
                                                0x7ff600ad0e73
                                                0x7ff600ad0e78
                                                0x7ff600ad0e7b
                                                0x7ff600ad0e7d
                                                0x7ff600ad0e81
                                                0x7ff600ad0e8e
                                                0x7ff600ad0e92
                                                0x7ff600ad0e98
                                                0x7ff600ad0e9c
                                                0x7ff600ad0ea2
                                                0x7ff600ad0ea4
                                                0x7ff600ad0eaa
                                                0x7ff600ad0eb2
                                                0x7ff600ad0eb4
                                                0x7ff600ad0eb8
                                                0x7ff600ad0ec4
                                                0x7ff600ad0ec7
                                                0x7ff600ad0ece
                                                0x7ff600ad0ed3
                                                0x7ff600ad0edd
                                                0x7ff600ad0ee4
                                                0x7ff600ad0eeb
                                                0x7ff600ad0ef1
                                                0x7ff600ad0ef9
                                                0x7ff600ad0efd
                                                0x7ff600ad0f03
                                                0x7ff600ad0f05
                                                0x7ff600ad0f0b
                                                0x7ff600ad0f15
                                                0x7ff600ad0f17
                                                0x7ff600ad0f1b
                                                0x7ff600ad0f1f
                                                0x7ff600ad0f25
                                                0x7ff600ad0f2b
                                                0x7ff600ad0f37
                                                0x7ff600ad0f3d
                                                0x7ff600ad0f44
                                                0x7ff600ad0f4f
                                                0x7ff600ad0f53
                                                0x7ff600ad0f57
                                                0x7ff600ad0f5b
                                                0x7ff600ad0f61
                                                0x7ff600ad0f63
                                                0x7ff600ad0f6e
                                                0x7ff600ad0f74
                                                0x7ff600ad0f76
                                                0x7ff600ad0f80
                                                0x7ff600ad0f86
                                                0x7ff600ad0f89
                                                0x7ff600ad0f92
                                                0x7ff600ad0f96
                                                0x7ff600ad0f9c
                                                0x7ff600ad0f9e
                                                0x7ff600ad0fa1
                                                0x7ff600ad0fa4
                                                0x7ff600ad0fac
                                                0x7ff600ad0fae
                                                0x7ff600ad0fb2
                                                0x7ff600ad0fb8
                                                0x7ff600ad0fbb
                                                0x7ff600ad0fbf
                                                0x7ff600ad0fc4
                                                0x7ff600ad0fc9
                                                0x7ff600ad0fd0
                                                0x7ff600ad0fd8
                                                0x7ff600ad0fdc
                                                0x7ff600ad0fe2
                                                0x7ff600ad0fea
                                                0x7ff600ad0fec
                                                0x7ff600ad0ff6
                                                0x7ff600ad0ff8
                                                0x7ff600ad0fff
                                                0x7ff600ad1009
                                                0x7ff600ad100d
                                                0x7ff600ad1010
                                                0x7ff600ad1016
                                                0x7ff600ad1018
                                                0x7ff600ad101f
                                                0x7ff600ad1027
                                                0x7ff600ad102b
                                                0x7ff600ad1031
                                                0x7ff600ad1033
                                                0x7ff600ad1039
                                                0x7ff600ad1041
                                                0x7ff600ad1043
                                                0x7ff600ad1049
                                                0x7ff600ad104e
                                                0x7ff600ad1050
                                                0x7ff600ad1054
                                                0x7ff600ad105e
                                                0x7ff600ad1060
                                                0x7ff600ad1064
                                                0x7ff600ad1069
                                                0x7ff600ad1071
                                                0x7ff600ad1079
                                                0x7ff600ad1080
                                                0x7ff600ad1088
                                                0x7ff600ad108f
                                                0x7ff600ad1097
                                                0x7ff600ad109e
                                                0x7ff600ad10a0
                                                0x7ff600ad10a6
                                                0x7ff600ad10a8
                                                0x7ff600ad10ac
                                                0x7ff600ad10b3
                                                0x7ff600ad10b6
                                                0x7ff600ad10be
                                                0x7ff600ad10c2
                                                0x7ff600ad10c8
                                                0x7ff600ad10ca
                                                0x7ff600ad10d0
                                                0x7ff600ad10d8
                                                0x7ff600ad10da
                                                0x7ff600ad10de
                                                0x7ff600ad10e4
                                                0x7ff600ad10e7
                                                0x7ff600ad10ed
                                                0x7ff600ad1104
                                                0x7ff600ad110e
                                                0x7ff600ad1116
                                                0x7ff600ad111a
                                                0x7ff600ad1120
                                                0x7ff600ad1122
                                                0x7ff600ad1128
                                                0x7ff600ad1130
                                                0x7ff600ad1132
                                                0x7ff600ad1136
                                                0x7ff600ad1144
                                                0x7ff600ad114c
                                                0x7ff600ad1150
                                                0x7ff600ad1152
                                                0x7ff600ad1155
                                                0x7ff600ad115c
                                                0x7ff600ad1164
                                                0x7ff600ad1168
                                                0x7ff600ad116e
                                                0x7ff600ad1170
                                                0x7ff600ad1176
                                                0x7ff600ad1180
                                                0x7ff600ad1182
                                                0x7ff600ad1188
                                                0x7ff600ad118d
                                                0x7ff600ad118f
                                                0x7ff600ad1195
                                                0x7ff600ad11a1
                                                0x7ff600ad11a9
                                                0x7ff600ad11b0
                                                0x7ff600ad11b8
                                                0x7ff600ad11bf
                                                0x7ff600ad11c7
                                                0x7ff600ad11ce
                                                0x7ff600ad11d0
                                                0x7ff600ad11d6
                                                0x7ff600ad11d8
                                                0x7ff600ad11dc
                                                0x7ff600ad11e3
                                                0x7ff600ad11eb
                                                0x7ff600ad11ef
                                                0x7ff600ad11f5
                                                0x7ff600ad11f7
                                                0x7ff600ad11fd
                                                0x7ff600ad1205
                                                0x7ff600ad1207
                                                0x7ff600ad120b
                                                0x7ff600ad1211
                                                0x7ff600ad1216
                                                0x7ff600ad1220
                                                0x7ff600ad1224
                                                0x7ff600ad1227
                                                0x7ff600ad122e
                                                0x7ff600ad1233
                                                0x7ff600ad1238
                                                0x7ff600ad123c
                                                0x7ff600ad1241
                                                0x7ff600ad124c
                                                0x7ff600ad124e
                                                0x7ff600ad1255
                                                0x7ff600ad1261
                                                0x7ff600ad1267
                                                0x7ff600ad126b
                                                0x7ff600ad127a
                                                0x7ff600ad127d
                                                0x7ff600ad127e
                                                0x7ff600ad1289
                                                0x7ff600ad1293
                                                0x7ff600ad1298
                                                0x7ff600ad129a
                                                0x7ff600ad12a5
                                                0x7ff600ad12a7
                                                0x7ff600ad12b1
                                                0x7ff600ad12b6
                                                0x7ff600ad12ba
                                                0x7ff600ad12be
                                                0x7ff600ad12c2
                                                0x7ff600ad12c9
                                                0x7ff600ad12ce
                                                0x7ff600ad12d0
                                                0x7ff600ad12d6
                                                0x7ff600ad12e0
                                                0x7ff600ad12e2
                                                0x7ff600ad12e6
                                                0x7ff600ad12ef
                                                0x7ff600ad12f4
                                                0x7ff600ad12f9
                                                0x7ff600ad12fe
                                                0x7ff600ad1303
                                                0x7ff600ad130e
                                                0x7ff600ad1318
                                                0x7ff600ad131b
                                                0x7ff600ad1323
                                                0x7ff600ad1329
                                                0x7ff600ad132b
                                                0x7ff600ad1331
                                                0x7ff600ad1336
                                                0x7ff600ad133c
                                                0x7ff600ad133e
                                                0x7ff600ad1344
                                                0x7ff600ad1349
                                                0x7ff600ad134f
                                                0x7ff600ad1355
                                                0x7ff600ad1358
                                                0x7ff600ad1360
                                                0x7ff600ad1366
                                                0x7ff600ad1368
                                                0x7ff600ad136e
                                                0x7ff600ad1378
                                                0x7ff600ad137a
                                                0x7ff600ad137e
                                                0x7ff600ad1384
                                                0x7ff600ad1386
                                                0x7ff600ad138d
                                                0x7ff600ad1390
                                                0x7ff600ad1396
                                                0x7ff600ad1398
                                                0x7ff600ad139f
                                                0x7ff600ad13a2
                                                0x7ff600ad13aa
                                                0x7ff600ad13b0
                                                0x7ff600ad13b2
                                                0x7ff600ad13b8
                                                0x7ff600ad13c2
                                                0x7ff600ad13c4
                                                0x7ff600ad13ca
                                                0x7ff600ad13cf
                                                0x7ff600ad13d1
                                                0x7ff600ad13d7
                                                0x7ff600ad13df
                                                0x7ff600ad13e1
                                                0x7ff600ad13e5
                                                0x7ff600ad13e9
                                                0x7ff600ad13f0
                                                0x7ff600ad13f2
                                                0x7ff600ad13f6
                                                0x7ff600ad13fa
                                                0x7ff600ad1401
                                                0x7ff600ad1403
                                                0x7ff600ad1407
                                                0x7ff600ad140b
                                                0x7ff600ad140d
                                                0x7ff600ad1415
                                                0x7ff600ad141a
                                                0x7ff600ad141d
                                                0x7ff600ad1427
                                                0x7ff600ad142d
                                                0x7ff600ad1435
                                                0x7ff600ad1439
                                                0x7ff600ad143f
                                                0x7ff600ad1441
                                                0x7ff600ad1447
                                                0x7ff600ad144f
                                                0x7ff600ad1451
                                                0x7ff600ad1455
                                                0x7ff600ad145b
                                                0x7ff600ad1460
                                                0x7ff600ad147e
                                                0x7ff600ad1481
                                                0x7ff600ad1489
                                                0x7ff600ad1490
                                                0x7ff600ad1498
                                                0x7ff600ad14a0
                                                0x7ff600ad14a6
                                                0x7ff600ad14ae
                                                0x7ff600ad14b2
                                                0x7ff600ad14b8
                                                0x7ff600ad14ba
                                                0x7ff600ad14c0
                                                0x7ff600ad14c8
                                                0x7ff600ad14ca
                                                0x7ff600ad14ce
                                                0x7ff600ad14d4
                                                0x7ff600ad14d9
                                                0x7ff600ad14e3
                                                0x7ff600ad14e6
                                                0x7ff600ad14eb
                                                0x7ff600ad14f1
                                                0x7ff600ad14f9
                                                0x7ff600ad14fd
                                                0x7ff600ad1503
                                                0x7ff600ad1507
                                                0x7ff600ad150c
                                                0x7ff600ad1517
                                                0x7ff600ad1519
                                                0x7ff600ad1520
                                                0x7ff600ad152c
                                                0x7ff600ad152e
                                                0x7ff600ad1532
                                                0x7ff600ad1535
                                                0x7ff600ad153a
                                                0x7ff600ad1542
                                                0x7ff600ad1546
                                                0x7ff600ad154c
                                                0x7ff600ad154e
                                                0x7ff600ad1551
                                                0x7ff600ad1554
                                                0x7ff600ad155c
                                                0x7ff600ad155e
                                                0x7ff600ad1562
                                                0x7ff600ad1566
                                                0x7ff600ad156f
                                                0x7ff600ad1577
                                                0x7ff600ad157b
                                                0x7ff600ad1581
                                                0x7ff600ad1583
                                                0x7ff600ad1588
                                                0x7ff600ad1593
                                                0x7ff600ad1595
                                                0x7ff600ad159c
                                                0x7ff600ad15a1
                                                0x7ff600ad15a5
                                                0x7ff600ad15ac
                                                0x7ff600ad15b2
                                                0x7ff600ad15ba
                                                0x7ff600ad15c2
                                                0x7ff600ad15c7
                                                0x7ff600ad15d3
                                                0x7ff600ad15d5
                                                0x7ff600ad15de
                                                0x7ff600ad15e0
                                                0x7ff600ad15ea
                                                0x7ff600ad15fd
                                                0x7ff600ad1602
                                                0x7ff600ad1604
                                                0x7ff600ad1607
                                                0x7ff600ad160a
                                                0x7ff600ad1611
                                                0x7ff600ad161c
                                                0x7ff600ad1620
                                                0x7ff600ad1623
                                                0x7ff600ad162b
                                                0x7ff600ad1630
                                                0x7ff600ad1651

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2451718f17f30f22db8a715f47133bcc6913abc12a4c0ce031f33d3ee110230e
                                                • Instruction ID: 307a34fc8be61bcd8d3216ca199eaf558caa013bca4638be3d301a4c5e5d6f61
                                                • Opcode Fuzzy Hash: 2451718f17f30f22db8a715f47133bcc6913abc12a4c0ce031f33d3ee110230e
                                                • Instruction Fuzzy Hash: E8528463A08A85A5E7649E25C4403BC33A1EB05B58F684633DE6E877DFCF79E895C340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADA15C Relevance: .4, Instructions: 392COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 99%
                                                			E00007FF67FF600ADA15C(intOrPtr __ecx, long long __rbx, signed char* __rcx, void* __rdx, long long __rdi, long long __rsi, signed int* __r8, signed int __r10) {
				void* __rbp;
				signed long long __r12;
				void* __r13;
				signed int* __r14;
				void* _t179;
				signed long long _t180;
				signed long long _t181;
				void* _t195;
				void* _t203;
				void* _t204;
				void* _t205;
				void* _t207;

				if (__rcx == __rdx) goto 0xada6e9;
				_t179 = _t195;
				 *((long long*)(_t179 + 8)) = __rbx;
				 *((long long*)(_t179 + 0x10)) = __rsi;
				 *((long long*)(_t179 + 0x20)) = __rdi;
				_t180 =  *0xb2fde8; // 0xc4f55cf73642
				_t181 = _t180 ^ _t195 - 0x000003f0;
				 *(_t179 - 0x318 + 0x2e0) = _t181;
				r15d = 0;
				r13d = 0;
				if (r13d != 9) goto 0xada24e;
				r11d =  *__r8;
				if (r11d == 0) goto 0xada205;
				r8d = 0;
				r10d = 0;
				 *((intOrPtr*)(__r8 + 4 + __r10 * 4)) = __ecx;
				r10d = r10d + 1;
				if (r10d != r11d) goto 0xada1c3;
				if (r8d == 0) goto 0xada205;
				if ( *__r8 - 0x73 >= 0) goto 0xada201;
				 *(__r8 + 4 + _t181 * 4) = r8d;
				 *__r8 =  *__r8 + 1;
				goto 0xada205;
				 *__r8 =  *__r8 & 0x00000000;
				if (r15d == 0) goto 0xada248;
				if (_t181 == 0) goto 0xada230;
				__r8[1] = r15d;
				if (1 != _t181) goto 0xada213;
				if (r15d == 0) goto 0xada248;
				if (_t181 - 0x73 >= 0) goto 0xada244;
				 *(__r8 + 4 + _t181 * 4) = r15d;
				 *__r8 =  *__r8 + 1;
				goto 0xada248;
				 *__r8 =  *__r8 & 0x00000000;
				r15d = 0;
				r13d = 0;
				r13d = r13d + 1;
				r15d = _t181 + (_t181 * 0x3b9aca00 + _t181) * 2;
				if ( &(__rcx[1]) != __rdx) goto 0xada1ab;
				if (r13d == 0) goto 0xada6ba;
				return  *__rcx & 0x000000ff;
				asm("adc eax, 0xfff95d7d");
				__rax = __rax >> 3;
				 *(__rsp + 0x2c) = 0xcccccccd;
				r12d = __eax;
				 *(__rsp + 0x24) = 0xcccccccd;
				if (__rax == 0) goto 0xada603;
				__rcx = 0x26;
				__rax = __rsp;
				__rax =  >  ? 0x26 : __rsp;
				 *(__rsp + 0x28) = __rax;
				__rax = __rax - 1;
				__rdi = __rax;
				__rcx =  *(1 + 0xa2bd2 + __rax * 4) & 0x000000ff;
				__rsi =  *(__rdx + 0xa2bd3 + __rax * 4) & 0x000000ff;
				__rbx = __rcx;
				__rbx = __rcx << 2;
				__rdx = 0;
				__r8 = __rbx;
				__rax = __rsi + __rcx;
				__rcx = __rbp + 0x114;
				 *(__rbp + 0x110) = __rax;
				__eax = E00007FF67FF600AA7EF0(__eax, __edx, __rbp + 0x114, 0, __rbx);
				__rcx = 0x7ff600a70000;
				__rsi = __rsi << 2;
				__rax =  *(0x7ff600a70000 + 0xa2bd0 + __rdi * 4) & 0x0000ffff;
				__rdx = 0x7ff600b122c0;
				__rcx = __rbp + 0x114;
				__r8 = __rsi;
				__rcx = __rbp + 0x114 + __rbx;
				__rdx = 0x7ff600b122c0 + ( *(0x7ff600a70000 + 0xa2bd0 + __rdi * 4) & 0x0000ffff) * 4;
				E00007FF67FF600AA7840();
				r11d =  *(__rbp + 0x110);
				if (r11d - 1 > 0) goto 0xada39a;
				__rax =  *((intOrPtr*)(__rbp + 0x114));
				if (__rax != 0) goto 0xada32f;
				 *__r14 =  *__r14 & 0x00000000;
				goto 0xada5d9;
				if (__rax == 1) goto 0xada5d9;
				r10d =  *__r14;
				if (r10d == 0) goto 0xada5d9;
				r8d = 0;
				__r11 = __rax;
				r9d = 0;
				__ecx =  *((intOrPtr*)(__r14 + 4 + __r9 * 4));
				__eax = r8d;
				__rcx = (__rbp + 0x114 + __rbx) * __r11;
				__rcx = (__rbp + 0x114 + __rbx) * __r11 + __rax;
				__r8 = __rcx;
				__r8 = __rcx >> 0x20;
				r9d = r9d + 1;
				if (r9d != r10d) goto 0xada34d;
				if (r8d == 0) goto 0xada5d9;
				if ( *__r14 - 0x73 >= 0) goto 0xada38f;
				__eax =  *__r14;
				 *(__r14 + 4 + __rax * 4) = r8d;
				 *__r14 =  *__r14 + 1;
				goto 0xada5d9;
				 *__r14 =  *__r14 & 0x00000000;
				goto 0xada5db;
				__r9 =  &(__r14[1]);
				if ( *__r14 - 1 > 0) goto 0xada44f;
				__r11 = __r11 << 2;
				 *__r14 = r11d;
				if (__r11 << 2 == 0) goto 0xada401;
				if ( &(__r14[1]) != 0) goto 0xada3cc;
				__eax = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x16;
				goto 0xada3fc;
				__rax = 0x1cc;
				if (0x1cc - 0x1cc > 0) goto 0xada3e7;
				__rdx = __rbp + 0x114;
				E00007FF67FF600AA7840();
				goto 0xada401;
				__r8 = 0x1cc;
				__rdx = 0;
				__eax = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x22;
				__eax = E00007FF67FF600ACE12C();
				if (__rbx == 0) goto 0xada326;
				if (__rbx == 1) goto 0xada5d9;
				r10d =  *__r14;
				if (r10d == 0) goto 0xada5d9;
				r8d = 0;
				__r11 = __rbx;
				r9d = 0;
				__ecx =  *((intOrPtr*)(__r14 + 4 + __r9 * 4));
				__eax = r8d;
				__rcx = __rcx * __rbx;
				__rcx = __rcx + __rax;
				__r8 = __rcx;
				__r8 = __rcx >> 0x20;
				r9d = r9d + 1;
				if (r9d != r10d) goto 0xada427;
				goto 0xada370;
				__rdx = __rbp + 0x114;
				__rcx = __rbp + 0x114;
				__edi =  <  ? r11d :  *__r14;
				__rdx =  >=  ? __r9 : __rbp + 0x114;
				__rcx =  <  ? __r9 : __rbp + 0x114;
				 *(__rsp + 0x38) = __rdx;
				__eax = r8d & 0xffffff00 | r11d -  *__r14 > 0x00000000;
				 *(__rsp + 0x30) = __rcx;
				 *(__rsp + 0x20) = __rdi;
				r11d =  !=  ?  *__r14 : r11d;
				__rax = 0;
				r10d = 0;
				 *((long long*)(__rsp + 0x40)) = 0;
				if (__rdi == 0) goto 0xada585;
				r12d =  *(__rdx + __r10 * 4);
				if (r12d != 0) goto 0xada4bb;
				if (r10d != (r8d & 0xffffff00 | r11d -  *__r14 > 0x00000000)) goto 0xada574;
				 *(__rsp + 0x44 + __r10 * 4) =  *(__rsp + 0x44 + __r10 * 4) & r12d;
				_t83 = __r10 + 1; // 0x1
				__eax = _t83;
				 *((long long*)(__rsp + 0x40)) = 0;
				goto 0xada574;
				__rbx = 0;
				r8d = r10d;
				if (r11d == 0) goto 0xada565;
				__rdi =  ~__rdi;
				if (r8d == 0x73) goto 0xada520;
				if (r8d != _t83) goto 0xada4e9;
				 *(__rsp + 0x44 + __rsi * 4) =  *(__rsp + 0x44 + __rsi * 4) & 0x00000000;
				_t91 = __r8 + 1; // 0x1
				__eax = _t91;
				 *((long long*)(__rsp + 0x40)) = 0;
				__rax =  *(__rsp + 0x30);
				__ecx = __rdi + __r8;
				r8d = r8d + 1;
				__rdx =  *( *(__rsp + 0x30) + __rcx * 4);
				__rax =  *(__rsp + 0x44 + __rsi * 4);
				 *( *(__rsp + 0x30) + __rcx * 4) * __r12 =  *( *(__rsp + 0x30) + __rcx * 4) * __r12 +  *(__rsp + 0x44 + __rsi * 4);
				__rax = 0;
				__rdx =  *( *(__rsp + 0x30) + __rcx * 4) * __r12 +  *(__rsp + 0x44 + __rsi * 4);
				__eax = __rdi + __r8;
				__rbx = __rdx;
				 *(__rsp + 0x44 + __rsi * 4) = __rdx;
				__rbx = __rdx >> 0x20;
				__rax =  *((intOrPtr*)(__rsp + 0x40));
				if (__eax != r11d) goto 0xada4ce;
				if (__rbx == 0) goto 0xada561;
				if (r8d == 0x73) goto 0xada66d;
				__edx = r8d;
				if (r8d != __eax) goto 0xada543;
				 *(__rsp + 0x44 + __rdx * 4) =  *(__rsp + 0x44 + __rdx * 4) & 0x00000000;
				_t111 = __r8 + 1; // 0x1
				__eax = _t111;
				__rax =  *(__rsp + 0x44 + __rdx * 4);
				r8d = r8d + 1;
				__rcx = __rbx;
				__rcx = __rbx +  *(__rsp + 0x44 + __rdx * 4);
				 *(__rsp + 0x44 + __rdx * 4) = __rcx;
				__rax =  *((intOrPtr*)(__rsp + 0x40));
				__rcx = __rcx >> 0x20;
				__rbx = __rcx;
				if (__rcx != 0) goto 0xada524;
				__rdi =  *(__rsp + 0x20);
				if (r8d == 0x73) goto 0xada66d;
				__rdx =  *(__rsp + 0x38);
				r10d = r10d + 1;
				if (r10d != r10d) goto 0xada497;
				r12d =  *(__rsp + 0x24);
				r8d = __eax;
				__r8 = __r8 << 2;
				 *__r14 = __eax;
				if (__r8 == 0) goto 0xada5d9;
				if (__r9 != 0) goto 0xada5a6;
				__eax = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x16;
				goto 0xada5d4;
				__rax = 0x1cc;
				if (0x1cc - 0x1cc > 0) goto 0xada5bf;
				__rdx = __rsp + 0x44;
				E00007FF67FF600AA7840();
				goto 0xada5d9;
				__r8 = 0x1cc;
				__rdx = 0;
				__eax = E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x22;
				__eax = E00007FF67FF600ACE12C();
				if (1 == 0) goto 0xada66d;
				r12d = r12d -  *(__rsp + 0x28);
				__rdx = 0x7ff600a70000;
				 *(__rsp + 0x24) = r12d;
				__rcx = 0x26;
				asm("invalid");
				__rax =  *(__rsp + 0x2c);
				__rax =  *(__rsp + 0x2c) +  *(__rsp + 0x2c) * 4;
				__rax =  *(__rsp + 0x2c) +  *(__rsp + 0x2c) * 4 + __rax;
				r13d = r13d - __eax;
				if (1 == 0) goto 0xada671;
				_t130 = __r13 - 1; // 0x0
				__eax = _t130;
				__rax =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + __rax * 4));
				if (__rax == 0) goto 0xada66d;
				if (__rax == 1) goto 0xada671;
				r10d =  *__r14;
				if (r10d == 0) goto 0xada671;
				r8d = 0;
				r11d = _t130;
				r9d = 0;
				__ecx =  *((intOrPtr*)(__r14 + 4 + __r9 * 4));
				__eax = r8d;
				0x26 * __r11 = 0x26 * __r11 + __rax;
				__r8 = 0x26 * __r11 + __rax;
				 *((intOrPtr*)(__r14 + 4 + __r9 * 4)) = __ecx;
				__r8 = 0x26 * __r11 + __rax >> 0x20;
				r9d = r9d + 1;
				if (r9d != r10d) goto 0xada632;
				if (r8d == 0) goto 0xada671;
				if ( *__r14 - 0x73 >= 0) goto 0xada66d;
				__eax =  *__r14;
				 *(__r14 + 4 + __rax * 4) = r8d;
				 *__r14 =  *__r14 + 1;
				goto 0xada671;
				 *__r14 =  *__r14 & 0x00000000;
				if (r15d == 0) goto 0xada6ba;
				__eax =  *__r14;
				r8d = 0;
				if (__rax == 0) goto 0xada6a2;
				__edx =  *(__r14 + 4 + __r8 * 4);
				__eax = r15d;
				__rdx = 0x7ff600a70000 + __rax;
				 *(__r14 + 4 + __r8 * 4) = __edx;
				r8d = r8d + 1;
				__eax =  *__r14;
				__rdx = 0x7ff600a70000 + __rax >> 0x20;
				r15d = __edx;
				if (r8d != __eax) goto 0xada680;
				if (r15d == 0) goto 0xada6ba;
				if (__rax - 0x73 >= 0) goto 0xada6b6;
				 *(__r14 + 4 + __rax * 4) = r15d;
				 *__r14 =  *__r14 + 1;
				goto 0xada6ba;
				 *__r14 =  *__r14 & 0x00000000;
				__rcx =  *(__rbp + 0x2e0);
				__rcx =  *(__rbp + 0x2e0) ^ __rsp;
				__eax = E00007FF67FF600AA5980(__eax, __ecx,  *(__rbp + 0x2e0) ^ __rsp);
				__r11 = __rsp + 0x3f0;
				__rbx =  *((intOrPtr*)(__r11 + 0x30));
				__rsi =  *((intOrPtr*)(__r11 + 0x38));
				__rdi =  *((intOrPtr*)(__r11 + 0x48));
				__rsp = __r11;
				__r14 = _t207;
				__r13 = _t205;
				__r12 = _t204;
				__rbp = _t203;
				return __eax;
			}















                                                0x7ff600ada15f
                                                0x7ff600ada165
                                                0x7ff600ada168
                                                0x7ff600ada16c
                                                0x7ff600ada170
                                                0x7ff600ada18b
                                                0x7ff600ada192
                                                0x7ff600ada195
                                                0x7ff600ada19c
                                                0x7ff600ada1a2
                                                0x7ff600ada1af
                                                0x7ff600ada1b5
                                                0x7ff600ada1bb
                                                0x7ff600ada1bd
                                                0x7ff600ada1c0
                                                0x7ff600ada1d8
                                                0x7ff600ada1e1
                                                0x7ff600ada1e7
                                                0x7ff600ada1ec
                                                0x7ff600ada1f2
                                                0x7ff600ada1f7
                                                0x7ff600ada1fc
                                                0x7ff600ada1ff
                                                0x7ff600ada201
                                                0x7ff600ada208
                                                0x7ff600ada211
                                                0x7ff600ada21e
                                                0x7ff600ada22e
                                                0x7ff600ada233
                                                0x7ff600ada238
                                                0x7ff600ada23a
                                                0x7ff600ada23f
                                                0x7ff600ada242
                                                0x7ff600ada244
                                                0x7ff600ada248
                                                0x7ff600ada24b
                                                0x7ff600ada256
                                                0x7ff600ada25c
                                                0x7ff600ada263
                                                0x7ff600ada26c
                                                0x7ff600ada27b
                                                0x7ff600ada27e
                                                0x7ff600ada283
                                                0x7ff600ada286
                                                0x7ff600ada28a
                                                0x7ff600ada28d
                                                0x7ff600ada293
                                                0x7ff600ada299
                                                0x7ff600ada2a2
                                                0x7ff600ada2a4
                                                0x7ff600ada2a7
                                                0x7ff600ada2ab
                                                0x7ff600ada2ad
                                                0x7ff600ada2af
                                                0x7ff600ada2b7
                                                0x7ff600ada2bf
                                                0x7ff600ada2c1
                                                0x7ff600ada2c5
                                                0x7ff600ada2c7
                                                0x7ff600ada2ca
                                                0x7ff600ada2cd
                                                0x7ff600ada2d4
                                                0x7ff600ada2da
                                                0x7ff600ada2df
                                                0x7ff600ada2e6
                                                0x7ff600ada2ea
                                                0x7ff600ada2f2
                                                0x7ff600ada2f9
                                                0x7ff600ada300
                                                0x7ff600ada303
                                                0x7ff600ada306
                                                0x7ff600ada30a
                                                0x7ff600ada30f
                                                0x7ff600ada31a
                                                0x7ff600ada31c
                                                0x7ff600ada324
                                                0x7ff600ada326
                                                0x7ff600ada32a
                                                0x7ff600ada332
                                                0x7ff600ada338
                                                0x7ff600ada33e
                                                0x7ff600ada344
                                                0x7ff600ada347
                                                0x7ff600ada34a
                                                0x7ff600ada34d
                                                0x7ff600ada352
                                                0x7ff600ada355
                                                0x7ff600ada359
                                                0x7ff600ada35c
                                                0x7ff600ada364
                                                0x7ff600ada368
                                                0x7ff600ada36e
                                                0x7ff600ada373
                                                0x7ff600ada37d
                                                0x7ff600ada37f
                                                0x7ff600ada382
                                                0x7ff600ada387
                                                0x7ff600ada38a
                                                0x7ff600ada38f
                                                0x7ff600ada395
                                                0x7ff600ada39e
                                                0x7ff600ada3a2
                                                0x7ff600ada3ae
                                                0x7ff600ada3b2
                                                0x7ff600ada3b8
                                                0x7ff600ada3bd
                                                0x7ff600ada3bf
                                                0x7ff600ada3c4
                                                0x7ff600ada3ca
                                                0x7ff600ada3cc
                                                0x7ff600ada3d7
                                                0x7ff600ada3d9
                                                0x7ff600ada3e0
                                                0x7ff600ada3e5
                                                0x7ff600ada3e7
                                                0x7ff600ada3ea
                                                0x7ff600ada3f1
                                                0x7ff600ada3f6
                                                0x7ff600ada3fc
                                                0x7ff600ada403
                                                0x7ff600ada40c
                                                0x7ff600ada412
                                                0x7ff600ada418
                                                0x7ff600ada41e
                                                0x7ff600ada421
                                                0x7ff600ada424
                                                0x7ff600ada427
                                                0x7ff600ada42c
                                                0x7ff600ada42f
                                                0x7ff600ada433
                                                0x7ff600ada436
                                                0x7ff600ada43e
                                                0x7ff600ada442
                                                0x7ff600ada448
                                                0x7ff600ada44a
                                                0x7ff600ada452
                                                0x7ff600ada45c
                                                0x7ff600ada463
                                                0x7ff600ada467
                                                0x7ff600ada46b
                                                0x7ff600ada46f
                                                0x7ff600ada474
                                                0x7ff600ada477
                                                0x7ff600ada47e
                                                0x7ff600ada482
                                                0x7ff600ada486
                                                0x7ff600ada488
                                                0x7ff600ada48b
                                                0x7ff600ada491
                                                0x7ff600ada497
                                                0x7ff600ada49e
                                                0x7ff600ada4a3
                                                0x7ff600ada4a9
                                                0x7ff600ada4ae
                                                0x7ff600ada4ae
                                                0x7ff600ada4b2
                                                0x7ff600ada4b6
                                                0x7ff600ada4bb
                                                0x7ff600ada4bd
                                                0x7ff600ada4c3
                                                0x7ff600ada4cc
                                                0x7ff600ada4d2
                                                0x7ff600ada4da
                                                0x7ff600ada4dc
                                                0x7ff600ada4e1
                                                0x7ff600ada4e1
                                                0x7ff600ada4e5
                                                0x7ff600ada4e9
                                                0x7ff600ada4ee
                                                0x7ff600ada4f2
                                                0x7ff600ada4f5
                                                0x7ff600ada4f8
                                                0x7ff600ada500
                                                0x7ff600ada503
                                                0x7ff600ada505
                                                0x7ff600ada508
                                                0x7ff600ada50c
                                                0x7ff600ada50f
                                                0x7ff600ada513
                                                0x7ff600ada51a
                                                0x7ff600ada51e
                                                0x7ff600ada522
                                                0x7ff600ada528
                                                0x7ff600ada52e
                                                0x7ff600ada534
                                                0x7ff600ada536
                                                0x7ff600ada53b
                                                0x7ff600ada53b
                                                0x7ff600ada543
                                                0x7ff600ada547
                                                0x7ff600ada54a
                                                0x7ff600ada54c
                                                0x7ff600ada54f
                                                0x7ff600ada553
                                                0x7ff600ada557
                                                0x7ff600ada55b
                                                0x7ff600ada55f
                                                0x7ff600ada561
                                                0x7ff600ada569
                                                0x7ff600ada56f
                                                0x7ff600ada574
                                                0x7ff600ada57a
                                                0x7ff600ada580
                                                0x7ff600ada585
                                                0x7ff600ada588
                                                0x7ff600ada58c
                                                0x7ff600ada592
                                                0x7ff600ada597
                                                0x7ff600ada599
                                                0x7ff600ada59e
                                                0x7ff600ada5a4
                                                0x7ff600ada5a6
                                                0x7ff600ada5b1
                                                0x7ff600ada5b3
                                                0x7ff600ada5b8
                                                0x7ff600ada5bd
                                                0x7ff600ada5bf
                                                0x7ff600ada5c2
                                                0x7ff600ada5c9
                                                0x7ff600ada5ce
                                                0x7ff600ada5d4
                                                0x7ff600ada5dd
                                                0x7ff600ada5e3
                                                0x7ff600ada5e8
                                                0x7ff600ada5ef
                                                0x7ff600ada5f4
                                                0x7ff600ada5fd
                                                0x7ff600ada5ff
                                                0x7ff600ada603
                                                0x7ff600ada606
                                                0x7ff600ada608
                                                0x7ff600ada60b
                                                0x7ff600ada60d
                                                0x7ff600ada60d
                                                0x7ff600ada611
                                                0x7ff600ada61a
                                                0x7ff600ada61f
                                                0x7ff600ada621
                                                0x7ff600ada627
                                                0x7ff600ada629
                                                0x7ff600ada62c
                                                0x7ff600ada62f
                                                0x7ff600ada632
                                                0x7ff600ada637
                                                0x7ff600ada63e
                                                0x7ff600ada641
                                                0x7ff600ada644
                                                0x7ff600ada649
                                                0x7ff600ada64d
                                                0x7ff600ada653
                                                0x7ff600ada658
                                                0x7ff600ada65e
                                                0x7ff600ada660
                                                0x7ff600ada663
                                                0x7ff600ada668
                                                0x7ff600ada66b
                                                0x7ff600ada66d
                                                0x7ff600ada674
                                                0x7ff600ada676
                                                0x7ff600ada679
                                                0x7ff600ada67e
                                                0x7ff600ada680
                                                0x7ff600ada685
                                                0x7ff600ada688
                                                0x7ff600ada68b
                                                0x7ff600ada690
                                                0x7ff600ada693
                                                0x7ff600ada696
                                                0x7ff600ada69a
                                                0x7ff600ada6a0
                                                0x7ff600ada6a5
                                                0x7ff600ada6aa
                                                0x7ff600ada6ac
                                                0x7ff600ada6b1
                                                0x7ff600ada6b4
                                                0x7ff600ada6b6
                                                0x7ff600ada6ba
                                                0x7ff600ada6c1
                                                0x7ff600ada6c4
                                                0x7ff600ada6c9
                                                0x7ff600ada6d1
                                                0x7ff600ada6d5
                                                0x7ff600ada6d9
                                                0x7ff600ada6dd
                                                0x7ff600ada6e2
                                                0x7ff600ada6e4
                                                0x7ff600ada6e6
                                                0x7ff600ada6e8
                                                0x7ff600ada6e9

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 80a915293be093fa54a2fe660c0a805f6e97b1b22e87103f3a2124bc1590071c
                                                • Instruction ID: 8aef78c24644302bfa3e93b384738e19024d63efe58ddd9f5d1fe052205c9733
                                                • Opcode Fuzzy Hash: 80a915293be093fa54a2fe660c0a805f6e97b1b22e87103f3a2124bc1590071c
                                                • Instruction Fuzzy Hash: 30F1D273A182429BEB65CE15D5486B933A1FB64744F259136DE0BC378AEF3DE901CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADE000 Relevance: .4, Instructions: 367COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 80%
                                                			E00007FF67FF600ADE000(unsigned long long __edx, long long __rbx, void* __rcx) {
				void* __rsi;
				unsigned long long _t124;
				void* _t126;
				signed int _t137;
				signed int _t143;
				void* _t144;
				signed int _t145;
				signed int _t150;
				signed int _t154;
				signed long long _t191;
				unsigned long long _t195;
				signed long long _t199;
				intOrPtr* _t207;
				intOrPtr* _t209;
				signed long long _t210;
				signed long long _t215;
				signed long long _t222;
				signed long long _t225;
				unsigned long long _t235;
				signed long long _t246;
				intOrPtr* _t251;
				signed long long _t262;
				signed long long _t266;
				signed long long _t267;
				signed long long _t268;
				void* _t271;
				void* _t273;
				signed long long _t274;
				signed long long _t289;
				signed long long _t293;
				void* _t302;
				signed int* _t304;
				void* _t306;
				signed int* _t307;

				 *((long long*)(_t273 + 0x18)) = __rbx;
				_push(_t302);
				_push(_t304);
				_t271 = _t273 - 0x4c0;
				_t274 = _t273 - 0x5c0;
				_t191 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t271 + 0x4b0) = _t191 ^ _t274;
				r8d = __edx;
				 *(_t274 + 0x2c) = _t235;
				asm("loop 0x4e");
				_t195 = _t235 >> 3;
				 *(_t274 + 0x28) = _t195;
				r15d = _t124;
				 *(_t274 + 0x20) = _t195;
				if (_t195 == 0) goto 0xade458;
				 *0x26 =  *0x26 + _t124;
				 *0x26 =  *0x26 + _t124;
				r13d = r15d;
				r13d =  >  ? _t124 : r13d;
				 *(_t274 + 0x24) = r13d;
				_t215 =  *0x210FC3200B12C6A & 0x000000ff;
				_t266 =  *0x210FC3200B12C6B & 0x000000ff;
				_t209 = _t215 * 4;
				 *(_t271 + 0x2e0) = _t266 + _t215;
				_t126 = E00007FF67FF600AA7EF0(_t302 - 1, __edx, _t271 + 0x2e4, 0, _t209);
				_t267 = _t266 << 2;
				E00007FF67FF600AA7840();
				if ( *(_t271 + 0x2e0) - 1 > 0) goto 0xade1bc;
				_t199 =  *(_t271 + 0x2e4);
				if (_t199 != 0) goto 0xade124;
				 *(_t271 + 0x110) = r12d;
				r9d = 0;
				 *_t304 = r12d;
				_t145 = _t144 + bpl;
				 *_t209 =  *_t209 + _t126;
				 *_t199 =  *_t199 + _t126;
				if (_t199 == 1) goto 0xade424;
				r10d =  *_t304;
				if (r10d == 0) goto 0xade424;
				r8d = r12d;
				r9d = r12d;
				_t210 = _t199;
				asm("o16 nop [eax+eax]");
				r9d = r9d + 1;
				_t222 =  &(( &(_t304[1]))[_t199]);
				 *_t222 = 0x1cc * _t210 + _t199;
				if (r9d != r10d) goto 0xade150;
				if (r8d == 0) goto 0xade424;
				if (_t199 - 0x73 >= 0) goto 0xade194;
				 *(_t304 + 4 + _t199 * 4) = r8d;
				 *_t304 =  *_t304 + 1;
				goto 0xade424;
				r9d = 0;
				 *(_t271 + 0x2e0) = r12d;
				 *_t304 = r12d;
				dil = 0x3d;
				 *_t199 =  *_t199 +  *_t304;
				goto 0xade426;
				_t307 =  &(_t304[1]);
				if (_t267 - 1 > 0) goto 0xade2b4;
				_t143 =  *_t307;
				 *_t304 = _t145;
				_t293 = _t222 << 2;
				 *((intOrPtr*)(_t271 + 0x452d75db)) =  *((intOrPtr*)(_t271 + 0x452d75db));
				 *(_t271 + 0x2e0) = r12d;
				 *_t304 = r12d;
				_t246 = _t306;
				if (_t199 - 0x8b440000 < 0) goto 0xade23a;
				 *(_t199 + 0x208e901) =  *(_t199 + 0x208e901) & sil;
				 *_t199 =  *_t199;
				if (_t210 == 1) goto 0xade212;
				r10d =  *_t304;
				if (r10d == 0) goto 0xade212;
				r8d = r12d;
				r9d = r12d;
				r9d = r9d + 1;
				_t225 =  &(_t307[_t199]);
				 *_t225 = _t246 * _t210 + _t199;
				if (r9d != r10d) goto 0xade240;
				if (r8d == 0) goto 0xade212;
				if (_t199 - 0x73 >= 0) goto 0xade287;
				r15d =  *(_t274 + 0x20);
				 *(_t304 + 4 + _t199 * 4) = r8d;
				 *_t304 =  *_t304 + 1;
				goto 0xade426;
				r9d = 0;
				 *(_t271 + 0x2e0) = r12d;
				 *_t304 = r12d;
				asm("les edi, [eax+eax]");
				 *((intOrPtr*)(_t210 + 0x7c + _t225 * 4)) =  *((intOrPtr*)(_t210 + 0x7c + _t225 * 4)) + 1;
				goto 0xade426;
				_t251 =  >=  ? _t307 : _t271 + 0x2e4;
				_t137 = 0 | _t225 - _t267 > 0x00000000;
				 *((long long*)(_t274 + 0x30)) = _t251;
				if (0 == 0) goto 0xade2d5;
				r13d = _t145;
				goto 0xade2e1;
				r13d =  *_t304;
				_t268 = _t225;
				 *(_t271 + 0x110) = 0;
				if (r13d == 0) goto 0xade3f9;
				_t262 =  *_t251;
				if (_t262 != 0) goto 0xade318;
				if (0 != 0) goto 0xade3ee;
				 *(_t271 + 0x114) = _t262;
				 *(_t271 + 0x110) = 1;
				goto 0xade3ee;
				r10d = 0;
				if (_t268 == 0) goto 0xade3e0;
				r11d = _t143;
				r11d =  ~r11d;
				if (0 == 0x73) goto 0xade38d;
				r9d = _t137;
				if (0 != 1) goto 0xade351;
				 *(_t271 + 0x114 + _t293 * 4) = 0;
				 *(_t271 + 0x110) = 1;
				r8d =  *(_t271 + 0x2e8);
				_t289 = (_t271 + 0x2e4) * _t262 + 2;
				 *(_t271 + 0x114 + _t293 * 4) = r8d;
				if (1 != _t268) goto 0xade330;
				if (r10d == 0) goto 0xade3e0;
				if (1 == 0x73) goto 0xade4bf;
				r8d = _t137;
				if (1 !=  *(_t271 + 0x110)) goto 0xade3b7;
				 *(_t271 + 0x114 + _t289 * 4) = 0;
				 *(_t271 + 0x110) = 2;
				_t154 =  *(_t271 + 0x114 + _t289 * 4);
				_t150 = r10d;
				 *(_t271 + 0x114 + _t289 * 4) = _t154;
				r10d = _t154;
				if (_t251 + 2 >> 0x20 != 0) goto 0xade392;
				if (1 == 0x73) goto 0xade4bf;
				if (_t143 != r13d) goto 0xade2f4;
				r9d = _t150;
				 *_t304 = _t150;
				E00007FF67FF600AE1F6C(2, 1, _t307, 0x1cc, _t268, _t271 + 0x114, _t293);
				r15d =  *(_t274 + 0x20);
				r12d = 0;
				r13d =  *(_t274 + 0x24);
				if (1 == 0) goto 0xade4f0;
				r15d = r15d - r13d;
				 *(_t274 + 0x20) = r15d;
				asm("invalid");
				_t204 =  *(_t274 + 0x28);
				r8d =  *(_t274 + 0x2c);
				r8d = r8d - 1;
				if (1 == 0) goto 0xade493;
				_t207 =  *((intOrPtr*)(0x7ff600a70000 + 0xa2c68 + ( *(_t274 + 0x28) + _t204 * 4 +  *(_t274 + 0x28) + _t204 * 4) * 4));
				if (_t207 != 0) goto 0xade512;
				 *(_t274 + 0x40) = r12d;
				r9d = 0;
				 *_t304 = r12d;
				 *((intOrPtr*)(_t207 - 0x7274b7ff)) =  *((intOrPtr*)(_t207 - 0x7274b7ff)) + sil;
				 *_t207 =  *_t207 + 4;
				return E00007FF67FF600AA5980(4, _t150,  &(_t304[1]) ^ _t274);
			}





































                                                0x7ff600ade000
                                                0x7ff600ade00a
                                                0x7ff600ade00c
                                                0x7ff600ade010
                                                0x7ff600ade018
                                                0x7ff600ade01f
                                                0x7ff600ade029
                                                0x7ff600ade030
                                                0x7ff600ade033
                                                0x7ff600ade040
                                                0x7ff600ade04d
                                                0x7ff600ade050
                                                0x7ff600ade054
                                                0x7ff600ade057
                                                0x7ff600ade05d
                                                0x7ff600ade06c
                                                0x7ff600ade06e
                                                0x7ff600ade074
                                                0x7ff600ade077
                                                0x7ff600ade07b
                                                0x7ff600ade091
                                                0x7ff600ade095
                                                0x7ff600ade099
                                                0x7ff600ade0ae
                                                0x7ff600ade0b4
                                                0x7ff600ade0ca
                                                0x7ff600ade0df
                                                0x7ff600ade0ed
                                                0x7ff600ade0f3
                                                0x7ff600ade0fb
                                                0x7ff600ade101
                                                0x7ff600ade108
                                                0x7ff600ade10b
                                                0x7ff600ade11e
                                                0x7ff600ade120
                                                0x7ff600ade122
                                                0x7ff600ade127
                                                0x7ff600ade12d
                                                0x7ff600ade133
                                                0x7ff600ade13d
                                                0x7ff600ade140
                                                0x7ff600ade143
                                                0x7ff600ade146
                                                0x7ff600ade153
                                                0x7ff600ade15a
                                                0x7ff600ade16b
                                                0x7ff600ade174
                                                0x7ff600ade179
                                                0x7ff600ade185
                                                0x7ff600ade187
                                                0x7ff600ade18c
                                                0x7ff600ade18f
                                                0x7ff600ade194
                                                0x7ff600ade197
                                                0x7ff600ade1a5
                                                0x7ff600ade1b1
                                                0x7ff600ade1b3
                                                0x7ff600ade1b7
                                                0x7ff600ade1bf
                                                0x7ff600ade1c6
                                                0x7ff600ade1cc
                                                0x7ff600ade1d9
                                                0x7ff600ade1dc
                                                0x7ff600ade1ec
                                                0x7ff600ade1f4
                                                0x7ff600ade202
                                                0x7ff600ade20e
                                                0x7ff600ade214
                                                0x7ff600ade216
                                                0x7ff600ade21c
                                                0x7ff600ade221
                                                0x7ff600ade223
                                                0x7ff600ade229
                                                0x7ff600ade22b
                                                0x7ff600ade22e
                                                0x7ff600ade243
                                                0x7ff600ade24a
                                                0x7ff600ade25b
                                                0x7ff600ade264
                                                0x7ff600ade269
                                                0x7ff600ade271
                                                0x7ff600ade273
                                                0x7ff600ade278
                                                0x7ff600ade27f
                                                0x7ff600ade282
                                                0x7ff600ade287
                                                0x7ff600ade28a
                                                0x7ff600ade298
                                                0x7ff600ade2a4
                                                0x7ff600ade2a7
                                                0x7ff600ade2af
                                                0x7ff600ade2bd
                                                0x7ff600ade2c1
                                                0x7ff600ade2c4
                                                0x7ff600ade2cb
                                                0x7ff600ade2d0
                                                0x7ff600ade2d3
                                                0x7ff600ade2d5
                                                0x7ff600ade2df
                                                0x7ff600ade2e5
                                                0x7ff600ade2ee
                                                0x7ff600ade2f4
                                                0x7ff600ade2f9
                                                0x7ff600ade2fd
                                                0x7ff600ade306
                                                0x7ff600ade30d
                                                0x7ff600ade313
                                                0x7ff600ade318
                                                0x7ff600ade31f
                                                0x7ff600ade325
                                                0x7ff600ade328
                                                0x7ff600ade333
                                                0x7ff600ade335
                                                0x7ff600ade33a
                                                0x7ff600ade33f
                                                0x7ff600ade34b
                                                0x7ff600ade357
                                                0x7ff600ade36d
                                                0x7ff600ade377
                                                0x7ff600ade38b
                                                0x7ff600ade390
                                                0x7ff600ade395
                                                0x7ff600ade39b
                                                0x7ff600ade3a0
                                                0x7ff600ade3a5
                                                0x7ff600ade3b1
                                                0x7ff600ade3b7
                                                0x7ff600ade3c1
                                                0x7ff600ade3c7
                                                0x7ff600ade3d9
                                                0x7ff600ade3de
                                                0x7ff600ade3e3
                                                0x7ff600ade3f3
                                                0x7ff600ade3f9
                                                0x7ff600ade403
                                                0x7ff600ade412
                                                0x7ff600ade417
                                                0x7ff600ade41c
                                                0x7ff600ade41f
                                                0x7ff600ade428
                                                0x7ff600ade42e
                                                0x7ff600ade438
                                                0x7ff600ade446
                                                0x7ff600ade448
                                                0x7ff600ade453
                                                0x7ff600ade45d
                                                0x7ff600ade460
                                                0x7ff600ade466
                                                0x7ff600ade46f
                                                0x7ff600ade479
                                                0x7ff600ade47e
                                                0x7ff600ade481
                                                0x7ff600ade492
                                                0x7ff600ade49a
                                                0x7ff600ade4be

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d6580da32cbc64af542c26c9f8ad20c4ac425c6dd8262426632dd4f2d452cc4f
                                                • Instruction ID: 297850b3fdc45d63742e6c8b4d8e71c58a39913965a2a9292458c4efa7a0d5b0
                                                • Opcode Fuzzy Hash: d6580da32cbc64af542c26c9f8ad20c4ac425c6dd8262426632dd4f2d452cc4f
                                                • Instruction Fuzzy Hash: A7E1C5776082829AE724DF15D444AF937A4FB49B88F605136DF4E8BB89DF39D901CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AE528C Relevance: .4, Instructions: 357COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00007FF67FF600AE528C(void* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t10;
				void* _t12;
				signed long long _t15;
				void* _t26;
				void* _t27;
				signed long long _t28;

				_t26 = _t27 - 0x168;
				_t28 = _t27 - 0x268;
				_t15 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t26 + 0x150) = _t15 ^ _t28;
				r15d = 0;
				 *((long long*)(_t28 + 0x70)) = __r8;
				 *((long long*)(_t28 + 0x78)) = __rdx;
				 *((long long*)(_t28 + 0x30)) =  *((intOrPtr*)(_t26 + 0x1d0));
				 *((long long*)(_t28 + 0x68)) =  *((intOrPtr*)(_t26 + 0x1d8));
				if (__rcx != 0) goto 0xae5314;
				return E00007FF67FF600AA5980(_t10, _t12,  *(_t26 + 0x150) ^ _t28);
			}









                                                0x7ff600ae5299
                                                0x7ff600ae52a1
                                                0x7ff600ae52a8
                                                0x7ff600ae52b2
                                                0x7ff600ae52c0
                                                0x7ff600ae52cd
                                                0x7ff600ae52d5
                                                0x7ff600ae52dd
                                                0x7ff600ae52e5
                                                0x7ff600ae52ed
                                                0x7ff600ae5313

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CodePageValid
                                                • String ID:
                                                • API String ID: 943130320-0
                                                • Opcode ID: ab1077677f127625534f8dbec8aab15e5ebe58a4a86b389bbc7f141f7c069665
                                                • Instruction ID: 1395b3cf06fbdad84c8acd90e3f19a019c6cf390ce1b84ae4d9ffb628f4c6881
                                                • Opcode Fuzzy Hash: ab1077677f127625534f8dbec8aab15e5ebe58a4a86b389bbc7f141f7c069665
                                                • Instruction Fuzzy Hash: 44E19127E08AC2A5EB609B71A4107BA26A5FF9478CFA44035DE4DC779EEE3CE541C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF626C Relevance: .3, Instructions: 335COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 66%
                                                			E00007FF67FF600AF626C(unsigned int __rax, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				char _v56;
				void* _v72;
				void* _t124;
				signed char _t153;
				void* _t155;
				signed char _t156;
				signed char _t157;
				long long _t176;
				long long _t188;
				signed long long _t216;
				long long _t275;
				signed char* _t295;
				void* _t302;
				void* _t306;
				void* _t308;
				signed char* _t331;
				void* _t333;
				long long _t335;
				void* _t336;
				long long _t337;
				long long _t339;
				signed long long _t340;
				long long _t341;

				_t333 = __r9;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				r15d = 0;
				_v56 = __rcx;
				_v48 = _v48 & _t340;
				if ( *((intOrPtr*)(__rcx + 0x140)) != _t340) goto 0xaf62ba;
				if ( *((intOrPtr*)(__rcx + 0x148)) != _t340) goto 0xaf62ba;
				r12d = 0;
				goto 0xaf672a;
				r13d = 1;
				_push(__rbx);
				_pop(_t302);
				asm("invalid");
				_t339 = __rax;
				E00007FF67FF600AE8E1C(__rax, 0);
				if (__rax != 0) goto 0xaf62e4;
				goto 0xaf6780;
				_t188 = (__rax >> _t156) - 0x33ffff5e;
				_t308 = _t306;
				_pop(_t305);
				_t335 = _t188;
				E00007FF67FF600AE8E1C(_t188, 0);
				if (_t335 != 0) goto 0xaf630c;
				_t124 = E00007FF67FF600AE8E1C(_t188, __rax);
				goto 0xaf62dc;
				if ( *((intOrPtr*)(_t302 + 0x140)) == _t340) goto 0xaf6667;
				E00007FF67FF600AEC120(_t124, _t336, 0x4);
				_t341 = _t188;
				E00007FF67FF600AE8E1C(_t188, 0);
				_t176 = _t341;
				if (_t176 != 0) goto 0xaf6340;
				E00007FF67FF600AE8E1C(_t188, _t339);
				goto 0xaf6305;
				_t298 =  *((intOrPtr*)(_t302 + 0x140));
				_t11 = _t339 + 0x18; // 0x18
				_t189 = _t11;
				 *((long long*)(_t308 + 0x20)) = _t11;
				r9d = 0x15;
				_t13 =  &_v56; // -15
				E00007FF67FF600B006CC(_t156, r13d, _t13,  *((intOrPtr*)(_t302 + 0x140)));
				_t14 = _t339 + 0x20; // 0x20
				r9d = 0x14;
				 *((long long*)(_t308 + 0x20)) = _t14;
				_t16 =  &_v56; // -15
				E00007FF67FF600B006CC(_t156, r13d, _t16,  *((intOrPtr*)(_t302 + 0x140)));
				_t17 = _t339 + 0x28; // 0x28
				r9d = 0x16;
				 *((long long*)(_t308 + 0x20)) = _t17;
				_t19 =  &_v56; // -15
				E00007FF67FF600B006CC(_t156, r13d, _t19,  *((intOrPtr*)(_t302 + 0x140)));
				_t20 =  &_v56; // -15
				_t21 = _t339 + 0x30; // 0x30
				_t190 = _t21;
				r9d = 0x17;
				 *((long long*)(_t308 + 0x20)) = _t21;
				E00007FF67FF600B006CC(_t156, r13d, _t20, _t298);
				r9d = 0x18;
				_t23 = _t339 + 0x38; // 0x38
				_t337 = _t23;
				 *((long long*)(_t308 + 0x20)) = _t337;
				_t25 =  &_v56; // -15
				E00007FF67FF600B006CC(_t156, _t333 - 0x17, _t25, _t298);
				r9d = 0x50;
				_t27 =  &_v56; // -15
				_t28 = _t339 + 0x40; // 0x40
				_t191 = _t28;
				 *((long long*)(_t308 + 0x20)) = _t28;
				E00007FF67FF600B006CC(_t156, _t333 - 0x4f, _t27, _t298);
				r9d = 0x51;
				_t31 =  &_v56; // -15
				_t32 = _t339 + 0x48; // 0x48
				_t192 = _t32;
				 *((long long*)(_t308 + 0x20)) = _t32;
				_t164 = _t333 - 0x50;
				E00007FF67FF600B006CC(_t156, _t333 - 0x50, _t31, _t298);
				_t35 =  &_v56; // -15
				_t36 = _t339 + 0x50; // 0x50
				_t193 = _t36;
				r9d = 0x1a;
				 *((long long*)(_t308 + 0x20)) = _t36;
				E00007FF67FF600B006CC(_t156, _t333 - 0x50, _t35, _t298);
				_t38 =  &_v56; // -15
				_t39 = _t339 + 0x51; // 0x51
				_t194 = _t39;
				r9d = 0x19;
				 *((long long*)(_t308 + 0x20)) = _t39;
				E00007FF67FF600B006CC(_t156, _t333 - 0x50, _t38, _t298);
				_t41 =  &_v56; // -15
				_t42 = _t339 + 0x52; // 0x52
				_t195 = _t42;
				r9d = 0x54;
				 *((long long*)(_t308 + 0x20)) = _t42;
				E00007FF67FF600B006CC(_t156, _t333 - 0x50, _t41, _t298);
				_t44 = _t339 + 0x53; // 0x53
				_t196 = _t44;
				r9d = 0x55;
				 *((long long*)(_t308 + 0x20)) = _t44;
				_t46 =  &_v56; // -15
				E00007FF67FF600B006CC(_t156, _t164, _t46, _t298);
				_t47 =  &_v56; // -15
				_t48 = _t339 + 0x54; // 0x54
				_t197 = _t48;
				r9d = 0x56;
				 *((long long*)(_t308 + 0x20)) = _t48;
				E00007FF67FF600B006CC(_t156, _t164, _t47, _t298);
				_t50 =  &_v56; // -15
				_t51 = _t339 + 0x55; // 0x55
				_t198 = _t51;
				r9d = 0x57;
				 *((long long*)(_t308 + 0x20)) = _t51;
				E00007FF67FF600B006CC(_t156, _t164, _t50, _t298);
				_t53 =  &_v56; // -15
				_t54 = _t339 + 0x56; // 0x56
				_t199 = _t54;
				r9d = 0x52;
				 *((long long*)(_t308 + 0x20)) = _t54;
				E00007FF67FF600B006CC(_t156, _t164, _t53, _t298);
				_t56 =  &_v56; // -15
				_t57 = _t339 + 0x57; // 0x57
				_t200 = _t57;
				r9d = 0x53;
				 *((long long*)(_t308 + 0x20)) = _t57;
				E00007FF67FF600B006CC(_t156, _t164, _t56, _t298);
				r9d = 0x15;
				_t59 =  &_v56; // -15
				_t60 = _t339 + 0x68; // 0x68
				_t201 = _t60;
				 *((long long*)(_t308 + 0x20)) = _t60;
				E00007FF67FF600B006CC(_t156, _t333 - 0x13, _t59, _t298);
				r9d = 0x14;
				_t63 =  &_v56; // -15
				_t64 = _t339 + 0x70; // 0x70
				_t202 = _t64;
				 *((long long*)(_t308 + 0x20)) = _t64;
				E00007FF67FF600B006CC(_t156, _t333 - 0x12, _t63, _t298);
				r9d = 0x16;
				_t67 =  &_v56; // -15
				_t68 = _t339 + 0x78; // 0x78
				_t203 = _t68;
				 *((long long*)(_t308 + 0x20)) = _t68;
				E00007FF67FF600B006CC(_t156, _t333 - 0x14, _t67, _t298);
				r9d = 0x17;
				_t71 =  &_v56; // -15
				_t72 = _t339 + 0x80; // 0x80
				_t204 = _t72;
				 *((long long*)(_t308 + 0x20)) = _t72;
				E00007FF67FF600B006CC(_t156, _t333 - 0x15, _t71, _t298);
				r9d = 0x50;
				_t75 =  &_v56; // -15
				_t76 = _t339 + 0x88; // 0x88
				_t205 = _t76;
				 *((long long*)(_t308 + 0x20)) = _t76;
				E00007FF67FF600B006CC(_t156, _t333 - 0x4e, _t75, _t298);
				_t79 = _t339 + 0x90; // 0x90
				_t206 = _t79;
				r9d = 0x51;
				 *((long long*)(_t308 + 0x20)) = _t79;
				_t81 =  &_v56; // -15
				E00007FF67FF600B006CC(_t156, _t333 - 0x4f, _t81, _t298);
				if (_t176 == 0) goto 0xaf661d;
				E00007FF67FF600AF6160(_t339);
				E00007FF67FF600AE8E1C(_t206 | _t189 | _t189 | _t189 | _t190 | _t190 | _t191 | _t192 | _t193 | _t194 | _t195 | _t196 | _t197 | _t198 | _t199 | _t200 | _t201 | _t202 | _t203 | _t204 | _t205, _t339);
				E00007FF67FF600AE8E1C(_t206 | _t189 | _t189 | _t189 | _t190 | _t190 | _t191 | _t192 | _t193 | _t194 | _t195 | _t196 | _t197 | _t198 | _t199 | _t200 | _t201 | _t202 | _t203 | _t204 | _t205, _t335);
				_t275 = _t341;
				E00007FF67FF600AE8E1C(_t206 | _t189 | _t189 | _t189 | _t190 | _t190 | _t191 | _t192 | _t193 | _t194 | _t195 | _t196 | _t197 | _t198 | _t199 | _t200 | _t201 | _t202 | _t203 | _t204 | _t205, _t275);
				 *((intOrPtr*)(_t275 - 0x75)) =  *((intOrPtr*)(_t275 - 0x75)) + _t156;
				 *0x0FC08402 =  *((intOrPtr*)(0xfc08402)) + _t156;
				asm("rol byte [eax+0x167709f9], 1");
				 *0x00000000 = _t156;
				r13d = 1;
				_t295 =  &(0[_t337]);
				_t153 =  *_t295;
				if (_t153 != 0) goto 0xaf662b;
				goto 0xaf66d5;
				if (_t153 != 0x3b) goto 0xaf6635;
				_t331 = _t295;
				_t157 = _t331[1];
				 *_t331 = _t157;
				if (_t157 != 0) goto 0xaf6650;
				r13d = 1;
				goto 0xaf663e;
				asm("movups [esi], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x20]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x30]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x40]");
				asm("inc ecx");
				asm("movups xmm1, [eax+0x50]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x60]");
				asm("inc ecx");
				asm("movups xmm0, [eax+0x70]");
				asm("inc ecx");
				asm("movups xmm1, [eax+edx]");
				asm("inc ecx");
				 *((long long*)(_t339 + 0x4100100f00000090)) =  *((intOrPtr*)(0x4100900500b30700));
				goto 0xaf66d5;
				r13d = 1;
				 *_t339 =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xf8))));
				 *((long long*)(_t339 + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xf8)) + 8));
				 *((long long*)(_t339 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xf8)) + 0x10));
				 *((long long*)(_t339 + 0x58)) =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xf8)) + 0x58));
				 *((long long*)(_t339 + 0x60)) =  *((intOrPtr*)( *((intOrPtr*)(_t302 + 0xf8)) + 0x60));
				 *_t335 = r13d;
				if (_t341 == 0) goto 0xaf672a;
				 *_t341 = r13d;
				_t216 =  *((intOrPtr*)(_t302 + 0xf0));
				if (_t216 == 0) goto 0xaf6739;
				asm("lock dec dword [eax]");
				if ( *((intOrPtr*)(_t302 + 0xe0)) == 0) goto 0xaf6769;
				asm("lock xadd [ecx], eax");
				if ((_t216 | 0xffffffff) != 1) goto 0xaf6769;
				E00007FF67FF600AE8E1C(_t216 | 0xffffffff,  *((intOrPtr*)(_t302 + 0xf8)));
				_t155 = E00007FF67FF600AE8E1C(_t216 | 0xffffffff,  *((intOrPtr*)(_t302 + 0xe0)));
				 *((long long*)(_t302 + 0xf0)) = _t341;
				 *((long long*)(_t302 + 0xe0)) = _t335;
				 *((long long*)(_t302 + 0xf8)) = _t339;
				return _t155;
			}




























                                                0x7ff600af626c
                                                0x7ff600af626c
                                                0x7ff600af6271
                                                0x7ff600af6276
                                                0x7ff600af628b
                                                0x7ff600af628e
                                                0x7ff600af6292
                                                0x7ff600af62a0
                                                0x7ff600af62a9
                                                0x7ff600af62ab
                                                0x7ff600af62b5
                                                0x7ff600af62ba
                                                0x7ff600af62c9
                                                0x7ff600af62ca
                                                0x7ff600af62cb
                                                0x7ff600af62cf
                                                0x7ff600af62d2
                                                0x7ff600af62da
                                                0x7ff600af62df
                                                0x7ff600af62ef
                                                0x7ff600af62f4
                                                0x7ff600af62f4
                                                0x7ff600af62f5
                                                0x7ff600af62f8
                                                0x7ff600af6300
                                                0x7ff600af6305
                                                0x7ff600af630a
                                                0x7ff600af6313
                                                0x7ff600af631f
                                                0x7ff600af6326
                                                0x7ff600af6329
                                                0x7ff600af632e
                                                0x7ff600af6331
                                                0x7ff600af6336
                                                0x7ff600af633e
                                                0x7ff600af6340
                                                0x7ff600af6347
                                                0x7ff600af6347
                                                0x7ff600af634e
                                                0x7ff600af6353
                                                0x7ff600af6359
                                                0x7ff600af6360
                                                0x7ff600af6365
                                                0x7ff600af6369
                                                0x7ff600af636f
                                                0x7ff600af6377
                                                0x7ff600af6380
                                                0x7ff600af6385
                                                0x7ff600af6389
                                                0x7ff600af638f
                                                0x7ff600af6397
                                                0x7ff600af63a0
                                                0x7ff600af63a7
                                                0x7ff600af63ab
                                                0x7ff600af63ab
                                                0x7ff600af63af
                                                0x7ff600af63b8
                                                0x7ff600af63c0
                                                0x7ff600af63c5
                                                0x7ff600af63cb
                                                0x7ff600af63cb
                                                0x7ff600af63d2
                                                0x7ff600af63d7
                                                0x7ff600af63e1
                                                0x7ff600af63e6
                                                0x7ff600af63ec
                                                0x7ff600af63f5
                                                0x7ff600af63f5
                                                0x7ff600af63f9
                                                0x7ff600af6402
                                                0x7ff600af6407
                                                0x7ff600af640d
                                                0x7ff600af6416
                                                0x7ff600af6416
                                                0x7ff600af641a
                                                0x7ff600af641f
                                                0x7ff600af6423
                                                0x7ff600af642a
                                                0x7ff600af642e
                                                0x7ff600af642e
                                                0x7ff600af6432
                                                0x7ff600af643b
                                                0x7ff600af6442
                                                0x7ff600af6449
                                                0x7ff600af644d
                                                0x7ff600af644d
                                                0x7ff600af6451
                                                0x7ff600af645a
                                                0x7ff600af6461
                                                0x7ff600af6468
                                                0x7ff600af646c
                                                0x7ff600af646c
                                                0x7ff600af6470
                                                0x7ff600af6479
                                                0x7ff600af6480
                                                0x7ff600af6487
                                                0x7ff600af6487
                                                0x7ff600af648b
                                                0x7ff600af6494
                                                0x7ff600af649b
                                                0x7ff600af649f
                                                0x7ff600af64a6
                                                0x7ff600af64aa
                                                0x7ff600af64aa
                                                0x7ff600af64ae
                                                0x7ff600af64b7
                                                0x7ff600af64be
                                                0x7ff600af64c5
                                                0x7ff600af64c9
                                                0x7ff600af64c9
                                                0x7ff600af64cd
                                                0x7ff600af64d6
                                                0x7ff600af64dd
                                                0x7ff600af64e4
                                                0x7ff600af64e8
                                                0x7ff600af64e8
                                                0x7ff600af64ec
                                                0x7ff600af64f5
                                                0x7ff600af64fc
                                                0x7ff600af6503
                                                0x7ff600af6507
                                                0x7ff600af6507
                                                0x7ff600af650b
                                                0x7ff600af6514
                                                0x7ff600af651b
                                                0x7ff600af6520
                                                0x7ff600af6526
                                                0x7ff600af652f
                                                0x7ff600af652f
                                                0x7ff600af6533
                                                0x7ff600af653c
                                                0x7ff600af6541
                                                0x7ff600af6547
                                                0x7ff600af6550
                                                0x7ff600af6550
                                                0x7ff600af6554
                                                0x7ff600af655d
                                                0x7ff600af6562
                                                0x7ff600af6568
                                                0x7ff600af6571
                                                0x7ff600af6571
                                                0x7ff600af6575
                                                0x7ff600af657e
                                                0x7ff600af6583
                                                0x7ff600af6589
                                                0x7ff600af6592
                                                0x7ff600af6592
                                                0x7ff600af6599
                                                0x7ff600af65a2
                                                0x7ff600af65a7
                                                0x7ff600af65ad
                                                0x7ff600af65b6
                                                0x7ff600af65b6
                                                0x7ff600af65bd
                                                0x7ff600af65c6
                                                0x7ff600af65cd
                                                0x7ff600af65cd
                                                0x7ff600af65d4
                                                0x7ff600af65da
                                                0x7ff600af65e2
                                                0x7ff600af65ea
                                                0x7ff600af65f1
                                                0x7ff600af65f6
                                                0x7ff600af65fe
                                                0x7ff600af6606
                                                0x7ff600af660b
                                                0x7ff600af660e
                                                0x7ff600af661c
                                                0x7ff600af6620
                                                0x7ff600af662d
                                                0x7ff600af6633
                                                0x7ff600af6635
                                                0x7ff600af663b
                                                0x7ff600af663e
                                                0x7ff600af6642
                                                0x7ff600af6644
                                                0x7ff600af664b
                                                0x7ff600af664d
                                                0x7ff600af6650
                                                0x7ff600af6654
                                                0x7ff600af665d
                                                0x7ff600af665f
                                                0x7ff600af6665
                                                0x7ff600af6677
                                                0x7ff600af667a
                                                0x7ff600af667e
                                                0x7ff600af6683
                                                0x7ff600af6687
                                                0x7ff600af668c
                                                0x7ff600af6690
                                                0x7ff600af6695
                                                0x7ff600af6699
                                                0x7ff600af669e
                                                0x7ff600af66a2
                                                0x7ff600af66a7
                                                0x7ff600af66ab
                                                0x7ff600af66b0
                                                0x7ff600af66b4
                                                0x7ff600af66ba
                                                0x7ff600af66be
                                                0x7ff600af66c8
                                                0x7ff600af66cd
                                                0x7ff600af66cf
                                                0x7ff600af66df
                                                0x7ff600af66ed
                                                0x7ff600af66fc
                                                0x7ff600af670b
                                                0x7ff600af671a
                                                0x7ff600af671e
                                                0x7ff600af6725
                                                0x7ff600af6727
                                                0x7ff600af672a
                                                0x7ff600af6734
                                                0x7ff600af6736
                                                0x7ff600af6743
                                                0x7ff600af6748
                                                0x7ff600af674f
                                                0x7ff600af6758
                                                0x7ff600af6764
                                                0x7ff600af6769
                                                0x7ff600af6772
                                                0x7ff600af6779
                                                0x7ff600af679d

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7f81acae8a198aa35ebebd5085763c7b4b17ddc8bffbdb26e5f2c5696e63933
                                                • Instruction ID: b301c570f389d70e784ec9d26c5a0cf32738188ee05b465795e2b572cbd761e0
                                                • Opcode Fuzzy Hash: f7f81acae8a198aa35ebebd5085763c7b4b17ddc8bffbdb26e5f2c5696e63933
                                                • Instruction Fuzzy Hash: 4AE1A132A08B8295E720DB61E4416FE37A8FB95788F114635DF9D9379AEF39D254C300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADD110 Relevance: .3, Instructions: 317COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00007FF67FF600ADD110(void* __ecx, void* __rax, signed int* __rcx, long long __rdx, signed int __r10, long long __r13, signed int _a8, long long _a16, signed int _a24, void* _a32) {
				long long _v64;
				char _v532;
				long long _v536;
				long long _v544;
				long long _v552;
				long long _v556;
				long long _v560;
				long long _v568;
				void* __rbx;
				void* __rsi;
				void* _t111;
				void* _t114;
				signed int _t116;
				signed int _t123;
				signed int _t130;
				signed char _t134;
				void* _t139;
				signed int _t140;
				signed int _t155;
				void* _t172;
				signed long long _t180;
				intOrPtr _t195;
				signed long long _t203;
				signed long long _t205;
				signed long long _t211;
				signed int* _t218;
				signed long long _t220;
				signed long long _t238;
				signed int _t245;
				signed long long _t255;
				signed long long _t256;
				intOrPtr _t257;
				char* _t272;
				intOrPtr _t275;
				signed long long _t276;
				void* _t282;
				signed long long _t284;
				signed long long _t285;
				signed long long _t295;
				signed long long _t299;
				signed long long _t308;

				_a16 = __rdx;
				r10d =  *__rcx;
				if (r10d == 0) goto 0xadd525;
				_t257 =  *((intOrPtr*)(__rdx));
				if (_t257 == 0) goto 0xadd525;
				r10d = r10d - 1;
				_t2 = _t257 - 1; // 0x435
				_t180 = _t2;
				if (_t180 != 0) goto 0xadd232;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0xadd182;
				_t218 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				 *((intOrPtr*)(__rcx[1] + 0x3a5e9c3)) =  *((intOrPtr*)(__rcx[1] + 0x3a5e9c3)) + __ecx;
				 *_t180 =  *_t180 + _t111;
				if (r10d != 0) goto 0xadd1bd;
				 *_t218 = 0;
				r9d = 0;
				_v536 = 0;
				 *(_t218[1]) =  *(_t218[1]) + sil;
				asm("ror byte [ebx-0xb08be3d], cl");
				__rcx[1] = 0x1cc;
				bpl = 0x1cc != 0;
				 *__rcx = 0;
				goto 0xadd527;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0xadd1f6;
				_t220 = _t299;
				r10d = r10d + r15d;
				_t260 = (0 << 0x20) + (_t180 | 0 << 0x00000020);
				if (r10d != r15d) goto 0xadd1d1;
				r9d = 0;
				_v536 = 0;
				_t272 =  &_v532;
				 *__rcx = 0;
				_t114 = E00007FF67FF600AE1F6C(_t180 | 0 << 0x00000020, _t218[1], _t220, 0x1cc, __rcx, _t272, _t282);
				__rcx[1] = r14d;
				__rcx[2] = 0 >> 0x20;
				bpl = 0 >> 0x20 != 0;
				 *__rcx = 1;
				goto 0xadd527;
				if (_t114 - r10d > 0) goto 0xadd525;
				r8d = r10d;
				_t245 = r10d;
				r8d = r8d - _t114;
				r9d = r10d;
				_t211 = r8d;
				if (_t245 - _t211 < 0) goto 0xadd298;
				_t295 = 0 - _t211 * 4 - __rcx;
				if ( *((intOrPtr*)(_t295 + (0 >> 0x20))) != _t114) goto 0xadd281;
				r9d = r9d - 1;
				if (_t245 - 1 - _t211 >= 0) goto 0xadd268;
				goto 0xadd298;
				_t116 = r9d - r8d;
				if ( *((intOrPtr*)(0 + 4 + _t116 * 4)) - __ecx >= 0) goto 0xadd29b;
				r8d = r8d + 1;
				_t155 = r8d;
				if (_t155 == 0) goto 0xadd525;
				_t34 = _t260 - 1; // 0x435
				 *((char*)(_t282 - 0x75)) =  *((char*)(_t282 - 0x75)) + 1;
				asm("insb");
				_t37 =  *((intOrPtr*)(__rcx + 4 + r9d * 4)) + _t34 * 2;
				 *_t37 = _t116 + 0x8d;
				asm("bsr eax, ecx");
				_a8 = 1;
				if (_t155 == 0) goto 0xadd2d1;
				r11d = 0x1f;
				r11d = r11d -  *_t37;
				goto 0xadd2d4;
				r11d = _t130;
				_a24 = r11d;
				_v568 = 0x20;
				if (r11d == 0) goto 0xadd31f;
				_t134 = r11d;
				r9d =  *(__rcx + 4 + __r10 * 4) % _t220;
				r9d = r9d | r9d;
				_a8 = 1;
				if (0 << 0x20 - 2 <= 0) goto 0xadd31f;
				_t44 = _t260 - 3; // 0x433
				_a8 = 1 << _t134 | _t44 >> _t134;
				r14d = _t272 - 1;
				r12d = _t140;
				if (r14d < 0) goto 0xadd4f0;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = 0xbadbad;
				_v544 = 0x20;
				_v552 = 0x20;
				if (r13d - r10d > 0) goto 0xadd35e;
				goto 0xadd360;
				_a32 = 0;
				r11d = __rcx[0x64c8b4500000021];
				_v560 = __rcx[0x64c8b4500000021];
				_v556 = 0;
				if (_a24 == 0) goto 0xadd3c0;
				r8d = r11d;
				r11d = r11d << _t134;
				if (r13d - 3 < 0) goto 0xadd3c5;
				_t123 = __r13 - 3;
				r11d = r11d | _t123;
				goto 0xadd3c5;
				_t275 = _v560;
				_t195 = _t275;
				r8d = _t123 % 0x20;
				if (_t195 - _t308 <= 0) goto 0xadd3ef;
				_t284 = _t308;
				_t276 = _t275 + (0x1 + _t195) * 0x20;
				if (_t276 - _t308 > 0) goto 0xadd41e;
				if (_a8 * _t284 - (_t276 << 0x00000020 | _t295) <= 0) goto 0xadd41e;
				_t285 = _t284 - 1;
				if (_t276 + 0x20 - _t308 <= 0) goto 0xadd401;
				if (_t285 == 0) goto 0xadd4d1;
				r11d = _t140;
				if (0 << 0x20 == 0) goto 0xadd47f;
				_t203 =  *(_a16 + 4) * _t285;
				r8d = r10d;
				_t290 = 0 + _t203 >> 0x20;
				_t292 =  >=  ? 0 + _t203 >> 0x20 : _t290 + 1;
				r11d = r11d + 1;
				if (r11d - _t139 < 0) goto 0xadd440;
				_t205 = _a32;
				if (_t205 - ( >=  ? 0 + _t203 >> 0x20 : _t290 + 1) >= 0) goto 0xadd4cd;
				r10d = _t140;
				if ((0 << 0x20) + (_t180 | 0 << 0x00000020) == 0) goto 0xadd4ca;
				r10d = r10d + 1;
				_t255 =  &(__rcx[_t205]);
				 *(_t255 + 4) = r8d;
				_t172 = r10d - _t139;
				if (_t172 < 0) goto 0xadd4a1;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				if (_t172 >= 0) goto 0xadd352;
				_t238 = _t255;
				if (_t255 -  *__rcx >= 0) goto 0xadd50c;
				asm("o16 nop [eax+eax]");
				 *((long long*)(__rcx + 4 + _t238 * 4)) = 0;
				if (_t238 + 1 -  *__rcx < 0) goto 0xadd500;
				 *__rcx = _t255;
				if (_t255 == 0) goto 0xadd520;
				_t256 = _t255 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t256 * 4)) != 0) goto 0xadd520;
				 *__rcx = _t256;
				if (_t256 != 0) goto 0xadd512;
				goto 0xadd527;
				return r9d;
			}












































                                                0x7ff600add110
                                                0x7ff600add126
                                                0x7ff600add132
                                                0x7ff600add138
                                                0x7ff600add13c
                                                0x7ff600add142
                                                0x7ff600add145
                                                0x7ff600add145
                                                0x7ff600add14a
                                                0x7ff600add150
                                                0x7ff600add15a
                                                0x7ff600add164
                                                0x7ff600add168
                                                0x7ff600add16a
                                                0x7ff600add16d
                                                0x7ff600add17a
                                                0x7ff600add180
                                                0x7ff600add185
                                                0x7ff600add18f
                                                0x7ff600add191
                                                0x7ff600add198
                                                0x7ff600add1a5
                                                0x7ff600add1a7
                                                0x7ff600add1af
                                                0x7ff600add1b2
                                                0x7ff600add1b6
                                                0x7ff600add1b8
                                                0x7ff600add1bd
                                                0x7ff600add1cc
                                                0x7ff600add1ce
                                                0x7ff600add1dc
                                                0x7ff600add1ee
                                                0x7ff600add1f4
                                                0x7ff600add1f6
                                                0x7ff600add1f9
                                                0x7ff600add1fd
                                                0x7ff600add202
                                                0x7ff600add20d
                                                0x7ff600add215
                                                0x7ff600add222
                                                0x7ff600add225
                                                0x7ff600add22b
                                                0x7ff600add22d
                                                0x7ff600add235
                                                0x7ff600add23b
                                                0x7ff600add23e
                                                0x7ff600add241
                                                0x7ff600add244
                                                0x7ff600add247
                                                0x7ff600add24d
                                                0x7ff600add261
                                                0x7ff600add26e
                                                0x7ff600add270
                                                0x7ff600add27d
                                                0x7ff600add27f
                                                0x7ff600add284
                                                0x7ff600add296
                                                0x7ff600add298
                                                0x7ff600add29b
                                                0x7ff600add29e
                                                0x7ff600add2a4
                                                0x7ff600add2b2
                                                0x7ff600add2b6
                                                0x7ff600add2b7
                                                0x7ff600add2b7
                                                0x7ff600add2ba
                                                0x7ff600add2bd
                                                0x7ff600add2c4
                                                0x7ff600add2c6
                                                0x7ff600add2cc
                                                0x7ff600add2cf
                                                0x7ff600add2d1
                                                0x7ff600add2d7
                                                0x7ff600add2df
                                                0x7ff600add2e6
                                                0x7ff600add2f1
                                                0x7ff600add2f6
                                                0x7ff600add2fb
                                                0x7ff600add2fe
                                                0x7ff600add308
                                                0x7ff600add30a
                                                0x7ff600add318
                                                0x7ff600add321
                                                0x7ff600add325
                                                0x7ff600add32b
                                                0x7ff600add333
                                                0x7ff600add33c
                                                0x7ff600add344
                                                0x7ff600add348
                                                0x7ff600add34d
                                                0x7ff600add355
                                                0x7ff600add35c
                                                0x7ff600add364
                                                0x7ff600add373
                                                0x7ff600add378
                                                0x7ff600add37d
                                                0x7ff600add38a
                                                0x7ff600add391
                                                0x7ff600add3a4
                                                0x7ff600add3ab
                                                0x7ff600add3b1
                                                0x7ff600add3bb
                                                0x7ff600add3be
                                                0x7ff600add3c0
                                                0x7ff600add3c7
                                                0x7ff600add3cd
                                                0x7ff600add3d6
                                                0x7ff600add3e5
                                                0x7ff600add3ec
                                                0x7ff600add3f2
                                                0x7ff600add40e
                                                0x7ff600add410
                                                0x7ff600add41c
                                                0x7ff600add421
                                                0x7ff600add42a
                                                0x7ff600add42f
                                                0x7ff600add446
                                                0x7ff600add451
                                                0x7ff600add456
                                                0x7ff600add467
                                                0x7ff600add46e
                                                0x7ff600add478
                                                0x7ff600add47f
                                                0x7ff600add489
                                                0x7ff600add48b
                                                0x7ff600add490
                                                0x7ff600add4a5
                                                0x7ff600add4ac
                                                0x7ff600add4bd
                                                0x7ff600add4c5
                                                0x7ff600add4c8
                                                0x7ff600add4cd
                                                0x7ff600add4d5
                                                0x7ff600add4de
                                                0x7ff600add4e2
                                                0x7ff600add4f4
                                                0x7ff600add4f8
                                                0x7ff600add4fa
                                                0x7ff600add504
                                                0x7ff600add50a
                                                0x7ff600add50c
                                                0x7ff600add510
                                                0x7ff600add512
                                                0x7ff600add518
                                                0x7ff600add51a
                                                0x7ff600add51e
                                                0x7ff600add523
                                                0x7ff600add538

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ec47042a0514bd8a5d3c659f1802ce2560f1b1fbb497f3c8ff6184d9a2edbef
                                                • Instruction ID: fb12c54b23b102cc6e51e212c1a2f14b64a0f8d4957ae3eef7644568fa6530ad
                                                • Opcode Fuzzy Hash: 8ec47042a0514bd8a5d3c659f1802ce2560f1b1fbb497f3c8ff6184d9a2edbef
                                                • Instruction Fuzzy Hash: D4C1A173B1828697DB24CF19A144A6AB7A1F794788F64813ADF4B87749DF3CE805CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADABC8 Relevance: .3, Instructions: 285COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E00007FF67FF600ADABC8(void* __ecx, intOrPtr __edx, void* __rax, long long __rbx, void* __rcx, void* __r11, signed int _a8, long long _a16, long long _a24, intOrPtr* _a40) {
				signed long long _v72;
				signed char _t59;
				signed int _t63;
				signed char _t68;
				void* _t75;
				signed long long _t127;
				signed long long _t128;
				unsigned long long _t147;
				unsigned long long _t150;
				signed long long _t162;
				signed long long _t164;
				signed long long _t166;
				long long _t179;
				signed long long _t180;
				void* _t183;
				signed long long _t184;
				signed long long _t190;
				signed int* _t194;
				signed long long _t201;
				signed long long _t203;
				void* _t206;
				intOrPtr* _t208;
				intOrPtr* _t209;

				_a24 = __rbx;
				_a16 = _t179;
				_a8 = _a8 & 0x00000000;
				r10b = r9b;
				r11d = __edx;
				_t75 = __rcx - 0xffffffff;
				if (_t75 <= 0) goto 0xadac13;
				asm("bsr ecx, eax");
				if (_t75 == 0) goto 0xadac0c;
				goto 0xadac0e;
				goto 0xadac1e;
				asm("bsr ecx, ebx");
				if (_t75 == 0) goto 0xadac1c;
				goto 0xadac1e;
				asm("inc ebp");
				r14d = r14d & 0x0000001d;
				r14d = r14d + 0x18;
				r14d = r14d - __ecx;
				asm("inc ebp");
				r8d = r8d & 0x00000380;
				r8d = r8d + 0x7f;
				if (r11d - r14d - r8d > 0) goto 0xadaeb4;
				asm("sbb ecx, ecx");
				if (_t180 - 0xffffffffffffff82 >= 0) goto 0xadadc8;
				r9d = __r11 - 1;
				r9d = r9d + r8d;
				_a8 = r9d;
				if (r9d >= 0) goto 0xadadc0;
				r13d = r9d;
				if (0x1 - 0x40 < 0) goto 0xadacb0;
				goto 0xadad6d;
				_v72 = 0x00000001 << r13d & 0;
				if (r10b == 0) goto 0xadace3;
				if (0 != 0) goto 0xadace3;
				r15b = 0;
				goto 0xadace6;
				r15b = bpl;
				if (0x1 != 0) goto 0xadacf0;
				if (r15b == 0) goto 0xadad49;
				E00007FF67FF600AF0820(r15b);
				if (0x1 == 0) goto 0xadad1e;
				if (0x1 == 0x100) goto 0xadad19;
				r9d = _a8;
				r11d = _a16;
				if ((0x1 << _t203 - 1) - 1 != 0x200) goto 0xadad49;
				goto 0xadad4b;
				goto 0xadad33;
				if (0 == 0) goto 0xadad3f;
				if (r15b != 0) goto 0xadad30;
				if (_v72 == 0) goto 0xadad3f;
				r9d = _a8;
				r11d = _a16;
				goto 0xadad4b;
				r9d = _a8;
				r11d = _a16;
				_t208 = _a40;
				_t59 = r13d;
				_t147 = 0 >> _t59;
				if (_t147 != 0) goto 0xadad96;
				_t162 =  *_t208;
				if ( *((intOrPtr*)(_t208 + 8)) == 0) goto 0xadad85;
				 *_t162 = _t184 << 0x3f;
				goto 0xadad8c;
				 *_t162 = _t184 << 0x1f;
				 *((intOrPtr*)(_t179 + 0x48d8f6c2)) =  *((intOrPtr*)(_t179 + 0x48d8f6c2)) + _t59;
				asm("sbb ecx, ecx");
				_t164 = (_t162 & 0xff800000) + 0x7fffff;
				if (_t147 - _t164 <= 0) goto 0xadaef0;
				goto 0xadaef0;
				goto 0xadaeed;
				if (r14d >= 0) goto 0xadaee8;
				r14d =  ~r14d;
				if (r14d - 0x40 < 0) goto 0xadade1;
				goto 0xadae7c;
				_t24 = _t206 - 1; // -25
				_t127 = 0x1 << _t24;
				_t201 = _t127 & 0;
				if (r10b == 0) goto 0xadae13;
				_t128 = _t127 - 1;
				if ((0 & _t128) != 0) goto 0xadae13;
				r15b = 0;
				goto 0xadae16;
				r15b = bpl;
				if (_t201 != 0) goto 0xadae20;
				if (r15b == 0) goto 0xadae58;
				E00007FF67FF600AF0820(r15b);
				if (_t128 == 0) goto 0xadae44;
				if (_t128 == 0x100) goto 0xadae3f;
				if (_t128 != 0x200) goto 0xadae58;
				goto 0xadae5a;
				goto 0xadae5a;
				if (_t201 == 0) goto 0xadae58;
				if (r15b != 0) goto 0xadae53;
				if ((_t203 << r9d & 0) == 0) goto 0xadae58;
				goto 0xadae5a;
				_t209 = _a40;
				_t150 = 0 >> r14d;
				_t68 =  *((intOrPtr*)(_t209 + 8));
				asm("dec eax");
				_t166 = (_t164 & 0xff000000) + 0xffffff;
				if (_t150 - _t166 <= 0) goto 0xadaef0;
				_t183 =  ~_t180 - 0x1 + 1;
				asm("sbb ecx, ecx");
				if (_t183 - (_t166 & 0x00000380) + 0x7f <= 0) goto 0xadaef0;
				_t190 =  *_t209;
				if (_t68 == 0) goto 0xadaed4;
				 *_t190 = _t184 << 0x0000003f | 0x00000000;
				goto 0xadaee1;
				 *_t190 =  ~_t68;
				_t63 = r14d;
				_t194 =  *_t209;
				asm("dec ebp");
				if (_t68 == 0) goto 0xadaf2d;
				 *_t194 = (_t183 + 0x000003ff & 0x000007ff | _t184 << 0x0000000b) << 0x00000034 | (_t190 & 0xff800000) + 0x007fffff & _t150 >> 0x00000001 << _t63;
				goto 0xadaf4d;
				r8d = r8d & 0x007fffff;
				 *_t194 = _t63 | r8d;
				return  ~_t68;
			}


























                                                0x7ff600adabc8
                                                0x7ff600adabcd
                                                0x7ff600adabe0
                                                0x7ff600adabee
                                                0x7ff600adabf1
                                                0x7ff600adabf7
                                                0x7ff600adabfa
                                                0x7ff600adac03
                                                0x7ff600adac06
                                                0x7ff600adac0a
                                                0x7ff600adac11
                                                0x7ff600adac13
                                                0x7ff600adac16
                                                0x7ff600adac1a
                                                0x7ff600adac33
                                                0x7ff600adac36
                                                0x7ff600adac3a
                                                0x7ff600adac3e
                                                0x7ff600adac46
                                                0x7ff600adac49
                                                0x7ff600adac50
                                                0x7ff600adac57
                                                0x7ff600adac6b
                                                0x7ff600adac78
                                                0x7ff600adac7e
                                                0x7ff600adac85
                                                0x7ff600adac8a
                                                0x7ff600adac92
                                                0x7ff600adac98
                                                0x7ff600adaca7
                                                0x7ff600adacab
                                                0x7ff600adacc0
                                                0x7ff600adacd4
                                                0x7ff600adacdc
                                                0x7ff600adacde
                                                0x7ff600adace1
                                                0x7ff600adace3
                                                0x7ff600adace9
                                                0x7ff600adacee
                                                0x7ff600adacf0
                                                0x7ff600adacf7
                                                0x7ff600adacfe
                                                0x7ff600adad00
                                                0x7ff600adad05
                                                0x7ff600adad0f
                                                0x7ff600adad17
                                                0x7ff600adad1c
                                                0x7ff600adad21
                                                0x7ff600adad26
                                                0x7ff600adad2e
                                                0x7ff600adad33
                                                0x7ff600adad38
                                                0x7ff600adad3d
                                                0x7ff600adad3f
                                                0x7ff600adad44
                                                0x7ff600adad4b
                                                0x7ff600adad53
                                                0x7ff600adad66
                                                0x7ff600adad70
                                                0x7ff600adad72
                                                0x7ff600adad77
                                                0x7ff600adad80
                                                0x7ff600adad83
                                                0x7ff600adad8a
                                                0x7ff600adad95
                                                0x7ff600adad9b
                                                0x7ff600adada0
                                                0x7ff600adadaa
                                                0x7ff600adadbb
                                                0x7ff600adadc3
                                                0x7ff600adadcb
                                                0x7ff600adadd1
                                                0x7ff600adadd8
                                                0x7ff600adaddc
                                                0x7ff600adadf1
                                                0x7ff600adadf5
                                                0x7ff600adadfe
                                                0x7ff600adae04
                                                0x7ff600adae06
                                                0x7ff600adae0c
                                                0x7ff600adae0e
                                                0x7ff600adae11
                                                0x7ff600adae13
                                                0x7ff600adae19
                                                0x7ff600adae1e
                                                0x7ff600adae20
                                                0x7ff600adae27
                                                0x7ff600adae2e
                                                0x7ff600adae35
                                                0x7ff600adae3d
                                                0x7ff600adae42
                                                0x7ff600adae47
                                                0x7ff600adae4c
                                                0x7ff600adae51
                                                0x7ff600adae56
                                                0x7ff600adae5a
                                                0x7ff600adae75
                                                0x7ff600adae78
                                                0x7ff600adae8a
                                                0x7ff600adae90
                                                0x7ff600adae9a
                                                0x7ff600adaea1
                                                0x7ff600adaea5
                                                0x7ff600adaeb2
                                                0x7ff600adaeb4
                                                0x7ff600adaeb9
                                                0x7ff600adaecf
                                                0x7ff600adaed2
                                                0x7ff600adaede
                                                0x7ff600adaeea
                                                0x7ff600adaef0
                                                0x7ff600adaef7
                                                0x7ff600adaf09
                                                0x7ff600adaf28
                                                0x7ff600adaf2b
                                                0x7ff600adaf35
                                                0x7ff600adaf4a
                                                0x7ff600adaf66

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de5b76ba340da230ded5f492906b1ffc164289fa5adba41333a3af1922aca6e7
                                                • Instruction ID: dbeff900c1e5658216109d11156bc0023ea7f6f0c88b95abcda4a22d40e489d8
                                                • Opcode Fuzzy Hash: de5b76ba340da230ded5f492906b1ffc164289fa5adba41333a3af1922aca6e7
                                                • Instruction Fuzzy Hash: 4A915927B286525AFA254E25A0103B93781AF74794F34053ADE5FC7BCADD3CE905D701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AF7C04 Relevance: .3, Instructions: 272COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 69%
                                                			E00007FF67FF600AF7C04(signed char __ecx, void* __edx, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __rbp, void* __r9, long long _a16, long long _a24) {
				void* _v24;
				signed long long _v40;
				char _v168;
				void* __rsi;
				void* _t80;
				void* _t81;
				signed char _t83;
				void* _t84;
				void* _t87;
				void* _t88;
				signed long long _t98;
				signed long long _t122;
				signed long long _t123;
				signed long long _t126;
				signed long long _t129;
				signed long long _t130;
				signed long long _t133;
				intOrPtr* _t139;
				signed long long _t157;
				signed long long _t179;
				signed long long _t180;
				signed long long _t181;
				signed long long _t182;
				void* _t184;
				void* _t188;
				signed long long _t189;
				char* _t191;
				signed short* _t205;
				void* _t208;

				_t88 = __eflags;
				_t84 = __edx;
				_t83 = __ecx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t189 = _t188 - 0xc0;
				_t122 =  *0xb2fde8; // 0xc4f55cf73642
				_t123 = _t122 ^ _t189;
				_v40 = _t123;
				_t184 = __rcx;
				E00007FF67FF600AEA310(_t123, __rbx, __rcx, __rdx, __rcx, __r9);
				r9d = 0x40;
				_t191 =  &_v168;
				_t5 = _t123 + 0x98; // 0x98
				_t139 = _t5;
				asm("sbb edx, edx");
				E00007FF67FF600AED2B4(_t84, _t88, _t123, _t139, _t184, _t184, __rbp, _t191);
				if (_t123 != 0) goto 0xaf7c73;
				 *(_t139 + 0x10) = 0;
				 *0x23EE8FFFFFF8C =  *((intOrPtr*)(0x23ee8ffffff8c)) + _t83;
				 *(_t191 - 0x73) =  *(_t191 - 0x73) | _t83;
				_push(_t189);
				E00007FF67FF600ACE450(0x1, _t184);
				_t180 = _t179 | 0xffffffff;
				r13d = _t180 + 0x56;
				if (0x1 != 0) goto 0xaf7d3a;
				r9d = _t180 + 0x41;
				_t126 =  ~( *(_t139 + 0x18));
				asm("sbb edx, edx");
				E00007FF67FF600AED2B4(_t84, 0x1, _t126, _t139, _t184, _t184, 0, _t189 + 0x30);
				if (_t126 == 0) goto 0xaf7c66;
				E00007FF67FF600ACE450(_t126,  *_t139);
				if (_t126 != 0) goto 0xaf7ce5;
				 *(_t139 + 0x10) =  *(_t139 + 0x10) | 0x00000304;
				if ( *((intOrPtr*)(_t184 + (_t180 + 1) * 2)) != _t87) goto 0xaf7cd9;
				goto 0xaf7d1d;
				if ((_t83 & 0x00000002) != 0) goto 0xaf7d3a;
				if ( *((intOrPtr*)(_t139 + 0x14)) == 0) goto 0xaf7dc3;
				E00007FF67FF600B0109C(_t126,  *_t139);
				if (_t126 != 0) goto 0xaf7dc3;
				 *(_t139 + 0x10) =  *(_t139 + 0x10) | 0x00000002;
				if ( *((intOrPtr*)(_t184 + (_t180 + 1) * 2)) != _t87) goto 0xaf7d13;
				_t30 = _t139 + 0x258; // 0x2f0
				E00007FF67FF600AF0A34(_t126, _t139, _t30, _t208, _t184, _t180 + 2);
				_t98 = _t126;
				if (_t98 != 0) goto 0xaf7ed9;
				if (_t98 == 0) goto 0xaf7ea6;
				_t129 =  ~( *(_t139 + 0x18));
				r9d = 0x40;
				asm("sbb edx, edx");
				E00007FF67FF600AED2B4(_t84, _t98, _t129, _t139, _t184, _t184, 0, _t189 + 0x30);
				if (_t129 == 0) goto 0xaf7c66;
				E00007FF67FF600ACE450(_t129,  *_t139);
				if (_t129 != 0) goto 0xaf7ea6;
				_t130 =  *(_t139 + 0x10);
				asm("bts eax, 0x9");
				 *(_t139 + 0x10) = _t130;
				if ( *(_t139 + 0x18) == 0) goto 0xaf7df3;
				asm("bts eax, 0x8");
				_t38 = _t139 + 0x258; // 0x2f0
				 *(_t139 + 0x10) = _t130;
				if ( *_t38 != _t87) goto 0xaf7ea6;
				_t181 = _t180 + 1;
				if ( *((intOrPtr*)(_t184 + _t181 * 2)) != _t87) goto 0xaf7db5;
				goto 0xaf7e93;
				if (( *(_t139 + 0x10) & 0x00000001) != 0) goto 0xaf7d3a;
				E00007FF67FF600AF80A8(_t83,  *(_t139 + 0x10) & 0x00000001, _t184, _t189 + 0x30, _t184, 0, _t180 + 2);
				if (_t130 == 0) goto 0xaf7d3a;
				 *(_t139 + 0x10) =  *(_t139 + 0x10) | 0x00000001;
				if ( *((intOrPtr*)(_t184 + (_t181 + 1) * 2)) != _t87) goto 0xaf7de4;
				goto 0xaf7d1d;
				if ( *((intOrPtr*)(_t139 + 0x14)) == 0) goto 0xaf7e77;
				_t157 = _t181 + 1;
				if ( *((intOrPtr*)( *_t139 + _t157 * 2)) != _t87) goto 0xaf7dfe;
				if (_t157 !=  *((intOrPtr*)(_t139 + 0x14))) goto 0xaf7e77;
				_t80 = E00007FF67FF600AF80A8(_t83, _t157 -  *((intOrPtr*)(_t139 + 0x14)), _t184,  *_t139, _t184, 0, _t181 + 1);
				if (_t130 != 0) goto 0xaf7e5b;
				_t205 =  *_t139;
				r8d = _t87;
				if (_t205 == 0) goto 0xaf7e49;
				if (_t80 - 0x19 <= 0) goto 0xaf7e41;
				if (( *_t205 & 0x0000ffff) - 0x61 - 0x19 > 0) goto 0xaf7e49;
				r8d = r8d + 1;
				goto 0xaf7e2a;
				_t133 = _t181 + 1;
				if (_t205[_t133] != _t87) goto 0xaf7e4c;
				if (r8d == _t80) goto 0xaf7ea6;
				asm("bts dword [ebx+0x10], 0x8");
				_t56 = _t139 + 0x258; // 0x2f0
				if ( *_t56 != _t87) goto 0xaf7ea6;
				_t182 = _t181 + 1;
				if ( *((intOrPtr*)(_t184 + _t182 * 2)) != _t87) goto 0xaf7e6c;
				goto 0xaf7e93;
				asm("bts eax, 0x8");
				_t59 = _t139 + 0x258; // 0x2f0
				 *(_t139 + 0x10) = _t133;
				if ( *_t59 != _t87) goto 0xaf7ea6;
				if ( *((intOrPtr*)(_t184 + (_t182 + 1) * 2)) != _t87) goto 0xaf7e8a;
				_t81 = E00007FF67FF600AF0A34(_t133, _t139, _t59, _t208, _t184, _t182 + 2);
				if (_t133 != 0) goto 0xaf7ed9;
				return E00007FF67FF600AA5980(_t81, _t83,  *(_t189 + 0xb0) ^ _t189);
			}
































                                                0x7ff600af7c04
                                                0x7ff600af7c04
                                                0x7ff600af7c04
                                                0x7ff600af7c04
                                                0x7ff600af7c09
                                                0x7ff600af7c12
                                                0x7ff600af7c19
                                                0x7ff600af7c20
                                                0x7ff600af7c23
                                                0x7ff600af7c2b
                                                0x7ff600af7c2e
                                                0x7ff600af7c33
                                                0x7ff600af7c39
                                                0x7ff600af7c3e
                                                0x7ff600af7c3e
                                                0x7ff600af7c4d
                                                0x7ff600af7c5b
                                                0x7ff600af7c64
                                                0x7ff600af7c66
                                                0x7ff600af7c72
                                                0x7ff600af7c75
                                                0x7ff600af7c79
                                                0x7ff600af7c7c
                                                0x7ff600af7c81
                                                0x7ff600af7c85
                                                0x7ff600af7c8b
                                                0x7ff600af7c94
                                                0x7ff600af7c98
                                                0x7ff600af7ca2
                                                0x7ff600af7cb0
                                                0x7ff600af7cb7
                                                0x7ff600af7cc1
                                                0x7ff600af7ccb
                                                0x7ff600af7cd6
                                                0x7ff600af7ce1
                                                0x7ff600af7ce3
                                                0x7ff600af7ce8
                                                0x7ff600af7ced
                                                0x7ff600af7cff
                                                0x7ff600af7d06
                                                0x7ff600af7d0c
                                                0x7ff600af7d1b
                                                0x7ff600af7d1d
                                                0x7ff600af7d2d
                                                0x7ff600af7d32
                                                0x7ff600af7d34
                                                0x7ff600af7d46
                                                0x7ff600af7d54
                                                0x7ff600af7d56
                                                0x7ff600af7d5f
                                                0x7ff600af7d6d
                                                0x7ff600af7d74
                                                0x7ff600af7d82
                                                0x7ff600af7d89
                                                0x7ff600af7d8f
                                                0x7ff600af7d92
                                                0x7ff600af7d96
                                                0x7ff600af7d9c
                                                0x7ff600af7d9e
                                                0x7ff600af7da2
                                                0x7ff600af7da9
                                                0x7ff600af7daf
                                                0x7ff600af7db5
                                                0x7ff600af7dbc
                                                0x7ff600af7dbe
                                                0x7ff600af7dc7
                                                0x7ff600af7dd0
                                                0x7ff600af7dd7
                                                0x7ff600af7ddd
                                                0x7ff600af7dec
                                                0x7ff600af7dee
                                                0x7ff600af7df6
                                                0x7ff600af7dfe
                                                0x7ff600af7e05
                                                0x7ff600af7e0a
                                                0x7ff600af7e0f
                                                0x7ff600af7e16
                                                0x7ff600af7e18
                                                0x7ff600af7e1b
                                                0x7ff600af7e24
                                                0x7ff600af7e35
                                                0x7ff600af7e3f
                                                0x7ff600af7e44
                                                0x7ff600af7e47
                                                0x7ff600af7e4c
                                                0x7ff600af7e54
                                                0x7ff600af7e59
                                                0x7ff600af7e5b
                                                0x7ff600af7e60
                                                0x7ff600af7e6a
                                                0x7ff600af7e6c
                                                0x7ff600af7e73
                                                0x7ff600af7e75
                                                0x7ff600af7e77
                                                0x7ff600af7e7b
                                                0x7ff600af7e82
                                                0x7ff600af7e88
                                                0x7ff600af7e91
                                                0x7ff600af7e9d
                                                0x7ff600af7ea4
                                                0x7ff600af7ed8

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CurrentFeatureInfoLocalePresentProcessProcessor
                                                • String ID:
                                                • API String ID: 290369676-0
                                                • Opcode ID: 85e1805575c008c67b37a97a1e1050465c34ee7c0bc0e22f11c52a95c1d2edc3
                                                • Instruction ID: 13a240f558d4150ff3eec3063eb1735923bf6df55432b37fd8c45321d152b0aa
                                                • Opcode Fuzzy Hash: 85e1805575c008c67b37a97a1e1050465c34ee7c0bc0e22f11c52a95c1d2edc3
                                                • Instruction Fuzzy Hash: 65B1D333A1C646A2EB649F61D411ABD33A5EB94B88F604536DA4AC37CEDF3CE941C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADDB50 Relevance: .2, Instructions: 245COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 69%
                                                			E00007FF67FF600ADDB50(signed long long* __rcx, intOrPtr* __rdx, void* __r9, signed int __r11, long long __r12, long long __r13, signed int __r14, long long __r15) {
				void* __rbx;
				void* __rsi;
				signed long long _t101;
				signed long long _t107;
				signed long long _t138;
				signed long long _t140;
				signed long long _t141;
				signed long long _t142;
				signed long long _t143;
				signed long long _t144;
				void* _t145;
				signed long long _t147;
				signed long long _t153;
				signed long long* _t154;
				signed long long _t156;
				signed long long _t157;
				signed long long _t159;
				signed long long _t162;
				void* _t185;
				void* _t186;
				signed long long _t187;
				signed long long _t200;
				signed long long _t203;
				signed long long* _t211;

				_t206 = __r9;
				_t185 = _t186 - 0x2f8;
				_t187 = _t186 - 0x3f8;
				_t138 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t185 + 0x2d0) = _t138 ^ _t187;
				if ( *__rdx - 1 > 0) goto 0xaddc34;
				_t140 =  *((intOrPtr*)(__rdx + 4));
				if (_t140 != 0) goto 0xaddbb3;
				r9d = 0;
				 *(_t185 + 0x100) = r9d;
				asm("rol byte [ebx], 0x0");
				goto 0xaddebf;
				if (_t140 == 1) goto 0xaddbac;
				r11d =  *__rcx;
				if (r11d == 0) goto 0xaddbac;
				r9d = 0;
				_t147 =  &(__rcx[0]);
				r8d = r9d;
				r10d = r9d;
				r10d = r10d + 1;
				 *(_t147 + _t140 * 4) =  *(_t147 + _t140 * 4) * _t140 + _t140;
				if (r10d != r11d) goto 0xaddbd0;
				if (r8d == 0) goto 0xaddbac;
				_t141 =  *__rcx;
				if (_t141 - 0x73 >= 0) goto 0xaddc0f;
				 *(__rcx + 4 + _t141 * 4) = r8d;
				 *__rcx =  *__rcx + 1;
				goto 0xaddebf;
				 *(_t185 + 0x100) = r9d;
				_t153 = _t147;
				E00007FF67FF600AE1F6C(_t141, _t147, _t153, 0x1cc, __rcx, _t185 + 0x104, __r9);
				goto 0xaddebf;
				 *((long long*)(_t187 + 0x430)) = __r12;
				_t211 =  &(__rcx[0]);
				 *((long long*)(_t187 + 0x3e0)) = __r15;
				r15d =  *__rcx;
				if (r15d - 1 > 0) goto 0xaddd25;
				 *__rcx = _t153;
				_t154 = _t211;
				r9d =  *0x1cc;
				E00007FF67FF600AE1F6C(_t141, _t147, _t154, 0x1cc, __rcx, 0x480e8944000001d0, __r9);
				if (_t147 != 0) goto 0xaddc9f;
				r9d = 0;
				 *_t141 =  *_t141 + _t141;
				 *((intOrPtr*)(_t154 - 0x75)) =  *((intOrPtr*)(_t154 - 0x75)) + _t101;
				asm("int3");
				 *__rcx = r9d;
				E00007FF67FF600AE1F6C(_t141, _t147, _t154, 0x1cc, __rcx, _t185 + 0x104, __r9);
				goto 0xaddeaf;
				if (_t147 == 1) goto 0xaddc98;
				r11d =  *__rcx;
				if (r11d == 0) goto 0xaddc98;
				r9d = 0;
				r8d = r9d;
				r10d = r9d;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 1;
				 *((long long*)(_t211 + _t141 * 4)) = 0x1cc * _t147 + _t141;
				if (r10d != r11d) goto 0xaddcc0;
				if (r8d == 0) goto 0xaddc98;
				_t142 =  *__rcx;
				if (_t142 - 0x73 >= 0) goto 0xaddd00;
				 *(__rcx + 4 + _t142 * 4) = r8d;
				 *__rcx =  *__rcx + 1;
				goto 0xaddeaf;
				 *(_t185 + 0x100) = r9d;
				_t156 = _t187;
				E00007FF67FF600AE1F6C(_t142, _t147, _t156, 0x1cc, __rcx, _t185 + 0x104, _t206);
				goto 0xaddeaf;
				 *((long long*)(_t187 + 0x3f0)) = __r13;
				r11d = _t101;
				 *((long long*)(_t187 + 0x3e8)) = __r14;
				_t199 =  >=  ? __rcx : 0x1cc;
				_t200 = ( >=  ? __rcx : 0x1cc) + 4;
				 *(_t187 + 0x28) = _t200;
				r11d =  >=  ? r15d : r11d;
				_t215 =  >=  ? 0x1cc : __rcx;
				r15d =  >=  ? _t101 : r15d;
				 *(_t187 + 0x20) = r11d;
				r9d = 0;
				 *(_t185 + 0x100) = _t156;
				if (r11d == 0) goto 0xadde80;
				asm("o16 nop [eax+eax]");
				_t143 = _t147;
				r14d =  *((intOrPtr*)(_t200 + _t143 * 4));
				if (r14d != 0) goto 0xaddda9;
				if (_t147 != _t156) goto 0xadde75;
				_t40 = _t147 + 1; // 0x1
				_t157 = _t40;
				 *(_t185 + 0x104 + _t143 * 4) = r9d;
				 *(_t185 + 0x100) = _t157;
				goto 0xadde75;
				r10d = r9d;
				_t144 = _t147;
				if (r15d == 0) goto 0xadde6b;
				if (_t144 == 0x73) goto 0xadde19;
				r11d = 0;
				if (_t144 != _t157) goto 0xaddddd;
				_t45 = _t144 + 1; // 0x1
				 *(_t185 + 0x104 + __r11 * 4) = r9d;
				 *(_t185 + 0x100) = _t45;
				_t159 =  ~_t147 + _t144;
				_t145 = _t144 + 1;
				r8d =  *(( >=  ? 0x1cc : __rcx) + 4 + _t159 * 4);
				_t203 = _t200 * __r14 + _t159 + _t159;
				 *(_t185 + 0x104 + __r11 * 4) = r8d;
				if ( *(_t185 + 0x104 + __r11 * 4) != r15d) goto 0xadddc0;
				if (r10d == 0) goto 0xadde66;
				if (_t145 == 0x73) goto 0xadde66;
				r8d = 0;
				if (_t145 !=  *(_t185 + 0x100)) goto 0xadde3d;
				_t62 = _t145 + 1; // 0x1
				_t162 = _t62;
				 *(_t185 + 0x104 + _t203 * 4) = r9d;
				 *(_t185 + 0x100) = _t162;
				_t107 =  *(_t185 + 0x104 + _t203 * 4);
				 *(_t185 + 0x104 + _t203 * 4) = _t107;
				r10d = _t107;
				if (0x1cc + _t162 >> 0x20 != 0) goto 0xadde20;
				r11d =  *(_t187 + 0x20);
				if (_t145 + 1 == 0x73) goto 0xaddeda;
				if (r9d != r11d) goto 0xaddd80;
				r9d = r10d;
				 *__rcx =  *(_t185 + 0x100);
				E00007FF67FF600AE1F6C(_t145 + 1, _t147 + 1, _t211, 0x1cc, __rcx, _t185 + 0x104, _t206);
				return E00007FF67FF600AA5980(1, r10d,  *(_t185 + 0x2d0) ^ _t187);
			}



























                                                0x7ff600addb50
                                                0x7ff600addb55
                                                0x7ff600addb5d
                                                0x7ff600addb64
                                                0x7ff600addb6e
                                                0x7ff600addb7d
                                                0x7ff600addb83
                                                0x7ff600addb88
                                                0x7ff600addb8a
                                                0x7ff600addb98
                                                0x7ff600addba8
                                                0x7ff600addbae
                                                0x7ff600addbb6
                                                0x7ff600addbb8
                                                0x7ff600addbbe
                                                0x7ff600addbc0
                                                0x7ff600addbc3
                                                0x7ff600addbc7
                                                0x7ff600addbca
                                                0x7ff600addbd3
                                                0x7ff600addbea
                                                0x7ff600addbf3
                                                0x7ff600addbf8
                                                0x7ff600addbfa
                                                0x7ff600addbff
                                                0x7ff600addc01
                                                0x7ff600addc08
                                                0x7ff600addc0a
                                                0x7ff600addc16
                                                0x7ff600addc26
                                                0x7ff600addc28
                                                0x7ff600addc2f
                                                0x7ff600addc34
                                                0x7ff600addc3c
                                                0x7ff600addc40
                                                0x7ff600addc48
                                                0x7ff600addc4f
                                                0x7ff600addc5d
                                                0x7ff600addc5f
                                                0x7ff600addc62
                                                0x7ff600addc6e
                                                0x7ff600addc75
                                                0x7ff600addc77
                                                0x7ff600addc8a
                                                0x7ff600addc8c
                                                0x7ff600addc8f
                                                0x7ff600addc90
                                                0x7ff600addc93
                                                0x7ff600addc9a
                                                0x7ff600addca2
                                                0x7ff600addca4
                                                0x7ff600addcaa
                                                0x7ff600addcac
                                                0x7ff600addcaf
                                                0x7ff600addcb2
                                                0x7ff600addcb5
                                                0x7ff600addcc3
                                                0x7ff600addcdb
                                                0x7ff600addce4
                                                0x7ff600addce9
                                                0x7ff600addceb
                                                0x7ff600addcf0
                                                0x7ff600addcf2
                                                0x7ff600addcf9
                                                0x7ff600addcfb
                                                0x7ff600addd07
                                                0x7ff600addd17
                                                0x7ff600addd19
                                                0x7ff600addd20
                                                0x7ff600addd28
                                                0x7ff600addd30
                                                0x7ff600addd33
                                                0x7ff600addd41
                                                0x7ff600addd45
                                                0x7ff600addd4c
                                                0x7ff600addd51
                                                0x7ff600addd55
                                                0x7ff600addd59
                                                0x7ff600addd5d
                                                0x7ff600addd62
                                                0x7ff600addd6b
                                                0x7ff600addd74
                                                0x7ff600addd7a
                                                0x7ff600addd80
                                                0x7ff600addd82
                                                0x7ff600addd89
                                                0x7ff600addd8d
                                                0x7ff600addd93
                                                0x7ff600addd93
                                                0x7ff600addd96
                                                0x7ff600addd9e
                                                0x7ff600addda4
                                                0x7ff600addda9
                                                0x7ff600adddac
                                                0x7ff600adddb1
                                                0x7ff600adddc3
                                                0x7ff600adddc5
                                                0x7ff600adddca
                                                0x7ff600adddcc
                                                0x7ff600adddcf
                                                0x7ff600adddd7
                                                0x7ff600addddd
                                                0x7ff600addde0
                                                0x7ff600addde2
                                                0x7ff600adddf9
                                                0x7ff600adde02
                                                0x7ff600adde17
                                                0x7ff600adde1c
                                                0x7ff600adde23
                                                0x7ff600adde25
                                                0x7ff600adde2a
                                                0x7ff600adde2c
                                                0x7ff600adde2c
                                                0x7ff600adde2f
                                                0x7ff600adde37
                                                0x7ff600adde3d
                                                0x7ff600adde4d
                                                0x7ff600adde5f
                                                0x7ff600adde64
                                                0x7ff600adde66
                                                0x7ff600adde6e
                                                0x7ff600adde7a
                                                0x7ff600adde80
                                                0x7ff600adde8a
                                                0x7ff600adde98
                                                0x7ff600added9

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64c02a560365fb73d27b5674fc861cef20bd529188a463e1060470400ac32466
                                                • Instruction ID: 757e35a52ed3046c6af424b0aa2151c0c698f4f70a3899560db45f86e8655add
                                                • Opcode Fuzzy Hash: 64c02a560365fb73d27b5674fc861cef20bd529188a463e1060470400ac32466
                                                • Instruction Fuzzy Hash: 6EA19273A142C29BD7798F15A440BF977A0FB65788F609136DF8A87B49CF38A944C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC4C48 Relevance: .2, Instructions: 221COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 47%
                                                			E00007FF67FF600AC4C48(long long __rbx, long long __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				signed int _v40;
				signed long long _v48;
				void* _v52;
				void* _v56;
				void* _v72;
				void* __rdi;
				void* __rsi;
				void* _t74;
				signed char _t76;
				void* _t90;
				signed char _t92;
				void* _t93;
				short _t97;
				short _t98;
				void* _t99;
				void* _t100;
				signed long long _t142;
				signed long long _t144;
				long long _t162;
				long long _t164;
				signed long long _t190;
				void* _t191;
				long long* _t198;
				void* _t200;
				signed long long _t201;
				void* _t203;
				void* _t208;
				signed long long _t211;

				_t197 = __rbp;
				_t164 = __rcx;
				_t162 = __rbx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t201 = _t200 - 0x40;
				_t142 =  *0xb2fde8; // 0xc4f55cf73642
				_v48 = _t142 ^ _t201;
				_t144 =  *(__rcx + 0x42) & 0x0000ffff;
				asm("outsb");
				asm("loopne 0x46");
				_t100 = _t74 - 0x64;
				if (_t100 > 0) goto 0xac4ceb;
				if (_t100 == 0) goto 0xac4d69;
				if (_t74 == 0x41) goto 0xac4d7c;
				if (_t74 == 0x43) goto 0xac4cd5;
				if (_t74 - 0x44 <= 0) goto 0xac4d85;
				if (_t74 - 0x47 <= 0) goto 0xac4d7c;
				if (_t74 == 0x53) goto 0xac4d25;
				if (_t74 == _t99) goto 0xac4d3a;
				if (_t74 == 0x5a) goto 0xac4ce1;
				if (_t74 == 0x61) goto 0xac4d7c;
				if (_t74 != 0x63) goto 0xac4d85;
				E00007FF67FF600AC8250(__rbx, __rcx, 0x78);
				goto 0xac4d81;
				_t76 = E00007FF67FF600AC62D4(_t92, _t162, __rcx, 0x78);
				goto 0xac4d81;
				if (_t76 - 0x67 <= 0) goto 0xac4d7c;
				if (_t76 == 0x69) goto 0xac4d69;
				if (_t76 == 0x6e) goto 0xac4d62;
				if (_t76 == 0x6f) goto 0xac4d44;
				if (_t76 == 0x70) goto 0xac4d2c;
				if (_t76 == 0x73) goto 0xac4d25;
				if (_t76 == 0x75) goto 0xac4d6d;
				if (_t76 != _t98) goto 0xac4d85;
				 *_t144 =  *_t144 + _t76;
				goto 0xac4d81;
				 *((long long*)(_t164 + 0x38)) = 0x10;
				 *((long long*)(_t164 + 0x3c)) = 0xb;
				r8b = r15b;
				 *(_t162 + 0x5e8c1c1) =  *(_t162 + 0x5e8c1c1) ^ _t92;
				if ((r15b & _t76) == 0) goto 0xac4d58;
				asm("bts ecx, 0x7");
				 *((long long*)(_t162 + 0x30)) = _t164;
				asm("adc al, ch");
				asm("adc [eax], edx");
				asm("sbb [ebx-0x45efcfb7], al");
				 *_t144 =  *_t144 + (_t76 |  *_t144);
				r8d = 0;
				E00007FF67FF600AC9178(_t90 + bpl, _t93, _t97, _t98, r15b & _t76, _t144, _t162, _t164, __rbp, _t203, _t208);
				goto 0xac4d81;
				if (E00007FF67FF600AC7238(_t93, _t98, _t162, _t164, 0x8dd98b4800000001, 0x78, _t197) != 0) goto 0xac4d8c;
				goto 0xac4f15;
				if ( *((long long*)(_t162 + 0x47c)) != 2) goto 0xac4da2;
				if ( *((intOrPtr*)(_t162 + 0x478)) == r15d) goto 0xac4f12;
				if ( *((char*)(_t162 + 0x40)) != 0) goto 0xac4f12;
				_v48 = 0;
				 *((short*)(_t201 + 0x34)) = 0;
				r13d = 0x20;
				if ((r15b & 0) == 0) goto 0xac4dfc;
				if ((r15b & 0) == 0) goto 0xac4dde;
				_v48 = 0;
				goto 0xac4df9;
				if ((r15b & _t92) == 0) goto 0xac4dea;
				if ((r15b & 0) == 0) goto 0xac4dfc;
				_v48 = r13w;
				_t190 = _t211;
				r9d = 0xffdf;
				if ((r9w & 0 - _t99) != 0) goto 0xac4e21;
				if ((r15b & 0) == 0) goto 0xac4e21;
				r8b = r15b;
				goto 0xac4e24;
				r8b = 0;
				r9d = 0x30;
				if (r8b != 0) goto 0xac4e3d;
				if (0 == 0) goto 0xac4e5a;
				 *(_t201 + 0x30 + _t190 * 2) = r9w;
				if (_t93 == _t99) goto 0xac4e4e;
				if (_t93 != 0x41) goto 0xac4e51;
				 *((short*)(_t201 + 0x32 + _t190 * 2)) = _t98;
				_t191 = _t190 + 2;
				if ((_t92 & 0x0000000c) != 0) goto 0xac4e7d;
				r8d = _t98;
				E00007FF67FF600ABC798(r13b, _t162, _t162 + 0x468, _t191,  *((intOrPtr*)(_t162 + 0x34)) -  *((intOrPtr*)(_t162 + 0x50)) - _t191, _t197, _t162 + 0x28);
				_t210 = _t162 + 0x468;
				_t198 = _t162 + 0x28;
				if ((r15b & _t92) == 0) goto 0xac4ea5;
				if ( *((long long*)( *((intOrPtr*)(_t162 + 0x468)) + 8)) != 0) goto 0xac4ea5;
				 *_t198 =  *_t198 + _t191;
				goto 0xac4ec1;
				r8d = _t97;
				 *((long long*)(_t201 + 0x20)) = _t162 + 0x10;
				_t61 =  &_v48; // 0x20
				E00007FF67FF600ACD5A0(_t162, _t162 + 0x468, _t61, _t191,  *((intOrPtr*)(_t162 + 0x34)) -  *((intOrPtr*)(_t162 + 0x50)) - _t191, _t198, _t198);
				if ((r15b & 0) == 0) goto 0xac4ee6;
				if ((r15b & _t92) != 0) goto 0xac4ee6;
				r8d = _t98;
				E00007FF67FF600ABC798(0x30, _t162, _t162 + 0x468, _t191,  *((intOrPtr*)(_t162 + 0x34)) -  *((intOrPtr*)(_t162 + 0x50)) - _t191, _t198, _t198);
				E00007FF67FF600ACCE54(_t162, _t162, _t198);
				if ( *_t198 < 0) goto 0xac4f12;
				if ((r15b & _t92) == 0) goto 0xac4f12;
				r8d = _t98;
				E00007FF67FF600ABC798(r13b, _t162, _t210, _t191,  *((intOrPtr*)(_t162 + 0x34)) -  *((intOrPtr*)(_t162 + 0x50)) - _t191, _t198, _t198);
				return E00007FF67FF600AA5980(r15b, _t92, _v40 ^ _t201);
			}































                                                0x7ff600ac4c48
                                                0x7ff600ac4c48
                                                0x7ff600ac4c48
                                                0x7ff600ac4c48
                                                0x7ff600ac4c4d
                                                0x7ff600ac4c5a
                                                0x7ff600ac4c5e
                                                0x7ff600ac4c68
                                                0x7ff600ac4c6d
                                                0x7ff600ac4c7a
                                                0x7ff600ac4c7b
                                                0x7ff600ac4c80
                                                0x7ff600ac4c84
                                                0x7ff600ac4c86
                                                0x7ff600ac4c90
                                                0x7ff600ac4c9a
                                                0x7ff600ac4ca0
                                                0x7ff600ac4caa
                                                0x7ff600ac4cb4
                                                0x7ff600ac4cb9
                                                0x7ff600ac4cbf
                                                0x7ff600ac4cc5
                                                0x7ff600ac4ccf
                                                0x7ff600ac4cd7
                                                0x7ff600ac4cdc
                                                0x7ff600ac4ce1
                                                0x7ff600ac4ce6
                                                0x7ff600ac4cef
                                                0x7ff600ac4cf9
                                                0x7ff600ac4cff
                                                0x7ff600ac4d05
                                                0x7ff600ac4d0b
                                                0x7ff600ac4d11
                                                0x7ff600ac4d17
                                                0x7ff600ac4d1c
                                                0x7ff600ac4d28
                                                0x7ff600ac4d2a
                                                0x7ff600ac4d2c
                                                0x7ff600ac4d33
                                                0x7ff600ac4d3a
                                                0x7ff600ac4d46
                                                0x7ff600ac4d4f
                                                0x7ff600ac4d51
                                                0x7ff600ac4d55
                                                0x7ff600ac4d61
                                                0x7ff600ac4d63
                                                0x7ff600ac4d68
                                                0x7ff600ac4d70
                                                0x7ff600ac4d72
                                                0x7ff600ac4d75
                                                0x7ff600ac4d7a
                                                0x7ff600ac4d83
                                                0x7ff600ac4d87
                                                0x7ff600ac4d93
                                                0x7ff600ac4d9c
                                                0x7ff600ac4da6
                                                0x7ff600ac4db1
                                                0x7ff600ac4db7
                                                0x7ff600ac4dc1
                                                0x7ff600ac4dc8
                                                0x7ff600ac4dd2
                                                0x7ff600ac4dd7
                                                0x7ff600ac4ddc
                                                0x7ff600ac4de1
                                                0x7ff600ac4df1
                                                0x7ff600ac4df3
                                                0x7ff600ac4df9
                                                0x7ff600ac4e00
                                                0x7ff600ac4e10
                                                0x7ff600ac4e1a
                                                0x7ff600ac4e1c
                                                0x7ff600ac4e1f
                                                0x7ff600ac4e21
                                                0x7ff600ac4e2b
                                                0x7ff600ac4e37
                                                0x7ff600ac4e3b
                                                0x7ff600ac4e3d
                                                0x7ff600ac4e46
                                                0x7ff600ac4e4c
                                                0x7ff600ac4e51
                                                0x7ff600ac4e56
                                                0x7ff600ac4e65
                                                0x7ff600ac4e6b
                                                0x7ff600ac4e78
                                                0x7ff600ac4e7d
                                                0x7ff600ac4e87
                                                0x7ff600ac4e94
                                                0x7ff600ac4e9e
                                                0x7ff600ac4ea0
                                                0x7ff600ac4ea3
                                                0x7ff600ac4eac
                                                0x7ff600ac4eaf
                                                0x7ff600ac4eb4
                                                0x7ff600ac4ebc
                                                0x7ff600ac4ecc
                                                0x7ff600ac4ed4
                                                0x7ff600ac4ed9
                                                0x7ff600ac4ee1
                                                0x7ff600ac4eeb
                                                0x7ff600ac4ef4
                                                0x7ff600ac4eff
                                                0x7ff600ac4f04
                                                0x7ff600ac4f0d
                                                0x7ff600ac4f3a

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 895811fdcd992b7e05637de3808bf65c500627967347dab2bcfd2c66ed036be2
                                                • Instruction ID: b98522f2f1c40c9e21eabb2b7eb9be54a5a758dc3a2f39ea5df4b22cae4a5b8d
                                                • Opcode Fuzzy Hash: 895811fdcd992b7e05637de3808bf65c500627967347dab2bcfd2c66ed036be2
                                                • Instruction Fuzzy Hash: D9812C17E1820366FB75AA158020EB922A0FF48744FA65935DD4EC779FCF2DE846C748
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC4968 Relevance: .2, Instructions: 217COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 46%
                                                			E00007FF67FF600AC4968(long long __rbx, long long __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* _v40;
				signed int _v48;
				short _v52;
				char _v56;
				long long _v72;
				void* __rdi;
				void* __rsi;
				void* _t72;
				signed char _t74;
				signed char _t86;
				signed char _t87;
				short _t91;
				short _t92;
				void* _t93;
				void* _t94;
				signed long long _t134;
				long long _t154;
				signed long long _t183;
				void* _t184;
				long long* _t191;
				void* _t193;
				signed long long _t195;
				signed int* _t197;
				signed long long _t204;

				_t154 = __rbx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t134 =  *0xb2fde8; // 0xc4f55cf73642
				_v48 = _t134 ^ _t193 - 0x00000040;
				asm("outsb");
				asm("loopne 0x46");
				_t94 = _t72 - 0x64;
				if (_t94 > 0) goto 0xac4a0b;
				if (_t94 == 0) goto 0xac4a89;
				if (_t72 == 0x41) goto 0xac4a9c;
				if (_t72 == 0x43) goto 0xac49f5;
				if (_t72 - 0x44 <= 0) goto 0xac4aa5;
				if (_t72 - 0x47 <= 0) goto 0xac4a9c;
				if (_t72 == 0x53) goto 0xac4a45;
				if (_t72 == _t93) goto 0xac4a5a;
				if (_t72 == 0x5a) goto 0xac4a01;
				if (_t72 == 0x61) goto 0xac4a9c;
				if (_t72 != 0x63) goto 0xac4aa5;
				E00007FF67FF600AC81A8(_t72 - 0x63, __rbx, __rcx, 0x78);
				goto 0xac4aa1;
				_t74 = E00007FF67FF600AC6258(_t86, _t154, __rcx, 0x78);
				goto 0xac4aa1;
				if (_t74 - 0x67 <= 0) goto 0xac4a9c;
				if (_t74 == 0x69) goto 0xac4a89;
				if (_t74 == 0x6e) goto 0xac4a82;
				if (_t74 == 0x6f) goto 0xac4a64;
				if (_t74 == 0x70) goto 0xac4a4c;
				if (_t74 == 0x73) goto 0xac4a45;
				if (_t74 == 0x75) goto 0xac4a8d;
				if (_t74 != _t92) goto 0xac4aa5;
				_pop(_t195);
				 *( *(__rcx + 0x42) & 0x0000ffff) =  *( *(__rcx + 0x42) & 0x0000ffff) + _t74;
				goto 0xac4aa1;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(_t154 + 0x5e8c1c1) =  *(_t154 + 0x5e8c1c1) ^ _t86;
				if ((r15b & _t74) == 0) goto 0xac4a78;
				asm("bts ecx, 0x7");
				 *((long long*)(_t154 + 0x30)) = __rcx;
				asm("adc al, ch");
				 *_t197 =  *_t197 ^ _t87;
				_push(0x78);
				 *_t197 =  *_t197 + r8b;
				goto 0xac4aa1;
				if (E00007FF67FF600AC7058(_t87, _t92, _t154, __rcx, 0x8dd98b4800000001, 0x78, __rbp, _t197) != 0) goto 0xac4aac;
				goto 0xac4c1f;
				if ( *((char*)(_t154 + 0x40)) != 0) goto 0xac4c1c;
				_v56 = 0;
				_v52 = 0;
				r13d = 0x20;
				if ((r15b & 0) == 0) goto 0xac4b06;
				if ((r15b & 0) == 0) goto 0xac4ae8;
				_v56 = 0;
				goto 0xac4b03;
				if ((r15b & _t86) == 0) goto 0xac4af4;
				if ((r15b & 0) == 0) goto 0xac4b06;
				_v56 = r13w;
				_t183 = _t204;
				r9d = 0xffdf;
				if ((r9w & 0 - _t93) != 0) goto 0xac4b2b;
				if ((r15b & 0) == 0) goto 0xac4b2b;
				r8b = r15b;
				goto 0xac4b2e;
				r8b = 0;
				r9d = 0x30;
				if (r8b != 0) goto 0xac4b47;
				if (0 == 0) goto 0xac4b64;
				 *(_t195 + 0x30 + _t183 * 2) = r9w;
				if (_t87 == _t93) goto 0xac4b58;
				if (_t87 != 0x41) goto 0xac4b5b;
				 *((short*)(_t195 + 0x32 + _t183 * 2)) = _t92;
				_t184 = _t183 + 2;
				if ((_t86 & 0x0000000c) != 0) goto 0xac4b87;
				r8d = _t92;
				E00007FF67FF600ABC798(r13b, _t154, _t154 + 0x468, _t184,  *((intOrPtr*)(_t154 + 0x34)) -  *((intOrPtr*)(_t154 + 0x50)) - _t184, __rbp, _t154 + 0x28);
				_t203 = _t154 + 0x468;
				_t191 = _t154 + 0x28;
				if ((r15b & _t86) == 0) goto 0xac4baf;
				if ( *((long long*)( *((intOrPtr*)(_t154 + 0x468)) + 8)) != 0) goto 0xac4baf;
				 *_t191 =  *_t191 + _t184;
				goto 0xac4bcb;
				r8d = _t91;
				_v72 = _t154 + 0x10;
				E00007FF67FF600ACD5A0(_t154, _t154 + 0x468,  &_v56, _t184,  *((intOrPtr*)(_t154 + 0x34)) -  *((intOrPtr*)(_t154 + 0x50)) - _t184, _t191, _t191);
				if ((r15b & 0) == 0) goto 0xac4bf0;
				if ((r15b & _t86) != 0) goto 0xac4bf0;
				r8d = _t92;
				E00007FF67FF600ABC798(0x30, _t154, _t154 + 0x468, _t184,  *((intOrPtr*)(_t154 + 0x34)) -  *((intOrPtr*)(_t154 + 0x50)) - _t184, _t191, _t191);
				E00007FF67FF600ACCD50(_t154, _t154, _t191);
				if ( *_t191 < 0) goto 0xac4c1c;
				if ((r15b & _t86) == 0) goto 0xac4c1c;
				r8d = _t92;
				E00007FF67FF600ABC798(r13b, _t154, _t203, _t184,  *((intOrPtr*)(_t154 + 0x34)) -  *((intOrPtr*)(_t154 + 0x50)) - _t184, _t191, _t191);
				return E00007FF67FF600AA5980(r15b, _t86, _v48 ^ _t195);
			}



























                                                0x7ff600ac4968
                                                0x7ff600ac4968
                                                0x7ff600ac496d
                                                0x7ff600ac497e
                                                0x7ff600ac4988
                                                0x7ff600ac499a
                                                0x7ff600ac499b
                                                0x7ff600ac49a0
                                                0x7ff600ac49a4
                                                0x7ff600ac49a6
                                                0x7ff600ac49b0
                                                0x7ff600ac49ba
                                                0x7ff600ac49c0
                                                0x7ff600ac49ca
                                                0x7ff600ac49d4
                                                0x7ff600ac49d9
                                                0x7ff600ac49df
                                                0x7ff600ac49e5
                                                0x7ff600ac49ef
                                                0x7ff600ac49f7
                                                0x7ff600ac49fc
                                                0x7ff600ac4a01
                                                0x7ff600ac4a06
                                                0x7ff600ac4a0f
                                                0x7ff600ac4a19
                                                0x7ff600ac4a1f
                                                0x7ff600ac4a25
                                                0x7ff600ac4a2b
                                                0x7ff600ac4a31
                                                0x7ff600ac4a37
                                                0x7ff600ac4a3c
                                                0x7ff600ac4a47
                                                0x7ff600ac4a48
                                                0x7ff600ac4a4a
                                                0x7ff600ac4a4c
                                                0x7ff600ac4a53
                                                0x7ff600ac4a5a
                                                0x7ff600ac4a66
                                                0x7ff600ac4a6f
                                                0x7ff600ac4a71
                                                0x7ff600ac4a75
                                                0x7ff600ac4a81
                                                0x7ff600ac4a8a
                                                0x7ff600ac4a96
                                                0x7ff600ac4a97
                                                0x7ff600ac4a9a
                                                0x7ff600ac4aa3
                                                0x7ff600ac4aa7
                                                0x7ff600ac4ab0
                                                0x7ff600ac4abb
                                                0x7ff600ac4ac1
                                                0x7ff600ac4acb
                                                0x7ff600ac4ad2
                                                0x7ff600ac4adc
                                                0x7ff600ac4ae1
                                                0x7ff600ac4ae6
                                                0x7ff600ac4aeb
                                                0x7ff600ac4afb
                                                0x7ff600ac4afd
                                                0x7ff600ac4b03
                                                0x7ff600ac4b0a
                                                0x7ff600ac4b1a
                                                0x7ff600ac4b24
                                                0x7ff600ac4b26
                                                0x7ff600ac4b29
                                                0x7ff600ac4b2b
                                                0x7ff600ac4b35
                                                0x7ff600ac4b41
                                                0x7ff600ac4b45
                                                0x7ff600ac4b47
                                                0x7ff600ac4b50
                                                0x7ff600ac4b56
                                                0x7ff600ac4b5b
                                                0x7ff600ac4b60
                                                0x7ff600ac4b6f
                                                0x7ff600ac4b75
                                                0x7ff600ac4b82
                                                0x7ff600ac4b87
                                                0x7ff600ac4b91
                                                0x7ff600ac4b9e
                                                0x7ff600ac4ba8
                                                0x7ff600ac4baa
                                                0x7ff600ac4bad
                                                0x7ff600ac4bb6
                                                0x7ff600ac4bb9
                                                0x7ff600ac4bc6
                                                0x7ff600ac4bd6
                                                0x7ff600ac4bde
                                                0x7ff600ac4be3
                                                0x7ff600ac4beb
                                                0x7ff600ac4bf5
                                                0x7ff600ac4bfe
                                                0x7ff600ac4c09
                                                0x7ff600ac4c0e
                                                0x7ff600ac4c17
                                                0x7ff600ac4c44

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e34f769dd1826c70adcc2b547ab6804c22f639c9dd232cd6603f473c23c25f6
                                                • Instruction ID: ee88bb6a62459c4776e91dc1ef5f29a93794a99742d95f0daab4bc0fb96af99b
                                                • Opcode Fuzzy Hash: 3e34f769dd1826c70adcc2b547ab6804c22f639c9dd232cd6603f473c23c25f6
                                                • Instruction Fuzzy Hash: 0D81F427A1820366FB689A198020FBD2690EF48784FA65935DD4DD739FCF2DEC46870C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AC4F3C Relevance: .2, Instructions: 217COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 44%
                                                			E00007FF67FF600AC4F3C(long long __rbx, long long __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				signed int _v40;
				signed long long _v48;
				void* _v52;
				void* _v56;
				void* _v72;
				void* __rdi;
				void* __rsi;
				void* _t74;
				signed char _t76;
				signed char _t87;
				void* _t88;
				short _t92;
				short _t93;
				void* _t94;
				void* _t95;
				signed long long _t135;
				intOrPtr* _t138;
				long long _t156;
				signed long long _t185;
				void* _t186;
				long long* _t193;
				void* _t195;
				signed long long _t196;
				signed long long _t204;

				_t156 = __rbx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t196 = _t195 - 0x40;
				_t135 =  *0xb2fde8; // 0xc4f55cf73642
				_v48 = _t135 ^ _t196;
				asm("outsb");
				asm("loopne 0x46");
				_t95 = _t74 - 0x64;
				if (_t95 > 0) goto 0xac4fdf;
				if (_t95 == 0) goto 0xac505d;
				if (_t74 == 0x41) goto 0xac5070;
				if (_t74 == 0x43) goto 0xac4fc9;
				if (_t74 - 0x44 <= 0) goto 0xac5079;
				if (_t74 - 0x47 <= 0) goto 0xac5070;
				if (_t74 == 0x53) goto 0xac5019;
				if (_t74 == _t94) goto 0xac502e;
				if (_t74 == 0x5a) goto 0xac4fd5;
				if (_t74 == 0x61) goto 0xac5070;
				if (_t74 != 0x63) goto 0xac5079;
				E00007FF67FF600AC831C(_t74 - 0x63, __rbx, __rcx, 0x78);
				goto 0xac5075;
				_t76 = E00007FF67FF600AC636C(_t87, _t156, __rcx, 0x78);
				goto 0xac5075;
				if (_t76 - 0x67 <= 0) goto 0xac5070;
				if (_t76 == 0x69) goto 0xac505d;
				if (_t76 == 0x6e) goto 0xac5056;
				if (_t76 == 0x6f) goto 0xac5038;
				if (_t76 == 0x70) goto 0xac5020;
				if (_t76 == 0x73) goto 0xac5019;
				if (_t76 == 0x75) goto 0xac5061;
				if (_t76 != _t93) goto 0xac5079;
				_pop(_t138);
				 *_t138 =  *_t138 + _t76;
				goto 0xac5075;
				 *((long long*)(__rcx + 0x38)) = 0x10;
				 *((long long*)(__rcx + 0x3c)) = 0xb;
				r8b = r15b;
				 *(_t156 + 0x5e8c1c1) =  *(_t156 + 0x5e8c1c1) ^ _t87;
				if ((r15b & _t76) == 0) goto 0xac504c;
				asm("bts ecx, 0x7");
				 *((long long*)(_t156 + 0x30)) = __rcx;
				asm("adc al, ch");
				asm("int 0x4d");
				 *_t138 =  *_t138 + _t76;
				goto 0xac5075;
				 *(__rcx + 0x30) =  *(__rcx + 0x30) | 0x00000010;
				 *_t138 =  *_t138 + _t76;
				if (_t76 != 0) goto 0xac5080;
				goto 0xac51f3;
				if ( *((char*)(_t156 + 0x40)) != 0) goto 0xac51f0;
				_v48 = 0;
				 *((short*)(_t196 + 0x34)) = 0;
				r13d = 0x20;
				if ((r15b & 0) == 0) goto 0xac50da;
				if ((r15b & 0) == 0) goto 0xac50bc;
				_v48 = 0;
				goto 0xac50d7;
				if ((r15b & _t87) == 0) goto 0xac50c8;
				if ((r15b & 0) == 0) goto 0xac50da;
				_v48 = r13w;
				_t185 = _t204;
				r9d = 0xffdf;
				if ((r9w & 0 - _t94) != 0) goto 0xac50ff;
				if ((r15b & 0) == 0) goto 0xac50ff;
				r8b = r15b;
				goto 0xac5102;
				r8b = 0;
				r9d = 0x30;
				if (r8b != 0) goto 0xac511b;
				if (0 == 0) goto 0xac5138;
				 *(_t196 + 0x30 + _t185 * 2) = r9w;
				if (_t88 == _t94) goto 0xac512c;
				if (_t88 != 0x41) goto 0xac512f;
				 *((short*)(_t196 + 0x32 + _t185 * 2)) = _t93;
				_t186 = _t185 + 2;
				if ((_t87 & 0x0000000c) != 0) goto 0xac515b;
				r8d = _t93;
				E00007FF67FF600ABC798(r13b, _t156, _t156 + 0x468, _t186,  *((intOrPtr*)(_t156 + 0x34)) -  *((intOrPtr*)(_t156 + 0x50)) - _t186, __rbp, _t156 + 0x28);
				_t203 = _t156 + 0x468;
				_t193 = _t156 + 0x28;
				if ((r15b & _t87) == 0) goto 0xac5183;
				if ( *((long long*)( *((intOrPtr*)(_t156 + 0x468)) + 8)) != 0) goto 0xac5183;
				 *_t193 =  *_t193 + _t186;
				goto 0xac519f;
				r8d = _t92;
				 *((long long*)(_t196 + 0x20)) = _t156 + 0x10;
				E00007FF67FF600ACD5A0(_t156, _t156 + 0x468,  &_v48, _t186,  *((intOrPtr*)(_t156 + 0x34)) -  *((intOrPtr*)(_t156 + 0x50)) - _t186, _t193, _t193);
				if ((r15b & 0) == 0) goto 0xac51c4;
				if ((r15b & _t87) != 0) goto 0xac51c4;
				r8d = _t93;
				E00007FF67FF600ABC798(0x30, _t156, _t156 + 0x468, _t186,  *((intOrPtr*)(_t156 + 0x34)) -  *((intOrPtr*)(_t156 + 0x50)) - _t186, _t193, _t193);
				E00007FF67FF600ACCF58(_t156, _t156, _t193);
				if ( *_t193 < 0) goto 0xac51f0;
				if ((r15b & _t87) == 0) goto 0xac51f0;
				r8d = _t93;
				E00007FF67FF600ABC798(r13b, _t156, _t203, _t186,  *((intOrPtr*)(_t156 + 0x34)) -  *((intOrPtr*)(_t156 + 0x50)) - _t186, _t193, _t193);
				return E00007FF67FF600AA5980(r15b, _t87, _v40 ^ _t196);
			}



























                                                0x7ff600ac4f3c
                                                0x7ff600ac4f3c
                                                0x7ff600ac4f41
                                                0x7ff600ac4f4e
                                                0x7ff600ac4f52
                                                0x7ff600ac4f5c
                                                0x7ff600ac4f6e
                                                0x7ff600ac4f6f
                                                0x7ff600ac4f74
                                                0x7ff600ac4f78
                                                0x7ff600ac4f7a
                                                0x7ff600ac4f84
                                                0x7ff600ac4f8e
                                                0x7ff600ac4f94
                                                0x7ff600ac4f9e
                                                0x7ff600ac4fa8
                                                0x7ff600ac4fad
                                                0x7ff600ac4fb3
                                                0x7ff600ac4fb9
                                                0x7ff600ac4fc3
                                                0x7ff600ac4fcb
                                                0x7ff600ac4fd0
                                                0x7ff600ac4fd5
                                                0x7ff600ac4fda
                                                0x7ff600ac4fe3
                                                0x7ff600ac4fed
                                                0x7ff600ac4ff3
                                                0x7ff600ac4ff9
                                                0x7ff600ac4fff
                                                0x7ff600ac5005
                                                0x7ff600ac500b
                                                0x7ff600ac5010
                                                0x7ff600ac501b
                                                0x7ff600ac501c
                                                0x7ff600ac501e
                                                0x7ff600ac5020
                                                0x7ff600ac5027
                                                0x7ff600ac502e
                                                0x7ff600ac503a
                                                0x7ff600ac5043
                                                0x7ff600ac5045
                                                0x7ff600ac5049
                                                0x7ff600ac5055
                                                0x7ff600ac5057
                                                0x7ff600ac5059
                                                0x7ff600ac505b
                                                0x7ff600ac505d
                                                0x7ff600ac5073
                                                0x7ff600ac5077
                                                0x7ff600ac507b
                                                0x7ff600ac5084
                                                0x7ff600ac508f
                                                0x7ff600ac5095
                                                0x7ff600ac509f
                                                0x7ff600ac50a6
                                                0x7ff600ac50b0
                                                0x7ff600ac50b5
                                                0x7ff600ac50ba
                                                0x7ff600ac50bf
                                                0x7ff600ac50cf
                                                0x7ff600ac50d1
                                                0x7ff600ac50d7
                                                0x7ff600ac50de
                                                0x7ff600ac50ee
                                                0x7ff600ac50f8
                                                0x7ff600ac50fa
                                                0x7ff600ac50fd
                                                0x7ff600ac50ff
                                                0x7ff600ac5109
                                                0x7ff600ac5115
                                                0x7ff600ac5119
                                                0x7ff600ac511b
                                                0x7ff600ac5124
                                                0x7ff600ac512a
                                                0x7ff600ac512f
                                                0x7ff600ac5134
                                                0x7ff600ac5143
                                                0x7ff600ac5149
                                                0x7ff600ac5156
                                                0x7ff600ac515b
                                                0x7ff600ac5165
                                                0x7ff600ac5172
                                                0x7ff600ac517c
                                                0x7ff600ac517e
                                                0x7ff600ac5181
                                                0x7ff600ac518a
                                                0x7ff600ac518d
                                                0x7ff600ac519a
                                                0x7ff600ac51aa
                                                0x7ff600ac51b2
                                                0x7ff600ac51b7
                                                0x7ff600ac51bf
                                                0x7ff600ac51c9
                                                0x7ff600ac51d2
                                                0x7ff600ac51dd
                                                0x7ff600ac51e2
                                                0x7ff600ac51eb
                                                0x7ff600ac5218

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff3760b44a457c12db4d1b2eb29c8e842aeb3eac3951afc3c60d5b002e0eacee
                                                • Instruction ID: 32699a8b04fd6d5a8582793ebbea16c3af58691e0dfe4b1238495765f8577c14
                                                • Opcode Fuzzy Hash: ff3760b44a457c12db4d1b2eb29c8e842aeb3eac3951afc3c60d5b002e0eacee
                                                • Instruction Fuzzy Hash: EC81DB17E18A42AAEB689A358010EB91290EF40744FA65A35ED4DC739FCF2DF8C6C745
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AE6A68 Relevance: .1, Instructions: 126COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 56%
                                                			E00007FF67FF600AE6A68(void* __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t21;
				void* _t23;
				int _t25;
				void* _t28;
				signed int _t29;
				void* _t36;
				signed int* _t66;
				signed long long _t68;
				signed long long _t69;
				signed long long _t70;
				signed long long _t94;
				signed long long _t95;
				signed long long _t97;
				signed long long _t103;
				long long _t114;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long*** _t132;

				_t36 = __edi;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t114;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t132 = __rcx;
				_t66 =  *((intOrPtr*)( *((intOrPtr*)(__rcx))));
				if (_t66 == 0) goto 0xae6bfc;
				_t124 =  *0xb2fde8; // 0xc4f55cf73642
				_t110 = _t124 ^  *_t66;
				_t29 = r10d;
				_t68 = _t66[4] ^ _t124;
				asm("dec eax");
				asm("dec eax");
				asm("dec ecx");
				if ((_t66[2] ^ _t124) != _t68) goto 0xae6b6e;
				_t69 = _t68 - (_t124 ^  *_t66);
				_t100 =  >  ? 0x200 : _t69;
				_t101 = ( >  ? 0x200 : _t69) + _t69;
				_t102 =  ==  ? 0x20 : ( >  ? 0x200 : _t69) + _t69;
				if (( ==  ? 0x20 : ( >  ? 0x200 : _t69) + _t69) - _t69 < 0) goto 0xae6b0a;
				r8d = 8;
				E00007FF67FF600AF8FE0(_t21, _t29, _t69, _t124 ^  *_t66,  ==  ? 0x20 : ( >  ? 0x200 : _t69) + _t69, _t110, 0, _t120);
				_t23 = E00007FF67FF600AE8E1C(0x20, 0);
				if (0x20 != 0) goto 0xae6b32;
				_t103 = _t69 + 4;
				r8d = 8;
				E00007FF67FF600AF8FE0(_t23, _t29, _t69, _t110, _t103, _t110, 0, _t120);
				_t25 = E00007FF67FF600AE8E1C(0x20, 0);
				if (0x20 == 0) goto 0xae6bfc;
				_t123 = 0x20 + _t69 * 8;
				_t70 = 0x20 + _t103 * 8;
				_t83 =  >  ? 0 : _t70 - _t123 + 7 >> 3;
				if (( >  ? 0 : _t70 - _t123 + 7 >> 3) == 0) goto 0xae6b6e;
				memset(_t36, _t25, _t29 << 0);
				_t126 =  *0xb2fde8; // 0xc4f55cf73642
				r8d = 0x40;
				_t28 = r8d;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t94 =  *0xb2fde8; // 0xc4f55cf73642
				asm("dec eax");
				 *( *( *_t132)) = 0x20 ^ _t94;
				_t95 =  *0xb2fde8; // 0xc4f55cf73642
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t95;
				_t97 =  *0xb2fde8; // 0xc4f55cf73642
				r8d = r8d - _t28;
				asm("dec eax");
				( *( *_t132))[2] = _t70 ^ _t97;
				goto 0xae6bff;
				return _t28;
			}
























                                                0x7ff600ae6a68
                                                0x7ff600ae6a68
                                                0x7ff600ae6a6d
                                                0x7ff600ae6a72
                                                0x7ff600ae6a85
                                                0x7ff600ae6a88
                                                0x7ff600ae6a8e
                                                0x7ff600ae6a94
                                                0x7ff600ae6aa2
                                                0x7ff600ae6aac
                                                0x7ff600ae6ab2
                                                0x7ff600ae6ab5
                                                0x7ff600ae6ab8
                                                0x7ff600ae6abb
                                                0x7ff600ae6ac1
                                                0x7ff600ae6ac7
                                                0x7ff600ae6ad9
                                                0x7ff600ae6ae0
                                                0x7ff600ae6ae3
                                                0x7ff600ae6aea
                                                0x7ff600ae6aec
                                                0x7ff600ae6af6
                                                0x7ff600ae6b00
                                                0x7ff600ae6b08
                                                0x7ff600ae6b0a
                                                0x7ff600ae6b0e
                                                0x7ff600ae6b1a
                                                0x7ff600ae6b24
                                                0x7ff600ae6b2c
                                                0x7ff600ae6b39
                                                0x7ff600ae6b3d
                                                0x7ff600ae6b55
                                                0x7ff600ae6b5c
                                                0x7ff600ae6b64
                                                0x7ff600ae6b67
                                                0x7ff600ae6b6e
                                                0x7ff600ae6b8a
                                                0x7ff600ae6b8d
                                                0x7ff600ae6b93
                                                0x7ff600ae6b96
                                                0x7ff600ae6ba9
                                                0x7ff600ae6bb2
                                                0x7ff600ae6bb8
                                                0x7ff600ae6bc9
                                                0x7ff600ae6bd2
                                                0x7ff600ae6bd6
                                                0x7ff600ae6be2
                                                0x7ff600ae6beb
                                                0x7ff600ae6bf6
                                                0x7ff600ae6bfa
                                                0x7ff600ae6c17

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 485612231-0
                                                • Opcode ID: 981801806c7089a75693b1845aedd85898e86d028447a981a8a85dcdb15db614
                                                • Instruction ID: 4abe29be6d45f20029b77206211161a88d5076c943d6fe119e687e75c0340f2c
                                                • Opcode Fuzzy Hash: 981801806c7089a75693b1845aedd85898e86d028447a981a8a85dcdb15db614
                                                • Instruction Fuzzy Hash: 2841B023714A9592EF44CF2AD9155A9B3A1AB88FD4B199432EE0DC7B5DEF3DD4428300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADEF30 Relevance: .1, Instructions: 92COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 69%
                                                			E00007FF67FF600ADEF30(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rsi, void* __rbp, void* __r8, long long _a8) {
				void* _t11;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;
				void* _t31;
				intOrPtr _t46;

				_t71 = __r8;
				_t66 = __rsi;
				_a8 = __rbx;
				_t46 =  *((intOrPtr*)(__rcx + 0x50));
				_t39 = __rcx;
				_t26 = _t46 - 5;
				if (_t26 > 0) goto 0xadefd0;
				if (_t26 == 0) goto 0xadefc9;
				_t27 = _t46;
				if (_t27 == 0) goto 0xadef90;
				if (_t27 == 0) goto 0xadef81;
				if (_t27 == 0) goto 0xadef7d;
				if (_t27 == 0) goto 0xadef6d;
				_t28 = _t46 - 0xffffffffffffffff - 1;
				if (_t28 != 0) goto 0xadefe4;
				goto 0xadf03e;
				 *__rax =  *__rax + _t11;
				goto 0xadf041;
				goto 0xadef72;
				sil = 0;
				 *__rax =  *__rax + _t11;
				E00007FF67FF600ADDA28(__rcx + 0x20, __r8);
				if (_t28 == 0) goto 0xadefb4;
				_t29 = __rax - 1 - 1;
				if (_t29 != 0) goto 0xadefc4;
				r8d = 0;
				E00007FF67FF600AD8EEC(_t22, __rcx, __rcx, __rsi, __rbp);
				goto 0xadefc1;
				r8d = 0;
				dil = E00007FF67FF600AD878C(_t22, __rcx, __rcx);
				goto 0xadf046;
				asm("push es");
				if (_t29 == 0) goto 0xadf039;
				if (_t29 == 0) goto 0xadf032;
				if (_t29 == 0) goto 0xadf007;
				if (0xea836eeb00000008 == 1) goto 0xadefe8;
				goto 0xadf046;
				_t31 =  *((intOrPtr*)(__rcx + 0x3c)) - dil;
				if (_t31 == 0) goto 0xadeff5;
				goto 0xadf046;
				E00007FF67FF600AE1A74(_t25, __rcx, __rcx,  *((intOrPtr*)(__rcx + 0x18)) -  *((intOrPtr*)(__rcx + 8)) >> 1, __r8);
				goto 0xadf046;
				E00007FF67FF600ADDA28(__rcx + 0x20, __r8);
				if (_t31 == 0) goto 0xadf029;
				if (0 == 1) goto 0xadf020;
				goto 0xadefc4;
				r8d = 0;
				goto 0xadefaa;
				r8d = 0;
				_t9 = _t71 + 8; // 0x8
				goto 0xadefb9;
				_t19 = E00007FF67FF600ADF194(_t20 + bpl, _t9, _t39, __rcx + 0x20, _t66, __r8);
				goto 0xadf046;
				asm("fiadd word [ebx]");
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0));
				return _t19;
			}














                                                0x7ff600adef30
                                                0x7ff600adef30
                                                0x7ff600adef30
                                                0x7ff600adef3a
                                                0x7ff600adef3d
                                                0x7ff600adef40
                                                0x7ff600adef43
                                                0x7ff600adef49
                                                0x7ff600adef4d
                                                0x7ff600adef4f
                                                0x7ff600adef54
                                                0x7ff600adef59
                                                0x7ff600adef5e
                                                0x7ff600adef60
                                                0x7ff600adef63
                                                0x7ff600adef68
                                                0x7ff600adef76
                                                0x7ff600adef78
                                                0x7ff600adef7f
                                                0x7ff600adef8c
                                                0x7ff600adef8e
                                                0x7ff600adef94
                                                0x7ff600adef9d
                                                0x7ff600adef9f
                                                0x7ff600adefa3
                                                0x7ff600adefa5
                                                0x7ff600adefad
                                                0x7ff600adefb2
                                                0x7ff600adefb4
                                                0x7ff600adefc1
                                                0x7ff600adefc7
                                                0x7ff600adefd2
                                                0x7ff600adefd3
                                                0x7ff600adefd8
                                                0x7ff600adefdd
                                                0x7ff600adefe2
                                                0x7ff600adefe6
                                                0x7ff600adefea
                                                0x7ff600adefee
                                                0x7ff600adeff3
                                                0x7ff600adf000
                                                0x7ff600adf005
                                                0x7ff600adf00b
                                                0x7ff600adf014
                                                0x7ff600adf01a
                                                0x7ff600adf01e
                                                0x7ff600adf020
                                                0x7ff600adf027
                                                0x7ff600adf029
                                                0x7ff600adf02c
                                                0x7ff600adf030
                                                0x7ff600adf032
                                                0x7ff600adf037
                                                0x7ff600adf042
                                                0x7ff600adf044
                                                0x7ff600adf050

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d75e816bc5990221631da980ee8c05376aad7eb75d5f6bd430c4e27928d9270
                                                • Instruction ID: ed8e61cfec16582398a41743e14542bc8db8086c9603be69839a445b2a0229ee
                                                • Opcode Fuzzy Hash: 7d75e816bc5990221631da980ee8c05376aad7eb75d5f6bd430c4e27928d9270
                                                • Instruction Fuzzy Hash: BB31B033E0C1027AF6B5E629854467A7252AF86340F348533DD0F8ABDFEC2EF9469601
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADECF4 Relevance: .1, Instructions: 91COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 67%
                                                			E00007FF67FF600ADECF4(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rsi, void* __rbp, void* __r8, long long _a8) {
				void* __rdi;
				void* _t11;
				void* _t19;
				void* _t21;
				void* _t24;
				void* _t27;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t48;
				void* _t72;

				_t72 = __r8;
				_t68 = __rbp;
				_t67 = __rsi;
				_a8 = __rbx;
				_t48 =  *((intOrPtr*)(__rcx + 0x50));
				_t41 = __rcx;
				_t28 = _t48 - 5;
				if (_t28 > 0) goto 0xaded94;
				if (_t28 == 0) goto 0xaded8d;
				_t29 = _t48;
				if (_t29 == 0) goto 0xaded54;
				if (_t29 == 0) goto 0xaded45;
				if (_t29 == 0) goto 0xaded41;
				if (_t29 == 0) goto 0xaded31;
				_t30 = _t48 - 0xffffffffffffffff - 1;
				if (_t30 != 0) goto 0xadeda8;
				goto 0xadedff;
				 *__rax =  *__rax + _t11;
				goto 0xadee02;
				goto 0xaded36;
				 *__rax =  *__rax + _t11;
				E00007FF67FF600ADD98C(__rcx + 0x20, __r8);
				if (_t30 == 0) goto 0xaded78;
				_t31 = __rax - 1 - 1;
				if (_t31 != 0) goto 0xaded88;
				r8d = 0;
				E00007FF67FF600AD8B40(_t24, __rcx, __rcx, __rbp);
				goto 0xaded85;
				r8d = 0;
				dil = E00007FF67FF600AD83E8(_t24, __rcx, __rcx, 0, __rsi, _t68);
				goto 0xadee07;
				asm("push es");
				if (_t31 == 0) goto 0xadedfa;
				if (_t31 == 0) goto 0xadedf3;
				if (_t31 == 0) goto 0xadedc8;
				if (0xea836beb00000008 == 1) goto 0xadedac;
				goto 0xadee07;
				_t33 =  *((intOrPtr*)(__rcx + 0x3a)) - dil;
				if (_t33 == 0) goto 0xadedb9;
				goto 0xadee07;
				E00007FF67FF600AE1988(_t27, __rcx, __rcx,  *((intOrPtr*)(__rcx + 0x18)) -  *((intOrPtr*)(__rcx + 8)), __r8);
				goto 0xadee07;
				E00007FF67FF600ADD98C(__rcx + 0x20, __r8);
				if (_t33 == 0) goto 0xadedea;
				if (0 == 1) goto 0xadede1;
				goto 0xaded88;
				r8d = 0;
				goto 0xaded6e;
				r8d = 0;
				_t9 = _t72 + 8; // 0x8
				goto 0xaded7d;
				_t19 = E00007FF67FF600ADF0B8(_t21 + bpl, _t9, 0 - 1, _t41, __rcx + 0x20, _t67);
				goto 0xadee07;
				 *((intOrPtr*)(0)) =  *((intOrPtr*)(0));
				return _t19;
			}
















                                                0x7ff600adecf4
                                                0x7ff600adecf4
                                                0x7ff600adecf4
                                                0x7ff600adecf4
                                                0x7ff600adecfe
                                                0x7ff600aded01
                                                0x7ff600aded04
                                                0x7ff600aded07
                                                0x7ff600aded0d
                                                0x7ff600aded11
                                                0x7ff600aded13
                                                0x7ff600aded18
                                                0x7ff600aded1d
                                                0x7ff600aded22
                                                0x7ff600aded24
                                                0x7ff600aded27
                                                0x7ff600aded2c
                                                0x7ff600aded3a
                                                0x7ff600aded3c
                                                0x7ff600aded43
                                                0x7ff600aded52
                                                0x7ff600aded58
                                                0x7ff600aded61
                                                0x7ff600aded63
                                                0x7ff600aded67
                                                0x7ff600aded69
                                                0x7ff600aded71
                                                0x7ff600aded76
                                                0x7ff600aded78
                                                0x7ff600aded85
                                                0x7ff600aded8b
                                                0x7ff600aded96
                                                0x7ff600aded97
                                                0x7ff600aded9c
                                                0x7ff600adeda1
                                                0x7ff600adeda6
                                                0x7ff600adedaa
                                                0x7ff600adedae
                                                0x7ff600adedb2
                                                0x7ff600adedb7
                                                0x7ff600adedc1
                                                0x7ff600adedc6
                                                0x7ff600adedcc
                                                0x7ff600adedd5
                                                0x7ff600adeddb
                                                0x7ff600adeddf
                                                0x7ff600adede1
                                                0x7ff600adede8
                                                0x7ff600adedea
                                                0x7ff600adeded
                                                0x7ff600adedf1
                                                0x7ff600adedf3
                                                0x7ff600adedf8
                                                0x7ff600adee05
                                                0x7ff600adee11

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44387345e9d1b83c0d51e7ca17e236f320c520b098c6ec3f2f16537654969dfa
                                                • Instruction ID: 882b18fec973370e62ed5e3e7bfc6645db7143d3d46682b075de9067fba93cd4
                                                • Opcode Fuzzy Hash: 44387345e9d1b83c0d51e7ca17e236f320c520b098c6ec3f2f16537654969dfa
                                                • Instruction Fuzzy Hash: 7C316B37E0C192A6F6A5F62985586793243AF82740F748133CD8F8AB9FCC2EB9468501
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADEBD8 Relevance: .1, Instructions: 90COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 61%
                                                			E00007FF67FF600ADEBD8(intOrPtr* __rax, long long __rbx, void* __rcx, void* __rsi, void* __rbp, void* __r8, long long _a8) {
				void* _t12;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;
				void* _t31;
				intOrPtr _t46;
				void* _t69;

				_t69 = __r8;
				_t64 = __rsi;
				_a8 = __rbx;
				_t46 =  *((intOrPtr*)(__rcx + 0x48));
				_t40 = __rcx;
				_t26 = _t46 - 5;
				if (_t26 > 0) goto 0xadec78;
				if (_t26 == 0) goto 0xadec71;
				_t27 = _t46;
				if (_t27 == 0) goto 0xadec38;
				if (_t27 == 0) goto 0xadec29;
				if (_t27 == 0) goto 0xadec25;
				if (_t27 == 0) goto 0xadec15;
				_t28 = _t46 - 0xffffffffffffffff - 1;
				if (_t28 != 0) goto 0xadec8c;
				goto 0xadecdf;
				 *__rax =  *__rax + _t12;
				goto 0xadece2;
				goto 0xadec1a;
				asm("scasd");
				 *__rax =  *__rax + _t12;
				 *((intOrPtr*)(__rax - 0x7d)) =  *((intOrPtr*)(__rax - 0x7d)) + _t20 + bpl;
				asm("rcr dword [eax], 0xe8");
				asm("dec ebx");
				asm("invalid");
				if (_t28 == 0) goto 0xadec5c;
				_t29 = __rax - 1 - 1;
				if (_t29 != 0) goto 0xadec6c;
				r8d = 0;
				E00007FF67FF600AD896C(_t22, __rcx, __rcx);
				goto 0xadec69;
				r8d = 0;
				dil = E00007FF67FF600AD824C(_t22, __rcx, __rcx, __rsi, __rbp);
				goto 0xadece7;
				asm("push es");
				if (_t29 == 0) goto 0xadecda;
				if (_t29 == 0) goto 0xadecd3;
				if (_t29 == 0) goto 0xadeca8;
				if (0xea8367eb00000008 == 1) goto 0xadec90;
				goto 0xadece7;
				_t31 =  *((intOrPtr*)(__rcx + 0x32)) - dil;
				if (_t31 == 0) goto 0xadec9d;
				goto 0xadece7;
				E00007FF67FF600AE1914(_t25, __rcx, __rcx,  *((intOrPtr*)(__rcx + 0x10)), __r8);
				goto 0xadece7;
				E00007FF67FF600ADD98C(__rcx + 0x18, __r8);
				if (_t31 == 0) goto 0xadecca;
				if (0 == 1) goto 0xadecc1;
				goto 0xadec6c;
				r8d = 0;
				goto 0xadec52;
				r8d = 0;
				_t10 = _t69 + 8; // 0x8
				goto 0xadec61;
				_t19 = E00007FF67FF600ADF054(_t20 + bpl, _t10, 0, _t40, __rcx + 0x18, _t64);
				goto 0xadece7;
				return _t19;
			}















                                                0x7ff600adebd8
                                                0x7ff600adebd8
                                                0x7ff600adebd8
                                                0x7ff600adebe2
                                                0x7ff600adebe5
                                                0x7ff600adebe8
                                                0x7ff600adebeb
                                                0x7ff600adebf1
                                                0x7ff600adebf5
                                                0x7ff600adebf7
                                                0x7ff600adebfc
                                                0x7ff600adec01
                                                0x7ff600adec06
                                                0x7ff600adec08
                                                0x7ff600adec0b
                                                0x7ff600adec10
                                                0x7ff600adec1e
                                                0x7ff600adec20
                                                0x7ff600adec27
                                                0x7ff600adec34
                                                0x7ff600adec35
                                                0x7ff600adec37
                                                0x7ff600adec3a
                                                0x7ff600adec3d
                                                0x7ff600adec3f
                                                0x7ff600adec45
                                                0x7ff600adec47
                                                0x7ff600adec4b
                                                0x7ff600adec4d
                                                0x7ff600adec55
                                                0x7ff600adec5a
                                                0x7ff600adec5c
                                                0x7ff600adec69
                                                0x7ff600adec6f
                                                0x7ff600adec7a
                                                0x7ff600adec7b
                                                0x7ff600adec80
                                                0x7ff600adec85
                                                0x7ff600adec8a
                                                0x7ff600adec8e
                                                0x7ff600adec92
                                                0x7ff600adec96
                                                0x7ff600adec9b
                                                0x7ff600adeca1
                                                0x7ff600adeca6
                                                0x7ff600adecac
                                                0x7ff600adecb5
                                                0x7ff600adecbb
                                                0x7ff600adecbf
                                                0x7ff600adecc1
                                                0x7ff600adecc8
                                                0x7ff600adecca
                                                0x7ff600adeccd
                                                0x7ff600adecd1
                                                0x7ff600adecd3
                                                0x7ff600adecd8
                                                0x7ff600adecf1

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6e1d7701a4d5b67b0e9320683ccd15b95b7c2d917a103d88e5d2359d490e965
                                                • Instruction ID: e1403e26ae3ddb7e1bd729aa8c8241ccd431042758289766722a35e544ab7871
                                                • Opcode Fuzzy Hash: e6e1d7701a4d5b67b0e9320683ccd15b95b7c2d917a103d88e5d2359d490e965
                                                • Instruction Fuzzy Hash: ED316D37F3C142A5F6B9F6298555A7A3152AF81740E348033DD1F8AF9FDC2EB8429581
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600ADEE14 Relevance: .1, Instructions: 90COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 48%
                                                			E00007FF67FF600ADEE14(intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8) {
				void* _t15;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				void* _t34;
				void* _t36;
				intOrPtr _t48;

				_t70 = __r8;
				_a8 = __rbx;
				_t48 =  *((intOrPtr*)(__rcx + 0x48));
				_t43 = __rcx;
				_t31 = _t48 - 5;
				if (_t31 > 0) goto 0xadeeb4;
				if (_t31 == 0) goto 0xadeead;
				_t32 = _t48;
				if (_t32 == 0) goto 0xadee74;
				if (_t32 == 0) goto 0xadee65;
				if (_t32 == 0) goto 0xadee61;
				if (_t32 == 0) goto 0xadee51;
				if (_t48 - 0xffffffffffffffff != 1) goto 0xadeec8;
				goto 0xadef1b;
				 *__rax =  *__rax + _t15;
				goto 0xadef1e;
				goto 0xadee56;
				_t26 = _t25 + bpl;
				asm("scasd");
				 *__rax =  *__rax + _t15;
				 *((intOrPtr*)(__rax - 0x7d)) =  *((intOrPtr*)(__rax - 0x7d)) + _t26;
				asm("rcr dword [eax], 0xe8");
				asm("stosd");
				goto 0xadee7b;
				 *((long long*)(__rax - 0x7d)) =  *((long long*)(__rax - 0x7d)) - 1;
				0x48c36285();
				_t34 = __rax - 1;
				if (_t34 != 0) goto 0xadeea8;
				r8d = 0;
				E00007FF67FF600AD8D28(_t27, __rcx, __rcx);
				goto 0xadeea5;
				r8d = 0;
				dil = E00007FF67FF600AD859C(_t27, __rcx, __rcx);
				goto 0xadef23;
				asm("push es");
				if (_t34 == 0) goto 0xadef16;
				if (_t34 == 0) goto 0xadef0f;
				if (_t34 == 0) goto 0xadeee4;
				if (0xea8367eb00000008 == 1) goto 0xadeecc;
				goto 0xadef23;
				_t36 =  *((intOrPtr*)(__rcx + 0x34)) - dil;
				if (_t36 == 0) goto 0xadeed9;
				goto 0xadef23;
				E00007FF67FF600AE1A00(_t30, __rcx, __rcx,  *((intOrPtr*)(__rcx + 0x10)), __r8);
				goto 0xadef23;
				E00007FF67FF600ADDA28(__rcx + 0x18, __r8);
				if (_t36 == 0) goto 0xadef06;
				if (0 == 1) goto 0xadeefd;
				goto 0xadeea8;
				r8d = 0;
				goto 0xadee8e;
				r8d = 0;
				_t12 = _t70 + 8; // 0x8
				goto 0xadee9d;
				E00007FF67FF600ADF128(_t26, _t12, 0, _t43, __rcx + 0x18, __r8);
				goto 0xadef23;
				 *0xFFFFFFFFFFFFFF8B =  *((intOrPtr*)(0xffffffffffffff8b)) + _t26;
				return 0;
			}













                                                0x7ff600adee14
                                                0x7ff600adee14
                                                0x7ff600adee1e
                                                0x7ff600adee21
                                                0x7ff600adee24
                                                0x7ff600adee27
                                                0x7ff600adee2d
                                                0x7ff600adee31
                                                0x7ff600adee33
                                                0x7ff600adee38
                                                0x7ff600adee3d
                                                0x7ff600adee42
                                                0x7ff600adee47
                                                0x7ff600adee4c
                                                0x7ff600adee5a
                                                0x7ff600adee5c
                                                0x7ff600adee63
                                                0x7ff600adee6e
                                                0x7ff600adee70
                                                0x7ff600adee71
                                                0x7ff600adee73
                                                0x7ff600adee76
                                                0x7ff600adee79
                                                0x7ff600adee7a
                                                0x7ff600adee7c
                                                0x7ff600adee7f
                                                0x7ff600adee84
                                                0x7ff600adee87
                                                0x7ff600adee89
                                                0x7ff600adee91
                                                0x7ff600adee96
                                                0x7ff600adee98
                                                0x7ff600adeea5
                                                0x7ff600adeeab
                                                0x7ff600adeeb6
                                                0x7ff600adeeb7
                                                0x7ff600adeebc
                                                0x7ff600adeec1
                                                0x7ff600adeec6
                                                0x7ff600adeeca
                                                0x7ff600adeece
                                                0x7ff600adeed2
                                                0x7ff600adeed7
                                                0x7ff600adeedd
                                                0x7ff600adeee2
                                                0x7ff600adeee8
                                                0x7ff600adeef1
                                                0x7ff600adeef7
                                                0x7ff600adeefb
                                                0x7ff600adeefd
                                                0x7ff600adef04
                                                0x7ff600adef06
                                                0x7ff600adef09
                                                0x7ff600adef0d
                                                0x7ff600adef0f
                                                0x7ff600adef14
                                                0x7ff600adef22
                                                0x7ff600adef2d

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33e1c058f0322fd4406ad52e4fe102c76812032230ab392f2b34e17139fb0fd6
                                                • Instruction ID: e22689e6415b564c04daf830bfb3c4c64faada90ab8c55c402bab6b290a7cb50
                                                • Opcode Fuzzy Hash: 33e1c058f0322fd4406ad52e4fe102c76812032230ab392f2b34e17139fb0fd6
                                                • Instruction Fuzzy Hash: 2C313423E1C113B5F6A9E629851567A3252AF86340E749533DD0F8EB9FCE2EB9418501
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B046C0 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 85%
                                                			E00007FF67FF600B046C0(void* __ebx, void* __edx, long long __rax, signed int __rdx, void* __r8, signed long long _a8) {
				long long _v12;
				long long _v16;
				long long _v20;
				long long _t17;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0xb36bf0 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = __rax;
				_v20 = _t17;
				_v12 = __rdx;
				if (0 != 0x18001000) goto 0xb04721;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | 0x18001000;
				r8d =  *0xb36bf0; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0xb36bf0 = r8d;
				 *0xb36bf4 = r8d;
				return r9d & 0x00000006;
			}








                                                0x7ff600b046c0
                                                0x7ff600b046c6
                                                0x7ff600b046cb
                                                0x7ff600b046d2
                                                0x7ff600b046d2
                                                0x7ff600b046d9
                                                0x7ff600b046db
                                                0x7ff600b046e9
                                                0x7ff600b046ed
                                                0x7ff600b046f3
                                                0x7ff600b046f7
                                                0x7ff600b04701
                                                0x7ff600b0470b
                                                0x7ff600b04716
                                                0x7ff600b0471a
                                                0x7ff600b04721
                                                0x7ff600b0472f

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ad0abb3c12b596b8db87f9bb4214db15916091c3d167fad78c8e0de46dca230
                                                • Instruction ID: c37990a576df3fc429da0f5ee99e1a05baea26643aae5a26d58762254521e82a
                                                • Opcode Fuzzy Hash: 5ad0abb3c12b596b8db87f9bb4214db15916091c3d167fad78c8e0de46dca230
                                                • Instruction Fuzzy Hash: FBF068717182569BDB948F28A413A2977D0F7093C0FA08039D68DC7B28DB3D94508F04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA68C0 Relevance: .0, Instructions: 2COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb2719841a47c194764ee1dfb073922785213a22af9ce52945f3a809394b4a67
                                                • Instruction ID: cda7c79e09c8e44eecc83b838844ab6228f3318cd7aad3185b0ac4ee5193d5c3
                                                • Opcode Fuzzy Hash: bb2719841a47c194764ee1dfb073922785213a22af9ce52945f3a809394b4a67
                                                • Instruction Fuzzy Hash: 93A00222D5CC52F0E6048B00EE6007063B4FB66701B790832C01EC12FDAF3DB640C710
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A78FD0 Relevance: 43.7, APIs: 29, Instructions: 192stringfilememoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$CurrentProcess$AddressAllocHandleProclstrcat$CloseCreateFileFreeThreadViewlstrcpylstrlen$AllocateDuplicateErrorInitializeLastLibraryLoadMutexObjectPipePriorityReleaseSingleUnmapWait
                                                • String ID:
                                                • API String ID: 3232686162-0
                                                • Opcode ID: f66f325d9edc3bc5e3563ac44f6edc5bf7db724054769675e8bb170a897217e3
                                                • Instruction ID: 25ae4eff37a6d379bbdb67dbf11cb50cd978c5d7527646fa35014e4ab3db50cc
                                                • Opcode Fuzzy Hash: f66f325d9edc3bc5e3563ac44f6edc5bf7db724054769675e8bb170a897217e3
                                                • Instruction Fuzzy Hash: D6A1FD36A0CA8192E7609B15F85836EB761FBC9B84F604135DA8E87B6DDF3DE445CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A99150 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 459filesynchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: lstrcat$CurrentFileFreeObjectProcessSingleViewVirtualWaitlstrcpy
                                                • String ID:
                                                • API String ID: 556249722-3916222277
                                                • Opcode ID: 83263f60d2e192b71fa619cf74656fa431cc7ece52989325c1fcef437314fc69
                                                • Instruction ID: 5ac161d7d546dec01bce08743c1bc18ff255585da969031d8f75932d93bc1aff
                                                • Opcode Fuzzy Hash: 83263f60d2e192b71fa619cf74656fa431cc7ece52989325c1fcef437314fc69
                                                • Instruction Fuzzy Hash: 2E42DA3660CBC5D5EB709B19E4983AAB3A0F785B84F50413ACA8D87BA9DF3DD445CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A897A0 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 233registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E00007FF67FF600A897A0(void* __ecx, void* __edx, long long __rcx, long long __rdx, long long __r8, long long _a8, long long _a16, long long _a24) {
				long long _v20;
				signed long long _v24;
				long long _v28;
				long long _v32;
				long long _v40;
				long long _v48;
				short _v54;
				signed short _v56;
				char _v60;
				signed long long _v64;
				long long _v72;
				signed int _v80;
				char _v88;
				char _v216;
				short _v736;
				short _v738;
				short _v740;
				short _v742;
				char _v744;
				char _v792;
				char _v856;
				char _v872;
				long long _v888;
				long long _v896;
				long long _v904;
				long long _v912;
				long long _v920;
				void* _t107;
				long _t124;
				void* _t125;
				void* _t132;
				void* _t133;
				void* _t136;
				void* _t137;
				void* _t138;
				short _t140;
				signed int _t142;
				void* _t150;
				void* _t151;
				void* _t152;
				long long _t165;
				long long _t166;
				long long _t168;
				long long _t169;
				long long _t170;
				long long _t171;
				intOrPtr* _t172;
				intOrPtr* _t174;
				long long _t179;
				signed long long _t181;
				void* _t259;

				_t152 = __edx;
				_t151 = __ecx;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v80 = 0;
				_t165 = _a16;
				_v72 = _t165;
				_t107 = E00007FF67FF600A753A0(_t165);
				if (_t165 == 0) goto 0xa897e7;
				_t166 = _a24;
				_v72 = _t166;
				E00007FF67FF600A7E080(_t107,  &_v792);
				E00007FF67FF600A9F290(_t166, _v72,  &_v792);
				if (_t166 != 0) goto 0xa89831;
				_v28 = 0;
				E00007FF67FF600A7E460( &_v792);
				goto 0xa89d18;
				E00007FF67FF600A7A260(_v28);
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09b00,  &_v856);
				E00007FF67FF600A7C8C0(_v28,  &_v744);
				_t168 =  &_v88;
				_v920 = _t168;
				r9d = 0xf003f;
				r8d = 0;
				RegOpenKeyExW(??, ??, ??, ??, ??);
				if (_t168 != 0) goto 0xa89cf5;
				_v888 = 0;
				_t169 =  &_v872;
				_v896 = _t169;
				_v904 = 0;
				_v912 = 0xf003f;
				_v920 = 0;
				r9d = 0;
				r8d = 0;
				RegCreateKeyExW(??, ??, ??, ??, ??, ??, ??, ??, ??);
				if (_t169 != 0) goto 0xa89cb8;
				_v60 = 1;
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09ad0,  &_v856);
				E00007FF67FF600A7C8C0(_t169,  &_v216);
				_v912 = 4;
				_t170 =  &_v60;
				_v920 = _t170;
				r9d = 4;
				r8d = 0;
				RegSetValueExW(??, ??, ??, ??, ??, ??);
				if (_t170 != 0) goto 0xa89c93;
				_v60 = 0;
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09ad8,  &_v856);
				E00007FF67FF600A7C8C0(_t170,  &_v216);
				_v912 = 4;
				_t171 =  &_v60;
				_v920 = _t171;
				r9d = 4;
				r8d = 0;
				RegSetValueExW(??, ??, ??, ??, ??, ??);
				if (_t171 != 0) goto 0xa89c93;
				_v60 = 4;
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09ae8,  &_v856);
				E00007FF67FF600A7C8C0(_t171,  &_v216);
				_v912 = 4;
				_t172 =  &_v60;
				_v920 = _t172;
				r9d = 4;
				r8d = 0;
				_t124 = RegSetValueExW(??, ??, ??, ??, ??, ??);
				if (_t172 != 0) goto 0xa89c93;
				_v744 = 0x5c;
				_v742 = 0x3f;
				_v740 = 0x3f;
				_v738 = 0x5c;
				_v736 = 0;
				_t125 = E00007FF67FF600A7F640(_t124,  &_v792);
				asm("rol byte [eax], 1");
				 *_t172 =  *_t172 + _t125;
				E00007FF67FF600ACF3AC(_t172,  &_v792, 0x105, _t172);
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09af0,  &_v856);
				E00007FF67FF600A7C8C0(_t172,  &_v216);
				E00007FF67FF600ACF020(_t150, _t172,  &_v744, _t259);
				_v912 = _t172 + _t172 + 2;
				_t174 =  &_v744;
				_v920 = _t174;
				r9d = 1;
				r8d = 0;
				RegSetValueExW(??, ??, ??, ??, ??, ??);
				if (_t174 != 0) goto 0xa89c93;
				_v744 = 0x5c;
				_v742 = 0;
				r8d = 0x40;
				E00007FF67FF600A7C440("\'02<&!\',\t846=<;0U",  &_v856);
				_t132 = E00007FF67FF600A7C8C0(_t174,  &_v216);
				asm("rol byte [eax], 1");
				 *_t174 =  *_t174 + _t132;
				_t133 = E00007FF67FF600ACF3AC(_t174, _t174, 0x105,  &_v216);
				asm("rol byte [eax], 1");
				 *_t174 =  *_t174 + _t133;
				E00007FF67FF600ACF3AC(_t174, _t174, 0x105, "\\");
				r8d = 0x40;
				E00007FF67FF600A7C440(0xb09b00,  &_v856);
				_t136 = E00007FF67FF600A7C8C0(_t174,  &_v216);
				asm("rol byte [eax], 1");
				 *_t174 =  *_t174 + _t136;
				_t137 = E00007FF67FF600ACF3AC(_t174, _t174, 0x105,  &_v216);
				asm("rol byte [eax], 1");
				 *_t174 =  *_t174 + _t137;
				_t138 = E00007FF67FF600ACF3AC(_t174, _t174, 0x105, "\\");
				asm("rol byte [eax], 1");
				 *_t174 =  *_t174 + _t138;
				E00007FF67FF600ACF3AC(_t174, _t174, 0x105, _a8);
				_v48 =  &_v744;
				_t140 = E00007FF67FF600ACF020(_t150,  &_v744,  &_v744, _t259);
				_v56 = _t140;
				_t179 = (_v56 & 0x0000ffff) + 2;
				_v54 = _t140;
				E00007FF67FF600A7C6A0(_t151, _t152, _t179, 0xb09a98);
				_v40 = _t179;
				if (_v40 == 0) goto 0xa89c93;
				_t142 = _v40();
				_v32 = _t179;
				if (_v32 < 0) goto 0xa89c4f;
				_v20 = 1;
				goto 0xa89c5a;
				_v20 = 0;
				_v80 = _t142;
				_t181 = _v80 & 0x000000ff;
				if (_t181 == 0) goto 0xa89c7f;
				SetLastError(??);
				goto 0xa89c93;
				E00007FF67FF600A89750(_t151, _t181);
				SetLastError(??);
				GetLastError();
				_v64 = _t181;
				RegCloseKey(??);
				SetLastError(??);
				GetLastError();
				_v64 = _t181;
				E00007FF67FF600A89690(_v88, _a8);
				RegCloseKey(??);
				SetLastError(??);
				_v24 = _v80 & 0x000000ff;
				return E00007FF67FF600A7E460( &_v792);
			}






















































                                                0x7ff600a897a0
                                                0x7ff600a897a0
                                                0x7ff600a897a0
                                                0x7ff600a897a5
                                                0x7ff600a897aa
                                                0x7ff600a897b6
                                                0x7ff600a897be
                                                0x7ff600a897c6
                                                0x7ff600a897ce
                                                0x7ff600a897d5
                                                0x7ff600a897d7
                                                0x7ff600a897df
                                                0x7ff600a897ef
                                                0x7ff600a89804
                                                0x7ff600a8980b
                                                0x7ff600a8980d
                                                0x7ff600a89820
                                                0x7ff600a8982c
                                                0x7ff600a89831
                                                0x7ff600a89836
                                                0x7ff600a89848
                                                0x7ff600a89858
                                                0x7ff600a8985d
                                                0x7ff600a89865
                                                0x7ff600a8986a
                                                0x7ff600a89870
                                                0x7ff600a89882
                                                0x7ff600a8988a
                                                0x7ff600a89890
                                                0x7ff600a89899
                                                0x7ff600a8989e
                                                0x7ff600a898a3
                                                0x7ff600a898ac
                                                0x7ff600a898b4
                                                0x7ff600a898bc
                                                0x7ff600a898bf
                                                0x7ff600a898d2
                                                0x7ff600a898da
                                                0x7ff600a898e0
                                                0x7ff600a898eb
                                                0x7ff600a898fd
                                                0x7ff600a8990d
                                                0x7ff600a89912
                                                0x7ff600a8991a
                                                0x7ff600a89922
                                                0x7ff600a89927
                                                0x7ff600a8992d
                                                0x7ff600a8993d
                                                0x7ff600a89945
                                                0x7ff600a8994b
                                                0x7ff600a89956
                                                0x7ff600a89968
                                                0x7ff600a89978
                                                0x7ff600a8997d
                                                0x7ff600a89985
                                                0x7ff600a8998d
                                                0x7ff600a89992
                                                0x7ff600a89998
                                                0x7ff600a899a8
                                                0x7ff600a899b0
                                                0x7ff600a899b6
                                                0x7ff600a899c1
                                                0x7ff600a899d3
                                                0x7ff600a899e3
                                                0x7ff600a899e8
                                                0x7ff600a899f0
                                                0x7ff600a899f8
                                                0x7ff600a899fd
                                                0x7ff600a89a03
                                                0x7ff600a89a13
                                                0x7ff600a89a1b
                                                0x7ff600a89a21
                                                0x7ff600a89a2b
                                                0x7ff600a89a35
                                                0x7ff600a89a3f
                                                0x7ff600a89a49
                                                0x7ff600a89a5b
                                                0x7ff600a89a6c
                                                0x7ff600a89a6e
                                                0x7ff600a89a70
                                                0x7ff600a89a75
                                                0x7ff600a89a87
                                                0x7ff600a89a97
                                                0x7ff600a89aa4
                                                0x7ff600a89aad
                                                0x7ff600a89ab1
                                                0x7ff600a89ab9
                                                0x7ff600a89abe
                                                0x7ff600a89ac4
                                                0x7ff600a89ad4
                                                0x7ff600a89adc
                                                0x7ff600a89ae2
                                                0x7ff600a89aec
                                                0x7ff600a89af6
                                                0x7ff600a89b08
                                                0x7ff600a89b18
                                                0x7ff600a89b2e
                                                0x7ff600a89b30
                                                0x7ff600a89b32
                                                0x7ff600a89b47
                                                0x7ff600a89b49
                                                0x7ff600a89b4b
                                                0x7ff600a89b50
                                                0x7ff600a89b62
                                                0x7ff600a89b72
                                                0x7ff600a89b88
                                                0x7ff600a89b8a
                                                0x7ff600a89b8c
                                                0x7ff600a89ba1
                                                0x7ff600a89ba3
                                                0x7ff600a89ba5
                                                0x7ff600a89bbb
                                                0x7ff600a89bbd
                                                0x7ff600a89bbf
                                                0x7ff600a89bcc
                                                0x7ff600a89bdc
                                                0x7ff600a89be6
                                                0x7ff600a89bf6
                                                0x7ff600a89bf9
                                                0x7ff600a89c0a
                                                0x7ff600a89c0f
                                                0x7ff600a89c20
                                                0x7ff600a89c2a
                                                0x7ff600a89c31
                                                0x7ff600a89c40
                                                0x7ff600a89c42
                                                0x7ff600a89c4d
                                                0x7ff600a89c4f
                                                0x7ff600a89c62
                                                0x7ff600a89c69
                                                0x7ff600a89c73
                                                0x7ff600a89c77
                                                0x7ff600a89c7d
                                                0x7ff600a89c86
                                                0x7ff600a89c8d
                                                0x7ff600a89c93
                                                0x7ff600a89c99
                                                0x7ff600a89ca5
                                                0x7ff600a89cb2
                                                0x7ff600a89cb8
                                                0x7ff600a89cbe
                                                0x7ff600a89cd5
                                                0x7ff600a89ce2
                                                0x7ff600a89cef
                                                0x7ff600a89cfd
                                                0x7ff600a89d1f

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Value$Close$CreateOpen
                                                • String ID: '02<&!',846=<;0U$?$?$?$\$\
                                                • API String ID: 4143491747-3096283535
                                                • Opcode ID: bd277bec630544135a240b78deb81d52db15864e9dd30fc81c70d89e34c4d6cd
                                                • Instruction ID: 59db26305d42c9754511a45919d91472b4766bcfe0bc6469d46adf4c88c2aed8
                                                • Opcode Fuzzy Hash: bd277bec630544135a240b78deb81d52db15864e9dd30fc81c70d89e34c4d6cd
                                                • Instruction Fuzzy Hash: 01D1286261CAC1A6E730DB11E4543EAB3A5FBC5744F904036DA8E86B9EDFBDD204CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8F5FC Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 157registrymemorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocValue$Create$CloseCriticalEventFreeQuerySection$DeleteEnterErrorInitializeLastThread
                                                • String ID: DLL %03d
                                                • API String ID: 3398144033-4281766797
                                                • Opcode ID: a897917856d7bda06ce8b98a872d3eec61ce87995cb2e6dc0bada81329ac822c
                                                • Instruction ID: d1b25e0f6d9f44e47110b6314f221b3b229f13c26d68cd6e58edd244d52bb715
                                                • Opcode Fuzzy Hash: a897917856d7bda06ce8b98a872d3eec61ce87995cb2e6dc0bada81329ac822c
                                                • Instruction Fuzzy Hash: B5911E3291CE82A6E724DB14E85576AB360FB8A784F204035DA8EC7769DF7EE544CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A79440 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 158memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 30%
                                                			E00007FF67FF600A79440(long long __rcx, void* __r8, void* __r9, long long _a8) {
				long long _v24;
				long long _v32;
				char _v36;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t59;
				signed char _t60;
				int _t71;
				void* _t79;
				signed int _t83;
				signed int* _t102;
				long long _t124;
				long long _t125;
				void* _t176;

				_t176 = __r9;
				_t174 = __r8;
				_a8 = __rcx;
				if (0 == 1) goto 0xa7971b;
				r8d = 4;
				if ((E00007FF67FF600A79830( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x158) & 0x000000ff) != 0) goto 0xa7948e;
				_t59 = E00007FF67FF600A76710(_t58, L"PipedIpcThread1: Failed reading value of message length\n", _a8 + 0x158, __r8, _t176);
				goto 0xa7971b;
				_t60 = E00007FF67FF600A76710(_t59, L"PipedIpcThread1: Starting a new message...\n", _a8 + 0x158, __r8, _t176);
				_t102 =  *((intOrPtr*)(_a8 + 0x158));
				 *_t102 =  *_t102 | _t60;
				 *(_a8 + 0x150) = _t102;
				if ( *(_a8 + 0x150) == 0) goto 0xa79716;
				r8d = 4;
				if ((E00007FF67FF600A79830( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x14c) & 0x000000ff) != 0) goto 0xa7950c;
				E00007FF67FF600A76710(_t61, L"PipedIpcThread1: Failed reading value of counter\n", _a8 + 0x14c, __r8, _t176);
				goto 0xa7971b;
				r8d = 4;
				if ((E00007FF67FF600A79830( *((intOrPtr*)(_a8 + 0x10)),  &_v40) & 0x000000ff) != 0) goto 0xa7953d;
				E00007FF67FF600A76710(_t63, L"PipedIpcThread1: Failed reading value of session\n",  &_v40, __r8, _t176);
				goto 0xa7971b;
				r8d = 4;
				if ((E00007FF67FF600A79830( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x170) & 0x000000ff) != 0) goto 0xa79577;
				E00007FF67FF600A76710(_t65, L"PipedIpcThread1: Failed reading value of answer length\n", _a8 + 0x170, __r8, _t176);
				goto 0xa7971b;
				r8d =  *((intOrPtr*)(_a8 + 0x158));
				if ((E00007FF67FF600A79830( *((intOrPtr*)(_a8 + 0x10)),  *(_a8 + 0x150)) & 0x000000ff) != 0) goto 0xa795b5;
				E00007FF67FF600A76710(_t67, L"PipedIpcThread1: Failed reading message buffer\n",  *(_a8 + 0x150), _t174, _t176);
				goto 0xa7971b;
				_v48 = _v40;
				_v56 = _a8 + 0x160;
				r9d = 0;
				r8d =  *((intOrPtr*)(_a8 + 0x14c));
				if ((E00007FF67FF600A78280(_t83, _a8 + 0x48) & 0x000000ff) == 0) goto 0xa796f8;
				E00007FF67FF600A76710(_t69, L"PipedIpcThread1: InitIpcAnswer returned True\n", _a8 + 0x48, _t174, _t176);
				if ( *((long long*)(_a8 + 0x170)) == 0) goto 0xa79626;
				_t71 = SetEvent(??);
				_t124 = _a8;
				if ( *((long long*)(_t124 + 0x30)) - 1 <= 0) goto 0xa796ec;
				dil = dil + dil;
				asm("adc eax, 0x8dbf3");
				_v24 = _t124;
				r8d = 0x188;
				E00007FF67FF600AA7840();
				E00007FF67FF600A76710(_t71, L"PipedIpcThread1: Creating PipedIpcThread2\n", _a8, _t174, _t176);
				_t125 =  &_v36;
				_v48 = _t125;
				_v56 = 0;
				CreateThread(??, ??, ??, ??, ??, ??);
				_v32 = _t125;
				if (_v32 == 0) goto 0xa796ba;
				SetThreadPriority(??, ??);
				CloseHandle(??);
				goto 0xa796ea;
				LocalFree(??);
				LocalFree(??);
				E00007FF67FF600A78AC0(_a8 + 0x160);
				goto 0xa796f6;
				_t79 = E00007FF67FF600A79730(_a8, 0, E00007FF67FF600A79800, _v24);
				goto 0xa79716;
				E00007FF67FF600A76710(_t79, L"** PipedIpcThread1: InitIpcAnswer returned False\n", 0, E00007FF67FF600A79800, _v24);
				LocalFree(??);
				goto 0xa79449;
				return LocalFree(??);
			}


















                                                0x7ff600a79440
                                                0x7ff600a79440
                                                0x7ff600a79440
                                                0x7ff600a7944e
                                                0x7ff600a7945f
                                                0x7ff600a7947b
                                                0x7ff600a79484
                                                0x7ff600a79489
                                                0x7ff600a79495
                                                0x7ff600a7949f
                                                0x7ff600a794b1
                                                0x7ff600a794b8
                                                0x7ff600a794cc
                                                0x7ff600a794dd
                                                0x7ff600a794f9
                                                0x7ff600a79502
                                                0x7ff600a79507
                                                0x7ff600a7950c
                                                0x7ff600a7952a
                                                0x7ff600a79533
                                                0x7ff600a79538
                                                0x7ff600a79548
                                                0x7ff600a79564
                                                0x7ff600a7956d
                                                0x7ff600a79572
                                                0x7ff600a7957c
                                                0x7ff600a795a2
                                                0x7ff600a795ab
                                                0x7ff600a795b0
                                                0x7ff600a795cd
                                                0x7ff600a795d1
                                                0x7ff600a795d6
                                                0x7ff600a795de
                                                0x7ff600a795f4
                                                0x7ff600a79601
                                                0x7ff600a79612
                                                0x7ff600a79620
                                                0x7ff600a79626
                                                0x7ff600a7962f
                                                0x7ff600a7963e
                                                0x7ff600a79640
                                                0x7ff600a79645
                                                0x7ff600a7964a
                                                0x7ff600a7965a
                                                0x7ff600a79666
                                                0x7ff600a7966b
                                                0x7ff600a79670
                                                0x7ff600a79675
                                                0x7ff600a7968d
                                                0x7ff600a79693
                                                0x7ff600a7969e
                                                0x7ff600a796a7
                                                0x7ff600a796b2
                                                0x7ff600a796b8
                                                0x7ff600a796bf
                                                0x7ff600a796d1
                                                0x7ff600a796e5
                                                0x7ff600a796ea
                                                0x7ff600a796f1
                                                0x7ff600a796f6
                                                0x7ff600a796ff
                                                0x7ff600a79710
                                                0x7ff600a79716
                                                0x7ff600a7972c

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocFileFreeRead
                                                • String ID: ** PipedIpcThread1: InitIpcAnswer returned False$PipedIpcThread1: Creating PipedIpcThread2$PipedIpcThread1: Failed reading message buffer$PipedIpcThread1: Failed reading value of answer length$PipedIpcThread1: Failed reading value of counter$PipedIpcThread1: Failed reading value of message length$PipedIpcThread1: Failed reading value of session$PipedIpcThread1: InitIpcAnswer returned True$PipedIpcThread1: Starting a new message...
                                                • API String ID: 3777291400-3069304445
                                                • Opcode ID: b214690d31e8327d8e084489c39dbd0d716accbf75224ba06ce0409316a79cfd
                                                • Instruction ID: dcc869c9963f5efa632ce33dab32a178db50f1f0f2f2a91e9cca1cd66bac905b
                                                • Opcode Fuzzy Hash: b214690d31e8327d8e084489c39dbd0d716accbf75224ba06ce0409316a79cfd
                                                • Instruction Fuzzy Hash: 0E81E036A1CB46A2EA54DB16EC5437A6361FBC5B85F604032EA4EC77AEDF2DE405C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A798B0 Relevance: 28.6, APIs: 19, Instructions: 120stringfilememoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$CloseHandlelstrcat$AllocFileFreeViewlstrcpylstrlen$CurrentMutexObjectProcessReleaseSingleUnmapWait
                                                • String ID:
                                                • API String ID: 887989962-0
                                                • Opcode ID: 567d4656a4c9a7e9571f152b05e98bb724f287ac7b84b5b773468aa2544c99d0
                                                • Instruction ID: 609866145a59f9fb3b4584a340cdc90f52ddcdfccda493613a4a59b1a014d3af
                                                • Opcode Fuzzy Hash: 567d4656a4c9a7e9571f152b05e98bb724f287ac7b84b5b773468aa2544c99d0
                                                • Instruction Fuzzy Hash: F351FC32A1CA8192E7509B15E85436AB760FBC6B85F205035EA8E87BADCF3DE445CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9DEC0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 172fileinjectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FileHandleProcessView$CloseCurrentDuplicateErrorLastMemoryProtectUnmapVirtualWrite
                                                • String ID: %s$%x$2
                                                • API String ID: 2273813543-1294985516
                                                • Opcode ID: 42fde8324961c4723cf8d0781716464271cb6b52b35f59efeda4f09fd97e0afa
                                                • Instruction ID: 3a1d84fe8d333a08edd9888fad2850bc1392766c1ae9314985d66aed47aa3da8
                                                • Opcode Fuzzy Hash: 42fde8324961c4723cf8d0781716464271cb6b52b35f59efeda4f09fd97e0afa
                                                • Instruction Fuzzy Hash: 36A1D73660CAC5A6E770CB05E4543AAB7A0FB89784F604036DA8D83BAEDF7DD544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A89070 Relevance: 25.6, APIs: 17, Instructions: 129servicememoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Service$ErrorLast$ConfigQuery$CloseHandleLocalOpen$AllocChangeFreeManagerStartStatus
                                                • String ID:
                                                • API String ID: 390396028-0
                                                • Opcode ID: 2824170ffd616618436d3edaf6037ad8bdfaf699a6afa2ca2daf30c16b6c738e
                                                • Instruction ID: 67dd6cf1d2db68af43e20da247cee93a174acdabb69ef45524017995077c1caf
                                                • Opcode Fuzzy Hash: 2824170ffd616618436d3edaf6037ad8bdfaf699a6afa2ca2daf30c16b6c738e
                                                • Instruction Fuzzy Hash: 82610E32A0C6C196E7608B25E84476BB7A1FB85744F244135EACD86BADDF7DE448CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A87240 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 65stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: lstrcat$CurrentProcesslstrcpy
                                                • String ID: $%016I64x$$%08x
                                                • API String ID: 996593458-1740193728
                                                • Opcode ID: 3fdf77f3bc787757b86ccc4e9af91b2892e2dc61604a0609b0c505aa1c00cccc
                                                • Instruction ID: 1c748a29f4ce60f86d056880689084b6965f6c95db84697556d7cfd4d494b63d
                                                • Opcode Fuzzy Hash: 3fdf77f3bc787757b86ccc4e9af91b2892e2dc61604a0609b0c505aa1c00cccc
                                                • Instruction Fuzzy Hash: BD311661B1C982A1EA30DB15E9542A9A370FBC5784F50D035D98FC776DDF2DD14ACB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A98760 Relevance: 24.3, APIs: 16, Instructions: 285memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 26%
                                                			E00007FF67FF600A98760(void* __edi, void* __esi, void* __esp, long long __rcx, long long __rdx, long long _a8, void* _a16) {
				void* _v16;
				char _v32;
				void* _v40;
				void* _v52;
				long long _v80;
				void* _v88;
				void* _v1096;
				void* _v1296;
				long long _v1344;
				char _v1352;
				void* _v1356;
				char _v1360;
				void* _v1368;
				void* _v1372;
				char _v1376;
				signed int _v1384;
				signed long long _v1392;
				void* _v1396;
				void* _v1400;
				void* _v1408;
				void* _v1416;
				void* _v1424;
				intOrPtr _v2384;
				long long _v2584;
				void* _v2632;
				long long _v2648;
				long long _v2652;
				signed int _v2656;
				char _v2664;
				long long _v2668;
				char _v2672;
				char _v2680;
				char _v2688;
				long long _v2692;
				char _v2696;
				char _v2704;
				char _v2712;
				intOrPtr _v2920;
				char _v2968;
				long long _v2984;
				char _v2992;
				char _v3000;
				void* _v3008;
				void* _v3016;
				long long _v3024;
				long long _v3032;
				void* _v3036;
				void* _v3040;
				long long _v3048;
				long _t186;
				char _t191;
				long long _t222;
				intOrPtr _t230;
				intOrPtr _t232;
				intOrPtr* _t239;
				intOrPtr* _t248;
				signed long long _t274;

				_a16 = __rdx;
				_a8 = __rcx;
				_v3008 = 0;
				_v3016 = 0;
				_v3032 =  *_a16;
				_v3024 = _v3032;
				if ( *((intOrPtr*)( *((intOrPtr*)(_v3024 + 0x10)))) !=  *((intOrPtr*)(_v3024 + 0x1e))) goto 0xa987d2;
				if (( *( *((intOrPtr*)(_v3024 + 0x10)) + 4) & 0x0000ffff) == ( *(_v3024 + 0x22) & 0x0000ffff)) goto 0xa98da2;
				_t222 =  *((intOrPtr*)(_v3024 + 0x10));
				_v3016 = _t222;
				r8d = 0x40;
				asm("dec eax");
				asm("adc eax, 0x6eac1");
				if (_t222 == 0) goto 0xa98da2;
				E00007FF67FF600A90770( &_v2968,  *((intOrPtr*)(_v3024 + 0x10)));
				_v2992 = 0;
				if (( *(_a8 + 0x70) & 0x000000ff) == 0) goto 0xa98891;
				if (_v2920 - _v2968 - 6 >= 0) goto 0xa98891;
				_v3048 =  *((intOrPtr*)(_a8 + 0x88));
				_t230 = _v3024;
				E00007FF67FF600A984B0(_t191, _v2920 - _v2968 - 6, _a8,  &_v3008,  &_v2992,  *((intOrPtr*)(_t230 + 0x10)));
				if (_t230 == 0) goto 0xa98891;
				_v32 = 1;
				goto 0xa9889c;
				_v32 = 0;
				_v2984 = _v32;
				if (_v2984 == 0) goto 0xa98abc;
				_v2712 = 0xf4;
				r8d = 1;
				_t232 = _v3024;
				E00007FF67FF600A99C70( &_v2712,  *((intOrPtr*)(_t232 + 0x10)));
				if (_t232 != 0) goto 0xa988ed;
				 *((char*)( *((intOrPtr*)(_v3024 + 0x10)))) = _t191;
				GetCurrentProcess();
				r8d = 1;
				FlushInstructionCache(??, ??, ??);
				_v2680 = 0;
				_v2672 = 0;
				_v2668 = 0;
				_v2664 = 0;
				_v2704 = 0;
				_v2696 = 0;
				_v2692 = 0;
				_v2688 = 0;
				if ((E00007FF67FF600A74CE0(1, __edi, __esi, __esp,  *((intOrPtr*)(_v3024 + 0x10)),  &_v2680,  &_v2704) & 0x000000ff) == 0) goto 0xa98aa2;
				_v2656 = 0;
				_v2656 = _v2656 + 1;
				_v88 = _v2696;
				_t239 = _v88;
				if (_v2656 - _t239 >= 0) goto 0xa98aa2;
				_t186 = GetTickCount();
				_v2652 = _t239;
				 *0xFE1E58E801B02499 =  *((long long*)(0xfe1e58e801b02499)) - 1;
				 *_t239 =  *_t239 + _t186;
				if (_v2648 == 0) goto 0xa98a03;
				GetTickCount();
				if (_t239 - _v2652 - _v2648 >= 0) goto 0xa98a83;
				_v2584 = 0x100001;
				_v80 = _v2704 + _v2656 * 8;
				GetThreadContext(??, ??);
				if (_v80 == 0) goto 0xa98a71;
				if (_v2384 -  *((intOrPtr*)(_v3024 + 0x10)) <= 0) goto 0xa98a71;
				_t248 =  *((intOrPtr*)(_v3024 + 0x10)) + 5;
				if (_v2384 - _t248 < 0) goto 0xa98a73;
				goto 0xa98a83;
				asm("push es");
				asm("invalid");
				 *((long long*)(_t248 + 0x63)) =  *((long long*)(_t248 + 0x63)) - 1;
				 *_t248 =  *_t248 + _t248;
				 *((intOrPtr*)(_t248 - 0x75)) =  *((intOrPtr*)(_t248 - 0x75)) + 1;
				 *((intOrPtr*)(_t248 + _t274 * 2)) = fs;
				 *_t248 =  *_t248 + _t248;
				 *((intOrPtr*)(_t248 - 0x75)) =  *((intOrPtr*)(_t248 - 0x75)) + 1;
				CloseHandle(??);
				goto L1;
				__rcx =  &_v2696;
				__eax = E00007FF67FF600A758C0( &_v2696);
				__rcx =  &_v2672;
				__eax = E00007FF67FF600A75730( &_v2672);
				_v3016 = _v3016 + 0x1e;
				r8d = 6;
				__rcx = _v3016;
				__rdx =  *((intOrPtr*)(_v3016 + 0x10));
				__rcx = _v3016 + 0x1e;
				__eax = E00007FF67FF600A99C70(_v3016 + 0x1e,  *((intOrPtr*)(_v3016 + 0x10)));
				__eflags = __rax;
				if (__rax != 0) goto 0xa98b19;
				__rax =  &_v32;
				_v3016 = 0x6;
				__al = __al & 0x00000038;
				__rax =  *((intOrPtr*)( &_v32 + 0x10));
				 &_v32 = 0x6;
				asm("invalid");
				asm("push es");
				 *0x15FFA4F2FFFFFFBE =  *((intOrPtr*)(0x15ffa4f2ffffffbe)) + __al;
				asm("push es");
				 *__rax =  *__rax + __al;
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + __cl;
				__al = __al & 0x00000038;
				__rdx =  *((intOrPtr*)(0x15ffa4f300000016));
				__rcx = __rax;
				__eax = FlushInstructionCache(??, ??, ??);
				__eflags =  *((long long*)(__rsp + 0x60));
				if ( *((long long*)(__rsp + 0x60)) == 0) goto 0xa98d5c;
				__rdx = 0;
				__rcx = 0xb0d060;
				__eax = E00007FF67FF600A7C6A0(__ecx, __edx, __rax, 0xb0d060);
				_v1392 = __rax;
				_v1392 =  *(_v1392 + 0xa);
				__rcx = _v1392;
				__rax = _v1392 +  *(_v1392 + 0xa) + 0xe;
				_v1384 = __rax;
				_v1352 = 0;
				_v1344 = 0;
				 *((long long*)(__rsp + 0x6c4)) = 0;
				 *((char*)(__rsp + 0x6c8)) = 0;
				_v1376 = 0;
				_v1368 = 0;
				 *((long long*)(__rsp + 0x6ac)) = 0;
				_v1360 = 0;
				__r8 =  &_v1376;
				__rdx =  &_v1352;
				__cl = 1;
				__eax = E00007FF67FF600A74CE0(__ecx, __edi, __esi, __esp, __rax,  &_v1352,  &_v1376);
				__rax = __al & 0x000000ff;
				__eflags = __al & 0x000000ff;
				if ((__al & 0x000000ff) == 0) goto 0xa98d42;
				 *(__rsp + 0x6d0) = 0;
				 *(__rsp + 0x6d0) =  *(__rsp + 0x6d0) + 1;
				 *(__rsp + 0x6d0) =  *(__rsp + 0x6d0) + 1;
				__rax = _v1368;
				 *((long long*)(__rsp + 0xbc8)) = _v1368;
				__rax =  *((intOrPtr*)(__rsp + 0xbc8));
				__eflags =  *(__rsp + 0x6d0) - __rax;
				if ( *(__rsp + 0x6d0) - __rax >= 0) goto 0xa98d42;
				__eax = GetTickCount();
				 *(__rsp + 0x6d4) = __rax;
				__rcx = 0x15;
				 *0xFE1BEBE806D82499 =  *((long long*)(0xfe1bebe806d82499)) - 1;
				 *__rax =  *__rax + __al;
				__eflags =  *((long long*)(__rsp + 0x6d8));
				if ( *((long long*)(__rsp + 0x6d8)) == 0) goto 0xa98c70;
				__eax = GetTickCount();
				__rax = __rax -  *(__rsp + 0x6d4);
				__eflags = __rax -  *((intOrPtr*)(__rsp + 0x6d8));
				if (__rax -  *((intOrPtr*)(__rsp + 0x6d8)) >= 0) goto 0xa98d23;
				 *((long long*)(__rsp + 0x710)) = 0x100001;
				__rax =  *(__rsp + 0x6d0);
				__rcx = _v1376;
				__rax = _v1376 +  *(__rsp + 0x6d0) * 8;
				 *((long long*)(__rsp + 0xbd0)) = _v1376 +  *(__rsp + 0x6d0) * 8;
				__rdx = __rsp + 0x6e0;
				__rax =  *((intOrPtr*)(__rsp + 0xbd0));
				__rcx =  *__rax;
				__eax = GetThreadContext(??, ??);
				__eflags = __rax;
				if (__rax == 0) goto 0xa98d11;
				__rax = _v3016;
				__rax =  *((intOrPtr*)(_v3016 + 0x10));
				__eflags =  *(__rsp + 0x7d8) - __rax;
				if ( *(__rsp + 0x7d8) == __rax) goto 0xa98d13;
				__rax = _v1392;
				__eflags =  *(__rsp + 0x7d8) - _v1392;
				if ( *(__rsp + 0x7d8) - _v1392 < 0) goto 0xa98cef;
				_v1392 = _v1392 + 0xa;
				__eflags =  *(__rsp + 0x7d8) - _v1392 + 0xa;
				if ( *(__rsp + 0x7d8) - _v1392 + 0xa <= 0) goto 0xa98d13;
				 *(__rsp + 0x7d8) =  *(__rsp + 0x7d8) & 0xffff0000;
				_v1384 = _v1384 & 0xffff0000;
				__eflags = ( *(__rsp + 0x7d8) & 0xffff0000) - (_v1384 & 0xffff0000);
				if (( *(__rsp + 0x7d8) & 0xffff0000) == (_v1384 & 0xffff0000)) goto 0xa98d13;
				goto 0xa98d23;
				__rcx = 0xa;
				asm("push es");
				__cl = 1 + bpl;
				asm("invalid");
				__rax =  *(__rsp + 0x6d0);
				_v1376 =  *((intOrPtr*)(_v1376 +  *(__rsp + 0x6d0) * 8));
				__eax = CloseHandle(??);
				goto L2;
				__rcx =  &_v1376;
				__eax = E00007FF67FF600A758C0( &_v1376);
				__rcx =  &_v1352;
				__eax = E00007FF67FF600A75730( &_v1352);
				__r9 =  &_v2992;
				r8d = _v2992;
				__rdx = 0x8;
				__eflags =  *((intOrPtr*)(__rax - 0x75)) - 1 + bpl;
				asm("dec eax");
				asm("adc eax, 0x6e546");
				__eflags =  *((long long*)(__rsp + 0x60));
				if ( *((long long*)(__rsp + 0x60)) == 0) goto 0xa98d98;
				__r8 = _v2984;
				__rdx =  &_v3000;
				__rcx = _a16;
				__eax = E00007FF67FF600A98690(__rax, _a16,  &_v3000, _v2984);
				__rcx = __rsp + 0x70;
				__eax = E00007FF67FF600A90A60(__rsp + 0x70);
				__rax = _v3008;
				__rsp = __rsp + 0xbf8;
				return __eax;
			}




























































                                                0x7ff600a98760
                                                0x7ff600a98765
                                                0x7ff600a98773
                                                0x7ff600a9877c
                                                0x7ff600a98790
                                                0x7ff600a9879a
                                                0x7ff600a987b2
                                                0x7ff600a987cc
                                                0x7ff600a987d7
                                                0x7ff600a987db
                                                0x7ff600a987e5
                                                0x7ff600a987f7
                                                0x7ff600a987fa
                                                0x7ff600a98801
                                                0x7ff600a98815
                                                0x7ff600a9881a
                                                0x7ff600a98831
                                                0x7ff600a9884a
                                                0x7ff600a9885b
                                                0x7ff600a98860
                                                0x7ff600a9887b
                                                0x7ff600a98882
                                                0x7ff600a98884
                                                0x7ff600a9888f
                                                0x7ff600a98891
                                                0x7ff600a988a3
                                                0x7ff600a988ac
                                                0x7ff600a988b2
                                                0x7ff600a988ba
                                                0x7ff600a988c0
                                                0x7ff600a988d1
                                                0x7ff600a988d8
                                                0x7ff600a988eb
                                                0x7ff600a988ed
                                                0x7ff600a988f3
                                                0x7ff600a98905
                                                0x7ff600a9890b
                                                0x7ff600a98917
                                                0x7ff600a98922
                                                0x7ff600a9892d
                                                0x7ff600a98935
                                                0x7ff600a98941
                                                0x7ff600a9894c
                                                0x7ff600a98957
                                                0x7ff600a9897b
                                                0x7ff600a98981
                                                0x7ff600a98998
                                                0x7ff600a989a6
                                                0x7ff600a989ad
                                                0x7ff600a989bb
                                                0x7ff600a989c1
                                                0x7ff600a989c7
                                                0x7ff600a989d7
                                                0x7ff600a989dd
                                                0x7ff600a989e7
                                                0x7ff600a989e9
                                                0x7ff600a989fd
                                                0x7ff600a98a03
                                                0x7ff600a98a22
                                                0x7ff600a98a3d
                                                0x7ff600a98a45
                                                0x7ff600a98a58
                                                0x7ff600a98a63
                                                0x7ff600a98a6f
                                                0x7ff600a98a71
                                                0x7ff600a98a7c
                                                0x7ff600a98a80
                                                0x7ff600a98a82
                                                0x7ff600a98a88
                                                0x7ff600a98a8a
                                                0x7ff600a98a8d
                                                0x7ff600a98a90
                                                0x7ff600a98a92
                                                0x7ff600a98a97
                                                0x7ff600a98a9d
                                                0x7ff600a98aa2
                                                0x7ff600a98aaa
                                                0x7ff600a98aaf
                                                0x7ff600a98ab7
                                                0x7ff600a98ac1
                                                0x7ff600a98ac5
                                                0x7ff600a98acb
                                                0x7ff600a98ad0
                                                0x7ff600a98ad4
                                                0x7ff600a98ad7
                                                0x7ff600a98adc
                                                0x7ff600a98ade
                                                0x7ff600a98ae0
                                                0x7ff600a98af4
                                                0x7ff600a98afd
                                                0x7ff600a98b00
                                                0x7ff600a98b12
                                                0x7ff600a98b1b
                                                0x7ff600a98b1d
                                                0x7ff600a98b1e
                                                0x7ff600a98b21
                                                0x7ff600a98b22
                                                0x7ff600a98b24
                                                0x7ff600a98b27
                                                0x7ff600a98b2a
                                                0x7ff600a98b2e
                                                0x7ff600a98b31
                                                0x7ff600a98b37
                                                0x7ff600a98b3c
                                                0x7ff600a98b42
                                                0x7ff600a98b44
                                                0x7ff600a98b4b
                                                0x7ff600a98b50
                                                0x7ff600a98b60
                                                0x7ff600a98b63
                                                0x7ff600a98b6b
                                                0x7ff600a98b70
                                                0x7ff600a98b78
                                                0x7ff600a98b84
                                                0x7ff600a98b8f
                                                0x7ff600a98b9a
                                                0x7ff600a98ba2
                                                0x7ff600a98bae
                                                0x7ff600a98bb9
                                                0x7ff600a98bc4
                                                0x7ff600a98bcc
                                                0x7ff600a98bd4
                                                0x7ff600a98bdc
                                                0x7ff600a98bde
                                                0x7ff600a98be3
                                                0x7ff600a98be6
                                                0x7ff600a98be8
                                                0x7ff600a98bee
                                                0x7ff600a98c02
                                                0x7ff600a98c05
                                                0x7ff600a98c0c
                                                0x7ff600a98c13
                                                0x7ff600a98c1a
                                                0x7ff600a98c21
                                                0x7ff600a98c28
                                                0x7ff600a98c2e
                                                0x7ff600a98c34
                                                0x7ff600a98c3b
                                                0x7ff600a98c44
                                                0x7ff600a98c4a
                                                0x7ff600a98c4c
                                                0x7ff600a98c54
                                                0x7ff600a98c56
                                                0x7ff600a98c5c
                                                0x7ff600a98c63
                                                0x7ff600a98c6a
                                                0x7ff600a98c70
                                                0x7ff600a98c7b
                                                0x7ff600a98c83
                                                0x7ff600a98c8b
                                                0x7ff600a98c8f
                                                0x7ff600a98c97
                                                0x7ff600a98c9f
                                                0x7ff600a98ca7
                                                0x7ff600a98caa
                                                0x7ff600a98cb0
                                                0x7ff600a98cb2
                                                0x7ff600a98cb4
                                                0x7ff600a98cb9
                                                0x7ff600a98cbd
                                                0x7ff600a98cc5
                                                0x7ff600a98cc7
                                                0x7ff600a98ccf
                                                0x7ff600a98cd7
                                                0x7ff600a98ce1
                                                0x7ff600a98ce5
                                                0x7ff600a98ced
                                                0x7ff600a98cf7
                                                0x7ff600a98d05
                                                0x7ff600a98d0c
                                                0x7ff600a98d0f
                                                0x7ff600a98d11
                                                0x7ff600a98d13
                                                0x7ff600a98d1c
                                                0x7ff600a98d1d
                                                0x7ff600a98d21
                                                0x7ff600a98d23
                                                0x7ff600a98d33
                                                0x7ff600a98d37
                                                0x7ff600a98d3d
                                                0x7ff600a98d42
                                                0x7ff600a98d4a
                                                0x7ff600a98d4f
                                                0x7ff600a98d57
                                                0x7ff600a98d5c
                                                0x7ff600a98d61
                                                0x7ff600a98d66
                                                0x7ff600a98d6f
                                                0x7ff600a98d72
                                                0x7ff600a98d75
                                                0x7ff600a98d7a
                                                0x7ff600a98d7f
                                                0x7ff600a98d81
                                                0x7ff600a98d86
                                                0x7ff600a98d8b
                                                0x7ff600a98d93
                                                0x7ff600a98d98
                                                0x7ff600a98d9d
                                                0x7ff600a98da2
                                                0x7ff600a98da7
                                                0x7ff600a98db0

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CountTick$CacheCurrentFlushInstructionProcessProtectVirtual
                                                • String ID:
                                                • API String ID: 177942070-0
                                                • Opcode ID: 697a805dbdf06d0ce08151b3912b1b2caf82d492392ff1d795ba06f8d6f9aa68
                                                • Instruction ID: ae39f068e7ad164775338166e7a44697a79a586f56ac5ad4e490982a39519dde
                                                • Opcode Fuzzy Hash: 697a805dbdf06d0ce08151b3912b1b2caf82d492392ff1d795ba06f8d6f9aa68
                                                • Instruction Fuzzy Hash: C0F11C36A0DBC595EB608B15E4543AAB7A1FBC5784F600036DA8E87BA9DF7ED444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9EC40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 187injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: MemoryProcess$Write$ProtectVirtual$Read
                                                • String ID: AP$AQ$P$Q$R
                                                • API String ID: 4096692964-3897567023
                                                • Opcode ID: 879bc8d823fd1ee7d2b15940d2b28df8d3add7d6bb4a53eb788398c71e4bdd51
                                                • Instruction ID: 7c9b4d33905ee059ed2c5693b7e505be0edc0ad7fa4bbe4befe7786728ec1d73
                                                • Opcode Fuzzy Hash: 879bc8d823fd1ee7d2b15940d2b28df8d3add7d6bb4a53eb788398c71e4bdd51
                                                • Instruction Fuzzy Hash: E6B1092661DF81A6E7609B15F8543AAB3A4FB85740F601135EA8E83BAEDF3DD144CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A74410 Relevance: 22.8, APIs: 15, Instructions: 257threadinjectionmemoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 16%
                                                			E00007FF67FF600A74410(void* __ecx, void* __edi, void* __esi, void* __esp, void* __rax, long long __rcx, long long __rdx, void* __r8, long long __r9, long long _a8, long long _a16, void* _a20, void* _a24, void* _a28, long long _a32, void* _a36, long long _a40, void* _a44, signed int _a48, long long* _a56, signed char _a64) {
				void* _v4;
				void* _v52;
				void* _v60;
				void* _v68;
				void* _v76;
				void* _v84;
				void* _v93;
				void* _v98;
				void* _v103;
				void* _v112;
				void* _v119;
				void* _v120;
				void* _v124;
				void* _v132;
				long long _v1200;
				long long _v1216;
				long long _v1224;
				long long _v1304;
				void* _v1352;
				long long _v1360;
				char _v1368;
				long long _v1376;
				long long _v1384;
				char _v1392;
				char _v1400;
				void* _v1404;
				long long _v1408;
				void* _v1412;
				signed long long _v1416;
				void* _v1420;
				char _v1424;
				void* _v1428;
				void* _v1436;
				char _v1448;
				void* _v1452;
				long long _v1456;
				long long _v1464;
				void* _v1468;
				long long _v1472;
				void* _v1476;
				long long _v1480;
				void* _v1484;
				long long _v1488;
				void* _v1492;
				long long _v1496;
				void* _v1500;
				void* _v1508;
				void* _t157;
				signed char _t175;
				void* _t186;
				void* _t187;
				void* _t213;
				signed long long _t216;
				long long _t222;
				long long _t228;
				long long _t232;
				long long _t241;
				long long* _t242;
				intOrPtr* _t243;
				long long _t247;
				long long _t248;
				void* _t255;

				_t213 = __rax;
				_t186 = __ecx;
				_a32 = __r9;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_v1424 = 0;
				r8d = 0x18;
				E00007FF67FF600AA7EF0(_t157, _t187,  &_v1448, 0, __r8);
				if (_a16 != 0) goto 0xa7446e;
				E00007FF67FF600A73A80(_t213,  &_v1448);
				if (_t213 == 0) goto 0xa7446e;
				_a16 =  &_v1448;
				E00007FF67FF600A73C80( &_v1448);
				_v1480 = _a56;
				_v1488 = _a48;
				_v1496 = _a40;
				CreateRemoteThread(??, ??, ??, ??, ??, ??, ??);
				_v1424 = _a24;
				if (_v1424 != 0) goto 0xa7498b;
				_t216 = _a64 & 0x000000ff;
				if (_t216 != 0) goto 0xa7498b;
				E00007FF67FF600A7C6A0(_t186, _t187, _t216, 0xb07fb8);
				_v1416 = _t216;
				if (_v1416 == 0) goto 0xa7498b;
				_v1408 = 0;
				if (_a16 == 0) goto 0xa74525;
				_v1408 =  *((intOrPtr*)(_a16 + 8));
				_v1400 = 0;
				_v1392 = 0;
				if (_a24 == 0) goto 0xa74577;
				if ((_a48 & 0x00010000) == 0) goto 0xa74568;
				_v1400 = _a24;
				goto 0xa74577;
				_t222 = _a24;
				_v1392 = _t222;
				E00007FF67FF600A75470(_t187, _t222, _a8);
				if (_t222 == 0) goto 0xa747a6;
				E00007FF67FF600A7C5E0(_t186, _t187, _t222, 0xb081e0, 0, _a24);
				_v1384 = _t222;
				if (_v1384 == 0) goto 0xa7471d;
				_v1456 =  &_v1368;
				_v1464 =  &_v1424;
				_v1472 = _a40;
				_v1480 = _v1384;
				_v1488 =  &_v1392;
				_t228 =  &_v1400;
				_v1496 = _t228;
				r9d = 0;
				r8d = 1;
				_v1416();
				_v1376 = _t228;
				if (_v1376 < 0) goto 0xa74718;
				_v1304 = 0x100003;
				GetThreadContext(??, ??);
				if (_t228 == 0) goto 0xa746e0;
				_v1200 = _v1200 - 0x30;
				_v1224 = _a32;
				_t232 = _a40;
				_v1216 = _t232;
				SetThreadContext(??, ??);
				if (_t232 == 0) goto 0xa746b7;
				if ((_a48 & 0x00000004) != 0) goto 0xa746b5;
				ResumeThread(??);
				goto 0xa746de;
				GetLastError();
				TerminateThread(??, ??);
				CloseHandle(??);
				_v1424 = 0;
				goto 0xa74707;
				GetLastError();
				TerminateThread(??, ??);
				CloseHandle(??);
				_v1424 = 0;
				 *_a56 = _v1360;
				goto 0xa747a1;
				_v1456 =  &_v1368;
				_v1464 =  &_v1424;
				_v1472 = _a40;
				_v1480 = _a32;
				_v1488 =  &_v1392;
				_t241 =  &_v1400;
				_v1496 = _t241;
				r9d = 0;
				r8d = 0;
				_t175 = _v1416();
				_v1376 = _t241;
				if (_v1376 < 0) goto 0xa747a1;
				_t242 = _a56;
				 *_t242 = _v1360;
				goto 0xa7498b;
				 *((intOrPtr*)(_t255 + 0x182039ffffffff0)) =  *((intOrPtr*)(_t255 + 0x182039ffffffff0)) + _t186;
				 *((long long*)(_t242 - 0x77)) =  *((long long*)(_t242 - 0x77)) - 1;
				_t243 = _t242 + 0x83480000;
				 *_t243 = _t243;
				 *_t243 =  *_t243 + _t175;
				asm("push es");
				 *((intOrPtr*)(0x840f0000000585ac)) =  *((intOrPtr*)(0x840f0000000585ac)) + (_t175 & 0x00000018);
				 *0x840F0000000585B1 = 0x840f0000000585ac;
				 *0x840F0000000585C1 =  *0x840F0000000585A4;
				if ((E00007FF67FF600A71BF0(_t187,  *0x840F0000000585A4,  *0x840F000000058624) & 0x000000ff) == 0) goto 0xa74844;
				_t247 =  *0xb34b60; // 0x0
				 *0x840F0000000585C6 = _t247;
				_t248 =  *0xb34af8; // 0x0
				 *0x840F0000000585CB = _t248;
				goto 0xa74865;
				E00007FF67FF600A71330(_t248,  *((intOrPtr*)(0x840f0000000585a4)),  *((intOrPtr*)(0x840f000000058624)));
				 *((long long*)(0x840f0000000585a4)) = 0;
				if ( *((long long*)(0x840f0000000585a4)) == 0) goto 0xa7498b;
				 *0x840F000000058044 = 0x840f0000000585d4;
				r9d = 0x25;
				WriteProcessMemory(??, ??, ??, ??, ??);
				if (0x840f0000000585d4 == 0) goto 0xa74985;
				 *0x840F00000005806C = 0x840f0000000585e4;
				 *0x840F000000058064 = 0x840f00000005808c;
				 *0x840F00000005805C =  *((intOrPtr*)(0x840f000000058644));
				 *0x840F000000058054 =  *((intOrPtr*)(0x840f0000000585a4));
				 *0x840F00000005804C = 0x840f0000000580ac;
				 *((long long*)(0x840f000000058044)) = 0x840f0000000580a4;
				r9d = 0;
				 *0x840F000000058094();
				 *0x840F0000000585DC =  *0x840F00000005864C & 0x00000004;
				if ( *0x840F0000000585DC < 0) goto 0xa7496e;
				 *((long long*)( *0x840F000000058654)) =  *((intOrPtr*)(0x840f0000000585ec));
				 *((long long*)(0x840f000000058044)) = 0x840f0000000585f4;
				r9d = 0x20;
				r8d = 0x25;
				VirtualProtectEx(??, ??, ??, ??, ??);
				goto 0xa74983;
				E00007FF67FF600A71330(0x840f0000000585f4,  *((intOrPtr*)(0x840f0000000585a4)),  *((intOrPtr*)(0x840f000000058624)));
				goto 0xa7498b;
				GetLastError();
				if ( *0x840F00000005807C == 0) goto 0xa749a9;
				GetProcessHeap();
				return HeapFree(??, ??, ??);
			}

































































                                                0x7ff600a74410
                                                0x7ff600a74410
                                                0x7ff600a74410
                                                0x7ff600a74415
                                                0x7ff600a7441a
                                                0x7ff600a7441f
                                                0x7ff600a7442d
                                                0x7ff600a74436
                                                0x7ff600a74443
                                                0x7ff600a74451
                                                0x7ff600a74458
                                                0x7ff600a7445f
                                                0x7ff600a74466
                                                0x7ff600a7446e
                                                0x7ff600a74482
                                                0x7ff600a7448e
                                                0x7ff600a7449a
                                                0x7ff600a744ba
                                                0x7ff600a744c0
                                                0x7ff600a744cb
                                                0x7ff600a744d1
                                                0x7ff600a744db
                                                0x7ff600a744ea
                                                0x7ff600a744ef
                                                0x7ff600a744fa
                                                0x7ff600a74500
                                                0x7ff600a74512
                                                0x7ff600a74520
                                                0x7ff600a74525
                                                0x7ff600a74531
                                                0x7ff600a74545
                                                0x7ff600a74555
                                                0x7ff600a7455e
                                                0x7ff600a74566
                                                0x7ff600a74568
                                                0x7ff600a7456f
                                                0x7ff600a7457f
                                                0x7ff600a74586
                                                0x7ff600a74595
                                                0x7ff600a7459a
                                                0x7ff600a745ab
                                                0x7ff600a745b9
                                                0x7ff600a745c3
                                                0x7ff600a745d0
                                                0x7ff600a745dd
                                                0x7ff600a745ea
                                                0x7ff600a745ef
                                                0x7ff600a745f7
                                                0x7ff600a745fc
                                                0x7ff600a745ff
                                                0x7ff600a74612
                                                0x7ff600a74616
                                                0x7ff600a74625
                                                0x7ff600a7462b
                                                0x7ff600a74643
                                                0x7ff600a7464b
                                                0x7ff600a7465d
                                                0x7ff600a7466d
                                                0x7ff600a74675
                                                0x7ff600a7467d
                                                0x7ff600a74692
                                                0x7ff600a7469a
                                                0x7ff600a746a8
                                                0x7ff600a746af
                                                0x7ff600a746b5
                                                0x7ff600a746b7
                                                0x7ff600a746c4
                                                0x7ff600a746cf
                                                0x7ff600a746d5
                                                0x7ff600a746de
                                                0x7ff600a746e0
                                                0x7ff600a746ed
                                                0x7ff600a746f8
                                                0x7ff600a746fe
                                                0x7ff600a74716
                                                0x7ff600a74718
                                                0x7ff600a74725
                                                0x7ff600a7472f
                                                0x7ff600a7473c
                                                0x7ff600a74749
                                                0x7ff600a74756
                                                0x7ff600a7475b
                                                0x7ff600a74763
                                                0x7ff600a74768
                                                0x7ff600a7476b
                                                0x7ff600a7477b
                                                0x7ff600a7477f
                                                0x7ff600a7478e
                                                0x7ff600a74790
                                                0x7ff600a7479f
                                                0x7ff600a747a1
                                                0x7ff600a747af
                                                0x7ff600a747c4
                                                0x7ff600a747ca
                                                0x7ff600a747d8
                                                0x7ff600a747da
                                                0x7ff600a747fc
                                                0x7ff600a747fd
                                                0x7ff600a747ff
                                                0x7ff600a7480d
                                                0x7ff600a74826
                                                0x7ff600a74828
                                                0x7ff600a7482e
                                                0x7ff600a74835
                                                0x7ff600a7483b
                                                0x7ff600a74842
                                                0x7ff600a74854
                                                0x7ff600a74859
                                                0x7ff600a7486e
                                                0x7ff600a7487c
                                                0x7ff600a74881
                                                0x7ff600a7489f
                                                0x7ff600a748a7
                                                0x7ff600a748c1
                                                0x7ff600a748cb
                                                0x7ff600a748d8
                                                0x7ff600a748e5
                                                0x7ff600a748f2
                                                0x7ff600a748ff
                                                0x7ff600a74904
                                                0x7ff600a74917
                                                0x7ff600a7491b
                                                0x7ff600a7492a
                                                0x7ff600a7493b
                                                0x7ff600a74945
                                                0x7ff600a7494a
                                                0x7ff600a74950
                                                0x7ff600a74966
                                                0x7ff600a7496c
                                                0x7ff600a7497e
                                                0x7ff600a74983
                                                0x7ff600a74985
                                                0x7ff600a74991
                                                0x7ff600a74993
                                                0x7ff600a749b7

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Thread$Process$CurrentHandleHeap$CloseErrorLast$ContextFreeKernelObjectSecurityTerminateVirtual$AllocCreateDuplicateMemoryProtectRemoteResumeWrite
                                                • String ID:
                                                • API String ID: 1209703307-0
                                                • Opcode ID: c98a1ac0f155a5639ae4ebb7042f4c1bc0e11937e51d3bfd92c4388b7ffd5205
                                                • Instruction ID: 631068af07fa65d5a34854b036916a91f8a245a9c642ccd34ed9a2e9e5a8edae
                                                • Opcode Fuzzy Hash: c98a1ac0f155a5639ae4ebb7042f4c1bc0e11937e51d3bfd92c4388b7ffd5205
                                                • Instruction Fuzzy Hash: 1BE1813660CB8196E7708B15E8843ABB7A5F7C9780F604135EA8D82BADDF3DD554CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8D7E0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 152filememorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastLocal$AllocCloseControlCreateCurrentDeviceFileFreeHandleThread
                                                • String ID: .$\$\$\
                                                • API String ID: 123711519-3136547729
                                                • Opcode ID: fa41085e24ba1d101d448f883a6e8b2790b55967fa83e7f25bc38bf2f9353174
                                                • Instruction ID: 859d07ef03c14f183ea1c79a5f60261b30f62234acf174c7c284239e78e004e2
                                                • Opcode Fuzzy Hash: fa41085e24ba1d101d448f883a6e8b2790b55967fa83e7f25bc38bf2f9353174
                                                • Instruction Fuzzy Hash: 6C81E33264CAC286D7748B19E4507AEB7A0F789784F10813ADBDE87B9ADF7CD0449B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A78D00 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 115synchronizationfileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 21%
                                                			E00007FF67FF600A78D00(long long __rax) {
				void* _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v120;
				char _v136;
				char _v144;
				char _v160;
				char _v200;
				long long _v208;
				long long _v216;
				void* _t44;
				void* _t53;
				void* _t69;
				long long _t79;
				intOrPtr* _t80;
				long long* _t81;
				intOrPtr _t106;

				_t79 = __rax;
				if ( *0xb34c10 != 0) goto 0xa78f7d;
				E00007FF67FF600A7E080(E00007FF67FF600A7E080(_t44,  &_v200),  &_v120);
				r8d = 8;
				E00007FF67FF600A7C440(0xb08454,  &_v144);
				_v56 = _t79;
				GetCurrentProcessId();
				_v48 = _t79;
				r8d = 0x10;
				E00007FF67FF600A7C440(0xb0847c,  &_v160);
				_v40 = _t79;
				r8d = 0x10;
				E00007FF67FF600A7C440(0xb08464,  &_v136);
				_v208 = _v56;
				_v216 = _v48;
				E00007FF67FF600A7F640(E00007FF67FF600A7F490( &_v200, L"%S%S$%x%S", _t79, _v40),  &_v200);
				_t53 = CreateMutexW(??, ??, ??);
				_v80 = _t79;
				if (_v80 == 0) goto 0xa78f66;
				 *_t79 =  *_t79 + _t53;
				WaitForSingleObject(??, ??);
				GetCurrentProcessId();
				_v32 = _t79;
				r8d = 0x10;
				E00007FF67FF600A7C440(0xb0847c,  &_v160);
				_v24 = _t79;
				r8d = 0x10;
				E00007FF67FF600A7C440(0xb08464,  &_v136);
				_v216 = _v32;
				E00007FF67FF600A7F640(E00007FF67FF600A7F490( &_v120, L"%S%S$%x", _t79, _v24),  &_v120);
				_v208 = _t79;
				_v216 = 4;
				r9d = 0;
				r8d = 4;
				CreateFileMappingW(??, ??, ??, ??, ??, ??);
				_v72 = _t79;
				if (_v72 == 0) goto 0xa78f4a;
				GetLastError();
				if (_t79 == 0xb7) goto 0xa78ed9;
				_v16 = 1;
				goto 0xa78ee4;
				_v16 = 0;
				_t80 = _v16;
				_v64 = _t80;
				_v216 = 0;
				r9d = 0;
				r8d = 0;
				 *_t80 =  *_t80;
				MapViewOfFile(??, ??, ??, ??, ??);
				 *0xb34c10 = _t80;
				if (_v64 == 0) goto 0xa78f3c;
				if ( *0xb34c10 == 0) goto 0xa78f3c;
				_t81 =  *0xb34c10; // 0x0
				 *_t81 = 0;
				CloseHandle(??);
				ReleaseMutex(??);
				CloseHandle(??);
				E00007FF67FF600A7E460( &_v120);
				E00007FF67FF600A7E460( &_v200);
				if ( *0xb34c10 == 0) goto 0xa78f97;
				_t106 =  *0xb34c10; // 0x0
				_t69 = E00007FF67FF600A78FB0(_t106);
				goto 0xa78f99;
				return _t69;
			}


























                                                0x7ff600a78d00
                                                0x7ff600a78d0f
                                                0x7ff600a78d27
                                                0x7ff600a78d2c
                                                0x7ff600a78d3e
                                                0x7ff600a78d43
                                                0x7ff600a78d4b
                                                0x7ff600a78d51
                                                0x7ff600a78d58
                                                0x7ff600a78d6a
                                                0x7ff600a78d6f
                                                0x7ff600a78d77
                                                0x7ff600a78d89
                                                0x7ff600a78d96
                                                0x7ff600a78da2
                                                0x7ff600a78dca
                                                0x7ff600a78dd6
                                                0x7ff600a78ddc
                                                0x7ff600a78ded
                                                0x7ff600a78dfe
                                                0x7ff600a78e00
                                                0x7ff600a78e06
                                                0x7ff600a78e0c
                                                0x7ff600a78e13
                                                0x7ff600a78e25
                                                0x7ff600a78e2a
                                                0x7ff600a78e32
                                                0x7ff600a78e44
                                                0x7ff600a78e50
                                                0x7ff600a78e7e
                                                0x7ff600a78e83
                                                0x7ff600a78e88
                                                0x7ff600a78e90
                                                0x7ff600a78e93
                                                0x7ff600a78ea2
                                                0x7ff600a78ea8
                                                0x7ff600a78eb9
                                                0x7ff600a78ebf
                                                0x7ff600a78eca
                                                0x7ff600a78ecc
                                                0x7ff600a78ed7
                                                0x7ff600a78ed9
                                                0x7ff600a78ee4
                                                0x7ff600a78eeb
                                                0x7ff600a78ef2
                                                0x7ff600a78efb
                                                0x7ff600a78efe
                                                0x7ff600a78f0c
                                                0x7ff600a78f0e
                                                0x7ff600a78f14
                                                0x7ff600a78f23
                                                0x7ff600a78f2d
                                                0x7ff600a78f2f
                                                0x7ff600a78f36
                                                0x7ff600a78f44
                                                0x7ff600a78f52
                                                0x7ff600a78f60
                                                0x7ff600a78f6e
                                                0x7ff600a78f78
                                                0x7ff600a78f85
                                                0x7ff600a78f87
                                                0x7ff600a78f8e
                                                0x7ff600a78f95
                                                0x7ff600a78fa0

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseCreateCurrentFileHandleMutexProcess$ErrorLastMappingObjectReleaseSingleViewWait
                                                • String ID: %S%S$%x$%S%S$%x%S
                                                • API String ID: 943965849-81248443
                                                • Opcode ID: 0ede29913c7a330ffbd4a6e0d49065040517dcce759c9a94b1efc4323a3615ae
                                                • Instruction ID: e554480472628e2b8f215b4c06c101b5acd71ed44c8b9a55c362f5b028a86eb3
                                                • Opcode Fuzzy Hash: 0ede29913c7a330ffbd4a6e0d49065040517dcce759c9a94b1efc4323a3615ae
                                                • Instruction Fuzzy Hash: 96613E32A1CA82A5E770DB15F8543AA7360FB85754F608135D68EC2BADDF3DE148CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A72BE0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Current$Process$Handle$DuplicateThread$Close
                                                • String ID: @
                                                • API String ID: 1263286100-2766056989
                                                • Opcode ID: 30c70810ab2771b39a83d5d19b55df50bc08304216502c07a17adf40d22bd873
                                                • Instruction ID: 55e66d15817c27ca4974fcacdc9e866547018d8f04a60ca81e2464dea01f96d2
                                                • Opcode Fuzzy Hash: 30c70810ab2771b39a83d5d19b55df50bc08304216502c07a17adf40d22bd873
                                                • Instruction Fuzzy Hash: B351D93291CA8196E7709B65F8543AAB7B0FBC6744F604135E68E82BADDF3DD448CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A72F80 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 95librarymemoryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Process$CloseHandleOpenToken$AddressAllocateCurrentFreeInformationInitializeLibraryLoadProcVersion
                                                • String ID: CheckTokenMembership$advapi32.dll
                                                • API String ID: 810624035-1888249752
                                                • Opcode ID: 6d44d32ac374bb320689ddacc85dd1bddcdd770a0e32b7dc01a3753a63ad3dd4
                                                • Instruction ID: cc2671e4cbd99765e4c788807fd149847c0ac1f7759195f327e0892501d9e9bb
                                                • Opcode Fuzzy Hash: 6d44d32ac374bb320689ddacc85dd1bddcdd770a0e32b7dc01a3753a63ad3dd4
                                                • Instruction Fuzzy Hash: 6A510D33A0C7819AE7608B15E4583ABB7A0FB81744F644139D68D86BADDF7DE148CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A984B0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 89synchronizationstringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00007FF67FF600A984B0(void* __ecx, void* __eflags, long long __rcx, long long __rdx, signed long long* __r8, long long __r9, long long _a8, void* _a16, signed long long* _a24, long long _a32, signed long long _a40) {
				long long _v20;
				long long _v24;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v56;
				long long _v64;
				char _v104;
				void* _t40;
				void* _t52;
				void* _t53;
				long long _t60;
				intOrPtr* _t61;
				signed long long _t63;

				_t52 = __ecx;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v64 = 0;
				_t60 = _a24;
				 *_t60 = 0;
				E00007FF67FF600A7C5E0(__ecx, _t53, _t60, 0xb0d080, 0, __r8);
				 *0xb35140 = _t60;
				_t40 = E00007FF67FF600A7C5E0(__ecx, _t53, _t60, 0xb0d0a0, 0, __r8);
				 *0xb35148 = _t60;
				E00007FF67FF600A7E080(_t40,  &_v104);
				r8d = 0x20;
				E00007FF67FF600A7C440(0xb0d0cc,  &_v56);
				lstrcatA(??, ??);
				_v49 = 0x72;
				_v48 = 0x64;
				_v47 = 0x65;
				_v46 = 0x63;
				_v45 = 0x20;
				_v44 = 0;
				r9d = GetCurrentProcessId();
				E00007FF67FF600A7F640(E00007FF67FF600A7F490( &_v104, L"%S$%x",  &_v56, __r9),  &_v104);
				CreateMutexW(??, ??, ??);
				 *_a16 = _t60;
				_t61 = _a16;
				if ( *_t61 == 0) goto 0xa98668;
				 *_t61 =  *_t61 + _t61;
				 *((intOrPtr*)(_t61 - 0x75)) =  *((intOrPtr*)(_t61 - 0x75)) + _t52;
				dil = dil;
				asm("adc eax, 0x6ec02");
				 *0xb35128 = _a32;
				_t63 = _a40;
				 *0xb35130 = _t63;
				if ( *0xb35140 == 0) goto 0xa985f8;
				if ( *0xb35148 != 0) goto 0xa985fa;
				goto 0xa9863f;
				 *_t63 =  *_t63 | _t63;
				 *_a24 = _t63;
				if ( *_a24 == 0) goto 0xa9862f;
				_v20 = 1;
				goto 0xa98637;
				_v20 = 0;
				_v64 = _v20;
				if (_v64 != 0) goto 0xa98668;
				ReleaseMutex(??);
				CloseHandle(??);
				_v24 = _v64;
				return E00007FF67FF600A7E460( &_v104);
			}




















                                                0x7ff600a984b0
                                                0x7ff600a984b0
                                                0x7ff600a984b5
                                                0x7ff600a984ba
                                                0x7ff600a984bf
                                                0x7ff600a984cb
                                                0x7ff600a984d3
                                                0x7ff600a984db
                                                0x7ff600a984eb
                                                0x7ff600a984f0
                                                0x7ff600a98500
                                                0x7ff600a98505
                                                0x7ff600a98511
                                                0x7ff600a98516
                                                0x7ff600a98528
                                                0x7ff600a98539
                                                0x7ff600a9853f
                                                0x7ff600a98544
                                                0x7ff600a98549
                                                0x7ff600a9854e
                                                0x7ff600a98553
                                                0x7ff600a98558
                                                0x7ff600a98563
                                                0x7ff600a98581
                                                0x7ff600a9858d
                                                0x7ff600a9859b
                                                0x7ff600a9859e
                                                0x7ff600a985aa
                                                0x7ff600a985ba
                                                0x7ff600a985bc
                                                0x7ff600a985bf
                                                0x7ff600a985c1
                                                0x7ff600a985ce
                                                0x7ff600a985d5
                                                0x7ff600a985dd
                                                0x7ff600a985ec
                                                0x7ff600a985f6
                                                0x7ff600a985f8
                                                0x7ff600a9860a
                                                0x7ff600a98614
                                                0x7ff600a98623
                                                0x7ff600a98625
                                                0x7ff600a9862d
                                                0x7ff600a9862f
                                                0x7ff600a9863b
                                                0x7ff600a98644
                                                0x7ff600a98651
                                                0x7ff600a98662
                                                0x7ff600a9866c
                                                0x7ff600a98685

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Mutex$CloseCreateCurrentHandleObjectProcessReleaseSingleWaitlstrcat
                                                • String ID: $%S$%x$c$d$e$r
                                                • API String ID: 2488341909-2741142465
                                                • Opcode ID: 00312b4c163ee922e052d59ff8572c92069399d0d55f77a9233fea885c6494a9
                                                • Instruction ID: 78184dc3b6690bd84c39fb904ec58b637a2163fc592d96367ae9617ab2709d0c
                                                • Opcode Fuzzy Hash: 00312b4c163ee922e052d59ff8572c92069399d0d55f77a9233fea885c6494a9
                                                • Instruction Fuzzy Hash: DE513332A0CB81E6E720DB15E85436AB7A0FB86754F604135D68E877ADDF7EE548CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A96A10 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 472filememorylibraryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 35%
                                                			E00007FF67FF600A96A10(void* __edx, void* __edi, void* __esi, void* __esp, void* __rax, long long __rcx, long long __r8, long long __r9, signed int _a4, long long _a8, long long* _a12, signed int _a16, char* _a20, long long _a24, void* _a28, long long _a32) {
				signed int _v4;
				void* _v40;
				long long _v48;
				void* _v64;
				void* _v68;
				void* _v84;
				void* _v124;
				char _v132;
				void* _v140;
				void* _v148;
				void* _v420;
				void* _v436;
				char _v444;
				void* _v484;
				void* _v672;
				void* _v888;
				void* _v1088;
				void* _v1128;
				void* _v1144;
				void* _v1160;
				void* _v1360;
				void* _v1576;
				char _v1588;
				void* _v1592;
				void* _v1792;
				void* _v1832;
				void* _v1848;
				void* _v1864;
				void* _v1872;
				void* _v1880;
				void* _v2088;
				void* _v2108;
				void* _v2128;
				long long _v2136;
				void* _v2152;
				void* _v2352;
				void* _v2568;
				void* _v2584;
				void* _v2588;
				void* _v2592;
				long long _v2600;
				void* _v2612;
				void* _v2628;
				void* _t269;
				signed char _t282;
				void* _t291;
				void* _t292;
				signed char _t309;
				void* _t311;
				signed char _t312;
				void* _t313;
				signed long long _t376;
				long long _t377;
				intOrPtr* _t394;
				signed int _t396;
				long long _t439;
				long long _t444;
				signed int* _t450;
				signed int* _t452;
				WCHAR* _t457;
				intOrPtr _t462;
				long long _t468;
				intOrPtr* _t474;
				intOrPtr _t478;
				signed int _t553;
				void* _t575;
				void* _t577;
				void* _t579;
				void* _t580;

				_t313 = __edx;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = _t553;
				_a8 = __rcx;
				_t580 = _t579 - 0xa48;
				_v2600 = 0;
				_t376 = _a16 & 0x00000002;
				if (_t376 != 0) goto 0xa97044;
				 *((long long*)(_t376 - 0x7b)) =  *((long long*)(_t376 - 0x7b)) - 1;
				 *(_t577 + _t575 + 0x48) =  *(_t577 + _t575 + 0x48) << 0x8b;
				 *((intOrPtr*)(_t376 - 0x75)) =  *((intOrPtr*)(_t376 - 0x75)) + _t312;
				if (( *_t376 & spl) < 0) goto 0xa96aab;
				E00007FF67FF600A7FBB0(_t580 + 0x50, _t553, _t376);
				_t377 =  *((intOrPtr*)(_t580 + 0x128));
				_v2600 = _t377;
				E00007FF67FF600A80000(_t580 + 0x50);
				 *((long long*)(_t580 + 0x3c)) = _t377;
				E00007FF67FF600A7FFA0(_t580 + 0x50);
				goto 0xa96bb9;
				 *((long long*)(_t580 + 0x1f0)) =  *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x78));
				if (0 == 1) goto 0xa96b6e;
				E00007FF67FF600A90770(_t580 + 0x200,  *((intOrPtr*)(_t580 + 0x1f0)), _t575);
				 *((long long*)(_t580 + 0x1f0)) =  *((intOrPtr*)(_t580 + 0x230));
				if (_v2136 == 0) goto 0xa96b4d;
				if ( *((intOrPtr*)(_t580 + 0x1f0)) -  *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x78)) - 6 >= 0) goto 0xa96b4d;
				if (( *(_t580 + 0x21c) & 0x0000ffff) == 0xc2) goto 0xa96b4d;
				if (( *(_t580 + 0x21c) & 0x0000ffff) == 0xc3) goto 0xa96b4d;
				if (( *(_t580 + 0x21c) & 0x0000ffff) == 0xca) goto 0xa96b4d;
				if (( *(_t580 + 0x21c) & 0x0000ffff) == 0xcb) goto 0xa96b4d;
				if (( *(_t580 + 0x21c) & 0x0000ffff) != 0xcf) goto 0xa96b5c;
				E00007FF67FF600A90A60(_t580 + 0x200);
				goto 0xa96b6e;
				_t269 = E00007FF67FF600A90A60(_t580 + 0x200);
				goto 0xa96aa8;
				if ( *((intOrPtr*)(_t580 + 0x1f0)) -  *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x78)) - 6 < 0) goto 0xa96b9b;
				_v48 = 1;
				goto 0xa96ba6;
				_v48 = 0;
				_v2600 = _v48;
				_t394 = _v2600;
				 *((long long*)(_t580 + 0x3c)) = _t394;
				if (_v2600 == 0) goto 0xa96c04;
				if ( *((long long*)(_t580 + 0x3c)) == 0) goto 0xa96c04;
				 *((long long*)(_t394 - 0x7b)) =  *((long long*)(_t394 - 0x7b)) - 1;
				asm("ror byte [edi], 0x85");
				 *_t394 =  *_t394 + _t269;
				_t396 = _v4;
				E00007FF67FF600A97FA0( *((intOrPtr*)(_t396 + 0x68)),  *((intOrPtr*)(_v4 + 0x78)), _t580 + 0x40, 4, _t577);
				if (_t396 == 0) goto 0xa97044;
				_a4 = _a4 | 0x00000002;
				if ( *((long long*)(_t580 + 0x38)) == 0) goto 0xa96c23;
				if (_v2600 != 0) goto 0xa96c25;
				goto 0xa96c33;
				 *_a20 = 0x770004;
				if ((_a4 & 0x00000200) == 0) goto 0xa97044;
				 *(_t580 + 0x300) =  *((intOrPtr*)(_v4 + 0x78));
				if (( *( *(_t580 + 0x300)) & 0x000000ff) != 0x48) goto 0xa96d0a;
				if ((( *(_t580 + 0x300))[1] & 0x000000ff) != 0xc7) goto 0xa96d0a;
				if ((( *(_t580 + 0x300))[2] & 0x000000ff) != 0xc0) goto 0xa96d0a;
				if ((( *(_t580 + 0x300))[7] & 0x000000ff) != 0xff) goto 0xa96cbf;
				if ((( *(_t580 + 0x300))[8] & 0x000000ff) == 0xe0) goto 0xa96ce3;
				if ((( *(_t580 + 0x300))[7] & 0x000000ff) != 0x50) goto 0xa96d0a;
				if ((( *(_t580 + 0x300))[8] & 0x000000ff) != 0xc3) goto 0xa96d0a;
				 *((long long*)(_t580 + 0x310)) = 1;
				 *((long long*)(_t580 + 0x308)) =  *((intOrPtr*)( *((intOrPtr*)(_v4 + 0x78)) + 3));
				goto 0xa96de4;
				if (( *( *(_t580 + 0x300)) & 0x000000ff) != 0x48) goto 0xa96da0;
				if ((( *(_t580 + 0x300))[1] & 0x000000ff) != 0xb8) goto 0xa96da0;
				if ((( *(_t580 + 0x300))[0xa] & 0x000000ff) != 0xff) goto 0xa96d57;
				if ((( *(_t580 + 0x300))[0xb] & 0x000000ff) == 0xe0) goto 0xa96d7b;
				if ((( *(_t580 + 0x300))[0xa] & 0x000000ff) != 0x50) goto 0xa96da0;
				if ((( *(_t580 + 0x300))[0xb] & 0x000000ff) != 0xc3) goto 0xa96da0;
				 *((long long*)(_t580 + 0x310)) = 1;
				 *((long long*)(_t580 + 0x308)) =  *((intOrPtr*)( *((intOrPtr*)(_v4 + 0x78)) + 2));
				goto 0xa96de4;
				E00007FF67FF600A90770(_t580 + 0x320,  *((intOrPtr*)(_v4 + 0x78)));
				 *((long long*)(_t580 + 0x310)) =  *((intOrPtr*)(_t580 + 0x330));
				 *((long long*)(_t580 + 0x308)) =  *((intOrPtr*)(_t580 + 0x358));
				E00007FF67FF600A90A60(_t580 + 0x320);
				if ( *((long long*)(_t580 + 0x310)) == 0) goto 0xa97044;
				if ( *((long long*)(_t580 + 0x308)) == 0) goto 0xa97044;
				E00007FF67FF600A7FBB0( &_v1588,  *((intOrPtr*)(_t580 + 0x308)));
				_t439 =  *((intOrPtr*)(_t580 + 0x508));
				 *((long long*)(_t580 + 0x424)) = _t439;
				E00007FF67FF600A80000( &_v1588);
				 *((long long*)(_t580 + 0x420)) = _t439;
				E00007FF67FF600A7FFA0( &_v1588);
				 *((long long*)(_t580 + 0x5d0)) = 0;
				goto 0xa96e63;
				 *((long long*)(_t580 + 0x5d0)) =  *((intOrPtr*)(_t580 + 0x5d0)) + 1;
				if ( *((long long*)(_t580 + 0x5d0)) - 0xa >= 0) goto 0xa96f33;
				if ( *((long long*)(_t580 + 0x424)) == 0) goto 0xa96f2c;
				if ( *((long long*)(_t580 + 0x420)) != 0) goto 0xa96f2c;
				E00007FF67FF600A90770(_t580 + 0x5e0,  *((intOrPtr*)(_t580 + 0x308)));
				 *((long long*)(_t580 + 0x310)) =  *((intOrPtr*)(_t580 + 0x5f0));
				 *((long long*)(_t580 + 0x308)) =  *((intOrPtr*)(_t580 + 0x618));
				E00007FF67FF600A90A60(_t580 + 0x5e0);
				if ( *((long long*)(_t580 + 0x310)) == 0) goto 0xa96f28;
				if ( *((long long*)(_t580 + 0x308)) == 0) goto 0xa96f28;
				E00007FF67FF600A7FBB0(_t580 + 0x6e0,  *((intOrPtr*)(_t580 + 0x308)));
				_t444 =  *((intOrPtr*)(_t580 + 0x7b8));
				 *((long long*)(_t580 + 0x424)) = _t444;
				E00007FF67FF600A80000(_t580 + 0x6e0);
				 *((long long*)(_t580 + 0x420)) = _t444;
				E00007FF67FF600A7FFA0(_t580 + 0x6e0);
				goto 0xa96f2a;
				goto 0xa96f33;
				goto 0xa96f2e;
				goto 0xa96f33;
				goto 0xa96e52;
				if ( *((long long*)(_t580 + 0x424)) == 0) goto 0xa97044;
				if ( *((long long*)(_t580 + 0x420)) == 0) goto 0xa97044;
				 *_a12 =  *((intOrPtr*)(_t580 + 0x308));
				_a4 = _a4 & 0xfffffffd;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				r8d = 0x8000;
				_t282 = VirtualFree(??, ??, ??);
				_t450 = _a12;
				 *((long long*)(_t450 - 0x75)) =  *((long long*)(_t450 - 0x75)) - 1;
				 *_t450 = fs;
				 *((intOrPtr*)(_t450 - 0x77)) =  *((intOrPtr*)(_t450 - 0x77)) + _t312;
				asm("adc dword [eax+0x48000000], 0x6024848b");
				 *((intOrPtr*)(_t450 - 0x75)) =  *((intOrPtr*)(_t450 - 0x75)) + _t312;
				_t452 = _t450;
				 *_t452 =  *_t452 + (_t282 |  *_t450 |  *_t450);
				 *0xFED991E800005000 =  *((intOrPtr*)(0xfed991e800005000)) + dil;
				E00007FF67FF600A84950(_t312, _t452,  *_t450);
				 *(_v4 + 0x50) = _t452;
				 *(_v4 + 0x58) =  &(( *(_v4 + 0x50))[0x800]);
				_t457 =  *(_v4 + 0x50);
				 *((intOrPtr*)(_t457 - 0x75)) =  *((intOrPtr*)(_t457 - 0x75)) + _t312;
				_t457[1] = 0x1ffa;
				if ((_v4 & 0x00000002) != 0) goto 0xa97057;
				goto 0xa97434;
				if ((_v4 & 0x00000010) != 0) goto 0xa97422;
				_t462 =  *((intOrPtr*)(_t580 + 0xa60));
				if ( *((long long*)(_t462 + 0x68)) == 0) goto 0xa97422;
				r8d = 0x10;
				E00007FF67FF600A7C440("\"&g\nfg{199U",  &_v444);
				r8d = 0;
				E00007FF67FF600A7F640(E00007FF67FF600A7E210(_t312, _t313, _t580 + 0x880, _t462, _t580 + 0x40), _t580 + 0x880);
				GetModuleHandleW(_t457);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x68)) != _t462) goto 0xa970da;
				 *((long long*)(_t580 + 0xa34)) = 1;
				goto 0xa970e5;
				 *((long long*)(_t580 + 0xa34)) = 0;
				 *( *((intOrPtr*)(_t580 + 0xa60)) + 0x74) = _t312;
				 *((long long*)(_t580 + 0x8a8)) = 0;
				if (( *( *((intOrPtr*)(_t580 + 0xa60)) + 0x74) & 0x000000ff) == 0) goto 0xa9713d;
				if ((_v4 & 0x00000080) == 0) goto 0xa9713d;
				_t468 =  *((intOrPtr*)(_t580 + 0xa60));
				_t291 = E00007FF67FF600A885C0(_t468,  *((intOrPtr*)(_t468 + 0x68)));
				 *((long long*)(_t580 + 0x8a8)) = _t468;
				if (( *( *((intOrPtr*)(_t580 + 0xa60)) + 0x74) & 0x000000ff) == 0) goto 0xa9715c;
				if ( *((long long*)(_t580 + 0x8a8)) == 0) goto 0xa973e4;
				 *((long long*)(_t580 + 0x9d0)) =  *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x90));
				 *((long long*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x90)) = 0;
				_t474 =  *((intOrPtr*)(_t580 + 0xa60));
				_t292 = E00007FF67FF600A9F870(_t291,  *((intOrPtr*)(_t580 + 0x9d0)),  *((intOrPtr*)(_t474 + 0x78)));
				r8d = 0x20;
				asm("ror byte [ecx], 1");
				 *_t474 =  *_t474 + _t292;
				VirtualProtect(??, ??, ??, ??);
				 *0xb34f58 = 0x7ff600a7c360;
				E00007FF67FF600A87240(0x7ff600a7c360, 0xb0d0d8, 0xb0d09c,  *((intOrPtr*)(_t580 + 0x9d0)), _t580 + 0x8c0);
				asm("ror byte [eax], 0x0");
				 *((long long*)(_t580 + 0x30)) = 0x7ff600a7c360;
				if ( *((long long*)(_t580 + 0x30)) == 0) goto 0xa9727d;
				 *((long long*)(_t580 + 0x20)) = 0;
				r9d = 0;
				r8d = 0;
				dil = 0;
				asm("adc eax, 0x700e9");
				_v140 = 0x7ff600a7c360;
				if (_v140 == 0) goto 0xa97269;
				 *_v140 =  *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x78));
				UnmapViewOfFile(??);
				goto 0xa9727d;
				CloseHandle(??);
				 *((long long*)(_t580 + 0x30)) = 0;
				if ( *((long long*)(_t580 + 0x30)) == 0) goto 0xa97374;
				_t478 =  *((intOrPtr*)(_t580 + 0xa60));
				E00007FF67FF600A88920(_t313,  *((intOrPtr*)(_t478 + 0x68)),  *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x78)),  *((intOrPtr*)(_t580 + 0x9d0)),  *((intOrPtr*)(_t580 + 0x8a8)));
				if (_t478 == 0) goto 0xa97374;
				 *((char*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x75)) = 1;
				if (( *( *((intOrPtr*)(_t580 + 0xa60)) + 0x74) & 0x000000ff) == 0) goto 0xa9732b;
				r8d = 0x10;
				E00007FF67FF600A7C440("\"&g\nfg{199U", _t580 + 0xa10);
				r8d = 0;
				E00007FF67FF600A7F640(E00007FF67FF600A7E210(_t312, _t313,  &_v132,  *( *((intOrPtr*)(_t580 + 0xa60)) + 0x74) & 0x000000ff,  *((intOrPtr*)(_t580 + 0x9d0))),  &_v132);
				LoadLibraryW(??);
				E00007FF67FF600A7E460( &_v132);
				E00007FF67FF600A88DE0( *((intOrPtr*)( *((intOrPtr*)(_t580 + 0xa60)) + 0x78)),  *((intOrPtr*)(_t580 + 0x9d0)));
				goto 0xa97346;
				 *_a4 =  *((intOrPtr*)(_t580 + 0x9d0));
				 *_a20 = 1;
				 *_a12 = 0;
				goto 0xa973e2;
				if ( *((long long*)(_t580 + 0x30)) == 0) goto 0xa97390;
				CloseHandle(??);
				 *((long long*)(_t580 + 0x30)) = 0;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				if ( *_a12 != 0) goto 0xa973c1;
				 *_a12 = 0x770002;
				 *((long long*)(_t580 + 0xa20)) = 0;
				E00007FF67FF600A7E460(_t580 + 0x880);
				goto 0xa97439;
				goto 0xa97413;
				 *_a12 = 0x770002;
				 *((long long*)(_t580 + 0xa24)) = 0;
				E00007FF67FF600A7E460(_t580 + 0x880);
				goto 0xa97439;
				_t309 = E00007FF67FF600A7E460(_t580 + 0x880);
				goto 0xa97434;
				 *_a12 = 0x770002;
				goto 0xa97439;
				_t457[0x2f] = _t457[0x2f] + _t311;
				return _t309 |  *0x1;
			}








































































                                                0x7ff600a96a10
                                                0x7ff600a96a10
                                                0x7ff600a96a15
                                                0x7ff600a96a1a
                                                0x7ff600a96a1e
                                                0x7ff600a96a25
                                                0x7ff600a96a2c
                                                0x7ff600a96a3c
                                                0x7ff600a96a41
                                                0x7ff600a96a50
                                                0x7ff600a96a53
                                                0x7ff600a96a5d
                                                0x7ff600a96a61
                                                0x7ff600a96a67
                                                0x7ff600a96a6c
                                                0x7ff600a96a73
                                                0x7ff600a96a7c
                                                0x7ff600a96a81
                                                0x7ff600a96a8a
                                                0x7ff600a96a8f
                                                0x7ff600a96aa0
                                                0x7ff600a96aad
                                                0x7ff600a96ac3
                                                0x7ff600a96ad0
                                                0x7ff600a96ae0
                                                0x7ff600a96b00
                                                0x7ff600a96b0f
                                                0x7ff600a96b1e
                                                0x7ff600a96b2d
                                                0x7ff600a96b3c
                                                0x7ff600a96b4b
                                                0x7ff600a96b55
                                                0x7ff600a96b5a
                                                0x7ff600a96b64
                                                0x7ff600a96b69
                                                0x7ff600a96b8c
                                                0x7ff600a96b8e
                                                0x7ff600a96b99
                                                0x7ff600a96b9b
                                                0x7ff600a96bad
                                                0x7ff600a96bb1
                                                0x7ff600a96bb5
                                                0x7ff600a96bbe
                                                0x7ff600a96bc5
                                                0x7ff600a96bd0
                                                0x7ff600a96bd3
                                                0x7ff600a96bd8
                                                0x7ff600a96beb
                                                0x7ff600a96bf7
                                                0x7ff600a96bfe
                                                0x7ff600a96c0e
                                                0x7ff600a96c1a
                                                0x7ff600a96c21
                                                0x7ff600a96c23
                                                0x7ff600a96c2d
                                                0x7ff600a96c41
                                                0x7ff600a96c53
                                                0x7ff600a96c69
                                                0x7ff600a96c80
                                                0x7ff600a96c97
                                                0x7ff600a96caa
                                                0x7ff600a96cbd
                                                0x7ff600a96cce
                                                0x7ff600a96ce1
                                                0x7ff600a96ce3
                                                0x7ff600a96cfd
                                                0x7ff600a96d05
                                                0x7ff600a96d18
                                                0x7ff600a96d2f
                                                0x7ff600a96d42
                                                0x7ff600a96d55
                                                0x7ff600a96d66
                                                0x7ff600a96d79
                                                0x7ff600a96d7b
                                                0x7ff600a96d96
                                                0x7ff600a96d9e
                                                0x7ff600a96db4
                                                0x7ff600a96dc0
                                                0x7ff600a96dcf
                                                0x7ff600a96ddf
                                                0x7ff600a96dec
                                                0x7ff600a96dfb
                                                0x7ff600a96e11
                                                0x7ff600a96e16
                                                0x7ff600a96e1d
                                                0x7ff600a96e2c
                                                0x7ff600a96e31
                                                0x7ff600a96e40
                                                0x7ff600a96e45
                                                0x7ff600a96e50
                                                0x7ff600a96e5c
                                                0x7ff600a96e6b
                                                0x7ff600a96e79
                                                0x7ff600a96e87
                                                0x7ff600a96e9d
                                                0x7ff600a96ea9
                                                0x7ff600a96eb8
                                                0x7ff600a96ec8
                                                0x7ff600a96ed5
                                                0x7ff600a96ee0
                                                0x7ff600a96ef2
                                                0x7ff600a96ef7
                                                0x7ff600a96efe
                                                0x7ff600a96f0d
                                                0x7ff600a96f12
                                                0x7ff600a96f21
                                                0x7ff600a96f26
                                                0x7ff600a96f28
                                                0x7ff600a96f2a
                                                0x7ff600a96f2c
                                                0x7ff600a96f2e
                                                0x7ff600a96f3b
                                                0x7ff600a96f49
                                                0x7ff600a96f5f
                                                0x7ff600a96f6c
                                                0x7ff600a96f73
                                                0x7ff600a96f8a
                                                0x7ff600a96f90
                                                0x7ff600a96fa4
                                                0x7ff600a96faa
                                                0x7ff600a96fbe
                                                0x7ff600a96fc1
                                                0x7ff600a96fc6
                                                0x7ff600a96fc9
                                                0x7ff600a96fd5
                                                0x7ff600a96fd9
                                                0x7ff600a96fda
                                                0x7ff600a96fdc
                                                0x7ff600a96fe2
                                                0x7ff600a96fef
                                                0x7ff600a9700d
                                                0x7ff600a97019
                                                0x7ff600a97038
                                                0x7ff600a9703d
                                                0x7ff600a97050
                                                0x7ff600a97052
                                                0x7ff600a97063
                                                0x7ff600a97069
                                                0x7ff600a97076
                                                0x7ff600a9707c
                                                0x7ff600a97091
                                                0x7ff600a97096
                                                0x7ff600a970b1
                                                0x7ff600a970b9
                                                0x7ff600a970cb
                                                0x7ff600a970cd
                                                0x7ff600a970d8
                                                0x7ff600a970da
                                                0x7ff600a970f5
                                                0x7ff600a970f8
                                                0x7ff600a97112
                                                0x7ff600a97122
                                                0x7ff600a97124
                                                0x7ff600a97130
                                                0x7ff600a97135
                                                0x7ff600a9714b
                                                0x7ff600a97156
                                                0x7ff600a9716b
                                                0x7ff600a9717b
                                                0x7ff600a97186
                                                0x7ff600a9719a
                                                0x7ff600a971a7
                                                0x7ff600a971b6
                                                0x7ff600a971b8
                                                0x7ff600a971ba
                                                0x7ff600a971c7
                                                0x7ff600a971ec
                                                0x7ff600a971fa
                                                0x7ff600a97204
                                                0x7ff600a9720e
                                                0x7ff600a97210
                                                0x7ff600a97219
                                                0x7ff600a9721c
                                                0x7ff600a97228
                                                0x7ff600a9722a
                                                0x7ff600a9722f
                                                0x7ff600a97240
                                                0x7ff600a97256
                                                0x7ff600a97261
                                                0x7ff600a97267
                                                0x7ff600a9726e
                                                0x7ff600a97274
                                                0x7ff600a97283
                                                0x7ff600a972a5
                                                0x7ff600a972b1
                                                0x7ff600a972b8
                                                0x7ff600a972c6
                                                0x7ff600a972d8
                                                0x7ff600a972da
                                                0x7ff600a972ef
                                                0x7ff600a972f4
                                                0x7ff600a9730f
                                                0x7ff600a97317
                                                0x7ff600a97325
                                                0x7ff600a9733f
                                                0x7ff600a97344
                                                0x7ff600a97356
                                                0x7ff600a97361
                                                0x7ff600a9736c
                                                0x7ff600a97372
                                                0x7ff600a9737a
                                                0x7ff600a97381
                                                0x7ff600a97387
                                                0x7ff600a97390
                                                0x7ff600a973a0
                                                0x7ff600a973b1
                                                0x7ff600a973bb
                                                0x7ff600a973c1
                                                0x7ff600a973d4
                                                0x7ff600a973e0
                                                0x7ff600a973e2
                                                0x7ff600a973ec
                                                0x7ff600a973f2
                                                0x7ff600a97405
                                                0x7ff600a97411
                                                0x7ff600a9741b
                                                0x7ff600a97420
                                                0x7ff600a9742a
                                                0x7ff600a97432
                                                0x7ff600a9743f
                                                0x7ff600a97442

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeHandle$CloseFileView$LibraryLoadModuleProtectUnmap
                                                • String ID: "&gfg{199U
                                                • API String ID: 2445965988-1540094513
                                                • Opcode ID: 084010cdcc4275d3bc0de5df5da142a1bc8806fcd608ebec95081a5ccf7a52d6
                                                • Instruction ID: 7da976e5c7f9313214c7c8eb05c56006f10c7242e0b7c0ebc55e593c9f0b4b64
                                                • Opcode Fuzzy Hash: 084010cdcc4275d3bc0de5df5da142a1bc8806fcd608ebec95081a5ccf7a52d6
                                                • Instruction Fuzzy Hash: 0C42F52271CBC595EB709B15E4947AEB7A0FB85B80F644032DA8D83BAADF3DD540CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A77D28 Relevance: 19.6, APIs: 13, Instructions: 84synchronizationthreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Handle$Close$FreeLocal$CriticalSection$CurrentEventObjectProcessSingleWait$DeleteDuplicateEnterLeaveTerminateThread
                                                • String ID:
                                                • API String ID: 797835652-0
                                                • Opcode ID: ba6996561172ff0a52ad96c7049039511a6abc1e4993c0948fe713ffbf5a0057
                                                • Instruction ID: 04cba09858745a3d7d6a888799212152ba1b08d5135ae9a7bb1f76b161e795ce
                                                • Opcode Fuzzy Hash: ba6996561172ff0a52ad96c7049039511a6abc1e4993c0948fe713ffbf5a0057
                                                • Instruction Fuzzy Hash: 5A517536A0CA8596DB60CB15E99436EB7B0FBC9B45F604036DA8E837A9DF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A724B0 Relevance: 19.6, APIs: 13, Instructions: 63memorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: DesktopLocal$AllocCloseErrorFreeInformationLastObjectThreadUser$CurrentInputOpen
                                                • String ID:
                                                • API String ID: 1978121797-0
                                                • Opcode ID: b302c58580c16934b15d209402394d28379e8ab35345b6eb3cecc0f04bd73583
                                                • Instruction ID: 464dc0d8ada24d2358ce70d0eede93b4cf36cd22e8816e46d9c9d49594b81575
                                                • Opcode Fuzzy Hash: b302c58580c16934b15d209402394d28379e8ab35345b6eb3cecc0f04bd73583
                                                • Instruction Fuzzy Hash: 4B31E576A1CA8197E7509B55E85462AF760FBC6B51F204035EA8F83B6CDF7EE444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A855FF Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 232memorysleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual$Sleep
                                                • String ID: 2
                                                • API String ID: 150461686-450215437
                                                • Opcode ID: c38ab163e044a62b1c42ce02142f10ece5644e0f8124f2a20cba57864aa10943
                                                • Instruction ID: e8dcbc390324ecb0a90cc2aba4c0e1376c18d94925cee99dda03142ea6215a20
                                                • Opcode Fuzzy Hash: c38ab163e044a62b1c42ce02142f10ece5644e0f8124f2a20cba57864aa10943
                                                • Instruction Fuzzy Hash: 5ED1E976A0DBC195EB70CB15E4983AAA7A0FBC5740F604136DA8E87BA9DF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A73A80 Relevance: 18.1, APIs: 12, Instructions: 73memorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentErrorLastProcess$HandleHeapKernelObjectSecurity$AllocCloseDuplicateThread
                                                • String ID:
                                                • API String ID: 2493794345-0
                                                • Opcode ID: 14c7a4974aeb5c23a477dd434294ad2e41b30fcb76a0dad9b2f6ffa1d08adecb
                                                • Instruction ID: 322f67a7843f94d10709afd6bdcfbefe9fed775a1eaf4a352a5a35760dd13aa6
                                                • Opcode Fuzzy Hash: 14c7a4974aeb5c23a477dd434294ad2e41b30fcb76a0dad9b2f6ffa1d08adecb
                                                • Instruction Fuzzy Hash: 4F31D97690CB8196E7609B55F44432AB7A0F7C6B94F604135EA8E83BACCF7DE548CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA0B50 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 139libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AddressByteCharFreeLibraryMultiProcWide$FromListLoadMallocPathTask
                                                • String ID: SHGetKnownFolderPath$SHGetSpecialFolderPathA$shell32.dll
                                                • API String ID: 2053887120-2979111280
                                                • Opcode ID: 31cbbfeac81d02803513e3b2b7d32a6e75cb0e4a3d640461cb85e3c98549a0fc
                                                • Instruction ID: f8dea891864fd965e33864598b9bade6e69ede1cb31278820b5dae90ae616484
                                                • Opcode Fuzzy Hash: 31cbbfeac81d02803513e3b2b7d32a6e75cb0e4a3d640461cb85e3c98549a0fc
                                                • Instruction Fuzzy Hash: EA511C23B0CB42A1EB619F65E480579A361AF46BA4F744032D90E877ADCF7DF845C710
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A849A0 Relevance: 16.9, APIs: 11, Instructions: 417memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 45%
                                                			E00007FF67FF600A849A0(void* __ecx, void* __edx, long long __rax, long long __rcx, void* __r8, long long _a8) {
				void* _v24;
				long long _v32;
				signed long long _v56;
				void* _v64;
				signed long long _v72;
				signed long long _v80;
				signed long long _v88;
				signed long long _v96;
				signed long long _v104;
				signed long long _v112;
				signed long long _v120;
				void* _v128;
				signed long long _v136;
				signed long long _v144;
				signed long long _v152;
				signed long long _v160;
				signed long long _v168;
				signed long long _v176;
				signed long long _v184;
				void* _v188;
				long long _v224;
				long long _v232;
				void* _v240;
				signed long long _v248;
				signed int _v256;
				signed int _v264;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed long long _v288;
				signed int _v296;
				char _v304;
				long long _v308;
				char _v312;
				void* _v320;
				long long _v328;
				intOrPtr _v336;
				long long _v344;
				long long _v352;
				long long _v360;
				intOrPtr _v368;
				void* _v376;
				signed int _t235;
				void* _t239;
				signed char _t240;
				void* _t242;
				void* _t248;
				void* _t249;
				void* _t250;
				signed long long _t266;
				signed long long _t267;
				intOrPtr _t271;
				void* _t278;
				void* _t284;
				signed char _t285;
				signed long long _t289;
				void* _t293;
				intOrPtr* _t299;
				intOrPtr* _t301;
				intOrPtr* _t304;
				intOrPtr* _t309;
				void* _t319;
				void* _t320;
				void* _t321;
				void* _t323;
				void* _t324;

				_t246 = __ecx;
				_a8 = __rcx;
				E00007FF67FF600A727D0(__ecx, __edx, __rax, __r8);
				if (__rax != 0) goto 0xa852f7;
				GetLastError();
				_v328 = __rax;
				if (_a8 == 0) goto 0xa852eb;
				if ( *0xb35028 == 0) goto 0xa849f8;
				_t235 = E00007FF67FF600A9E370(__ecx);
				if (__rax - 0x32 > 0) goto 0xa849f8;
				_v32 = 0;
				goto 0xa84a03;
				_v32 = 1;
				_v296 = _t235;
				_v288 = 0;
				_t266 = _v296 & 0x000000ff;
				if (_t266 != 0) goto 0xa84a64;
				dil = dil + dil;
				asm("adc eax, 0x82807");
				_v288 = _t266;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				if (_t266 != 0) goto 0xa84a5a;
				_v296 = 1;
				goto 0xa84a64;
				E00007FF67FF600ACFCA4(_t266, _v288);
				_t267 = _v296 & 0x000000ff;
				if (_t267 == 0) goto 0xa84a79;
				GetTickCount();
				 *0xb35028 = _t267;
				_v320 = 0;
				_v312 = 0;
				_v308 = 0;
				_v304 = 0;
				EnterCriticalSection(??);
				_v276 = 0;
				_v276 = _v276 + 1;
				_t271 =  *0xb34fe0; // 0x1ef10f4a340
				_v240 =  *((intOrPtr*)(_t271 + 8));
				if (_v276 - _v240 >= 0) goto 0xa84c34;
				_t299 =  *0xb34fe0; // 0x1ef10f4a340
				_v232 = _v276 * 0x248 +  *_t299;
				_t278 = _v232 + 0x10;
				_t239 = E00007FF67FF600ACF440(_t246, __edx, _t278, 0xb099be);
				if (_t278 == 0) goto 0xa84c2f;
				_v272 = 0;
				if ((_v296 & 0x000000ff) != 0) goto 0xa84bd0;
				_t301 =  *0xb34fe0; // 0x1ef10f4a340
				_v224 = _v276 * 0x248 +  *_t301;
				_t284 = _v224 + 0x10;
				_t240 = E00007FF67FF600ACF830(_t239, _t284);
				_t285 = _t284 + _t284 + 2;
				 *_t285 =  *_t285 | _t240;
				_v272 = _t285;
				_t304 =  *0xb34fe0; // 0x1ef10f4a340
				E00007FF67FF600A7C8C0( *_t304 + 0x10 + _v276 * 0x248, _v272);
				_t242 = E00007FF67FF600ACFCA4( *_t304 + 0x10 + _v276 * 0x248, _v272);
				_t289 = _v296 & 0x000000ff;
				if (_t289 != 0) goto 0xa84bf0;
				E00007FF67FF600AA82B8(_t242, _t246, _t293, _v288, _v272, _t319, _t320, _t321, _t323, _t324);
				if (_t289 == 0) goto 0xa84c16;
				_t309 =  *0xb34fe0; // 0x1ef10f4a340
				E00007FF67FF600A86370(_t248, _t249, _t250,  &_v320, _v276 * 0x248 +  *_t309);
				if (_v272 == 0) goto 0xa84c2f;
				LocalFree(??);
				goto L1;
				__rcx = 0xb34fb0;
				LeaveCriticalSection(??);
				if (_v288 == 0) goto 0xa84c54;
				__rcx = _v288;
				__eax = LocalFree(??);
				_v280 = 0;
				_v264 = 0;
				_v264 = _v264 + 1;
				_v264 = _v264 + 1;
				__rax = _v312;
				_v188 = _v312;
				__rax = _v188;
				if (_v264 - _v188 >= 0) goto 0xa852d0;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v184 = _v320 + _v264 * 0x248;
				_v184 = _v184 + 0x10;
				__rdx = 0xb099be;
				__rcx = _v184 + 0x10;
				__eax = E00007FF67FF600ACF440(__ecx, __edx, _v184 + 0x10, 0xb099be);
				if (__rax == 0) goto 0xa852cb;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x228 + _v264 * 0x248)) == 0) goto 0xa84e01;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				__rcx = _v320 + _v264 * 0x248;
				__rax = __rcx;
				_v176 = __rcx;
				__rax = _v176;
				__rax =  *((intOrPtr*)(_v176 + 0x228));
				__rdx = 0x6;
				__eax = E00007FF67FF600A754F0(__rax, __rcx, 0x6);
				if (__rax != 0) goto 0xa84e01;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v168 = _v320 + _v264 * 0x248;
				_v168 =  *(_v168 + 0x228);
				__rax =  *((intOrPtr*)( *(_v168 + 0x228) + 0x30));
				_v264 = _v264 * 0x248;
				__rdx = _v320;
				 *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248)) =  *((intOrPtr*)( *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248)) + 0x38));
				if ( *((intOrPtr*)( *((intOrPtr*)( *(_v168 + 0x228) + 0x30)))) !=  *((intOrPtr*)( *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248)) + 0x38))) goto 0xa84e01;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v160 = _v320 + _v264 * 0x248;
				_v160 =  *(_v160 + 0x228);
				 *((intOrPtr*)( *(_v160 + 0x228) + 0x30)) =  *( *((intOrPtr*)( *(_v160 + 0x228) + 0x30)) + 4) & 0x0000ffff;
				_v264 = _v264 * 0x248;
				__rdx = _v320;
				 *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248)) =  *( *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248)) + 0x3c) & 0x0000ffff;
				if (( *( *((intOrPtr*)( *(_v160 + 0x228) + 0x30)) + 4) & 0x0000ffff) == ( *( *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248)) + 0x3c) & 0x0000ffff)) goto 0xa852cb;
				__rax = _v280 & 0x000000ff;
				if ((_v280 & 0x000000ff) != 0) goto 0xa84e1a;
				_v280 = 1;
				__eax = E00007FF67FF600A87C40();
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v152 = _v320 + _v264 * 0x248;
				__rax = _v152;
				__rax = _v152 + 0x10;
				__rcx = __rax;
				__eax = GetModuleHandleA(??);
				_v248 = __rax;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x218 + _v264 * 0x248)) == 0) goto 0xa84ec6;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v144 = _v320 + _v264 * 0x248;
				__rax = _v144;
				__rdx =  *((intOrPtr*)(__rax + 0x218));
				__rcx = _v248;
				__eax = E00007FF67FF600A7AF30(__edx, __rax, _v248);
				__rcx = __rax;
				__eax = E00007FF67FF600A88F70(__rax);
				_v256 = __rax;
				goto 0xa84f1c;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v136 = _v320 + _v264 * 0x248;
				__rax = _v136;
				__rax = _v136 + 0x114;
				r8d = 1;
				__rdx = __rax;
				__rcx = _v248;
				__eax = E00007FF67FF600A7AB10(__edx, __rax, _v248, __rax);
				__rcx = __rax;
				__eax = E00007FF67FF600A88F70(__rax);
				_v256 = __rax;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x228 + _v264 * 0x248)) != 0) goto 0xa84f46;
				if (_v248 != 0) goto 0xa84f93;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x228 + _v264 * 0x248)) == 0) goto 0xa85178;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				__rdx = _v256;
				if ( *((intOrPtr*)(__rcx + 0x220 + _v264 * 0x248)) == _v256) goto 0xa85178;
				_v264 = _v264 * 0x248;
				r8d = 1;
				__rdx = 0x1;
				_pop(__rax);
				__eax = E00007FF67FF600A843F0(__edx, __rcx);
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v120 = _v312 + _v256 * 0x248;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v112 = _v312 + _v256 * 0x248;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v104 = _v312 + _v256 * 0x248;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v96 = _v312 + _v256 * 0x248;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v88 = _v312 + _v256 * 0x248;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v80 = _v312 + _v256 * 0x248;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v72 = _v312 + _v256 * 0x248;
				_v80 = _v80 + 0x114;
				_v72 = _v72 + 0x10;
				_v256 = _v256 * 0x248;
				 *(__rsp + 0x180) = _v256 * 0x248;
				__r8 = _v120;
				r8d =  *((intOrPtr*)(_v120 + 0x244));
				_v328 = r8d;
				__r8 = _v112;
				r8d =  *((intOrPtr*)(_v112 + 0x240));
				_v336 = r8d;
				_v104 =  *(_v104 + 0x230);
				_v344 =  *(_v104 + 0x230);
				_v96 =  *(_v96 + 0x238);
				_v352 =  *(_v96 + 0x238);
				__r8 = _v248;
				_v360 = _v248;
				__r8 = _v88;
				r8d =  *((intOrPtr*)(_v88 + 0x218));
				_v368 = r8d;
				__r9 = _v80 + 0x114;
				__r8 = _v72 + 0x10;
				__rdx = _v240;
				__rax = _v312;
				__rcx =  *(__rsp + 0x180);
				__rcx =  *((intOrPtr*)(__rax +  *(__rsp + 0x180)));
				__eax = E00007FF67FF600A83D70(__rax,  *((intOrPtr*)(__rax +  *(__rsp + 0x180))), _v240, _v72 + 0x10, _v80 + 0x114);
				goto 0xa852cb;
				__rax = _v256;
				__rax = _v256 * 0x248;
				__rcx = _v312;
				if ( *((long long*)(_v312 + __rax + 0x228)) == 0) goto 0xa852cb;
				__rcx = 0x9;
				 *((long long*)(__rax - 0x7b)) =  *((long long*)(__rax - 0x7b)) - 1;
				asm("ror byte [edi], 0x85");
				asm("cld");
				 *__rax =  *__rax + __al;
				 *((intOrPtr*)(__rax + 0x63)) =  *((intOrPtr*)(__rax + 0x63)) + __cl;
				 *__rax =  *__rax + __al;
				 *((intOrPtr*)(__rax + 0x69)) =  *((intOrPtr*)(__rax + 0x69)) + __cl;
				asm("ror byte [eax+0x2], 0x0");
				 *((intOrPtr*)(__rax - 0x75)) =  *((intOrPtr*)(__rax - 0x75)) + __cl;
				__al = __al & 0x00000058;
				__rcx = 0x9 + __rax;
				__rax = 0x9;
				_v64 = 0x9;
				__rax = _v64;
				__rax =  *((intOrPtr*)(_v64 + 0x228));
				__rdx = 0x6;
				__eax = E00007FF67FF600A754F0(__rax, __rcx, 0x6);
				if (__rax != 0) goto 0xa852cb;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				_v56 = _v312 + _v256 * 0x248;
				_v56 =  *(_v56 + 0x228);
				__rax =  *((intOrPtr*)( *(_v56 + 0x228) + 0x30));
				_v256 = _v256 * 0x248;
				__rdx = _v312;
				 *((intOrPtr*)(_v312 + 0x228 + _v256 * 0x248)) =  *((intOrPtr*)( *((intOrPtr*)(_v312 + 0x228 + _v256 * 0x248)) + 0x3e));
				if ( *((intOrPtr*)( *((intOrPtr*)( *(_v56 + 0x228) + 0x30)))) !=  *((intOrPtr*)( *((intOrPtr*)(_v312 + 0x228 + _v256 * 0x248)) + 0x3e))) goto 0xa852cb;
				_v256 = _v256 * 0x248;
				_v312 = _v312 + _v256 * 0x248;
				__rax = _v312 + _v256 * 0x248;
				 *(__rsp + 0x160) = _v312 + _v256 * 0x248;
				 *(__rsp + 0x160) =  *( *(__rsp + 0x160) + 0x228);
				 *((intOrPtr*)( *( *(__rsp + 0x160) + 0x228) + 0x30)) =  *( *((intOrPtr*)( *( *(__rsp + 0x160) + 0x228) + 0x30)) + 4) & 0x0000ffff;
				_v256 = _v256 * 0x248;
				__rdx = _v312;
				 *((intOrPtr*)(_v312 + 0x228 + _v256 * 0x248)) =  *( *((intOrPtr*)(_v312 + 0x228 + _v256 * 0x248)) + 0x42) & 0x0000ffff;
				if (( *( *((intOrPtr*)( *( *(__rsp + 0x160) + 0x228) + 0x30)) + 4) & 0x0000ffff) != ( *( *((intOrPtr*)(_v312 + 0x228 + _v256 * 0x248)) + 0x42) & 0x0000ffff)) goto 0xa852cb;
				__rax = _v256;
				__rax = _v256 * 0x248;
				__rcx = _v312;
				__rcx =  *((intOrPtr*)(_v312 + __rax + 0x230));
				__eax = E00007FF67FF600A83B00(__rax,  *((intOrPtr*)(_v312 + __rax + 0x230)));
				goto L2;
				__rax = _v272 & 0x000000ff;
				if ((_v272 & 0x000000ff) == 0) goto 0xa852e1;
				__eax = E00007FF67FF600A87C60();
				__rcx =  &_v312;
				__eax = E00007FF67FF600A865B0( &_v312);
				__rcx = _v320;
				SetLastError(??);
				goto 0xa852f7;
				return __eax;
			}





































































                                                0x7ff600a849a0
                                                0x7ff600a849a0
                                                0x7ff600a849ac
                                                0x7ff600a849b3
                                                0x7ff600a849b9
                                                0x7ff600a849bf
                                                0x7ff600a849cc
                                                0x7ff600a849d9
                                                0x7ff600a849e1
                                                0x7ff600a849e9
                                                0x7ff600a849eb
                                                0x7ff600a849f6
                                                0x7ff600a849f8
                                                0x7ff600a84a0b
                                                0x7ff600a84a0f
                                                0x7ff600a84a18
                                                0x7ff600a84a1f
                                                0x7ff600a84a2a
                                                0x7ff600a84a2c
                                                0x7ff600a84a31
                                                0x7ff600a84a36
                                                0x7ff600a84a49
                                                0x7ff600a84a51
                                                0x7ff600a84a53
                                                0x7ff600a84a58
                                                0x7ff600a84a5f
                                                0x7ff600a84a64
                                                0x7ff600a84a6b
                                                0x7ff600a84a6d
                                                0x7ff600a84a73
                                                0x7ff600a84a79
                                                0x7ff600a84a82
                                                0x7ff600a84a8a
                                                0x7ff600a84a92
                                                0x7ff600a84a9e
                                                0x7ff600a84aa5
                                                0x7ff600a84abc
                                                0x7ff600a84ac3
                                                0x7ff600a84acd
                                                0x7ff600a84ae2
                                                0x7ff600a84af7
                                                0x7ff600a84b01
                                                0x7ff600a84b11
                                                0x7ff600a84b1f
                                                0x7ff600a84b26
                                                0x7ff600a84b2c
                                                0x7ff600a84b3f
                                                0x7ff600a84b54
                                                0x7ff600a84b5e
                                                0x7ff600a84b6e
                                                0x7ff600a84b75
                                                0x7ff600a84b7a
                                                0x7ff600a84b8b
                                                0x7ff600a84b8d
                                                0x7ff600a84ba4
                                                0x7ff600a84bbe
                                                0x7ff600a84bcb
                                                0x7ff600a84bd0
                                                0x7ff600a84bd7
                                                0x7ff600a84be6
                                                0x7ff600a84bee
                                                0x7ff600a84bff
                                                0x7ff600a84c11
                                                0x7ff600a84c1f
                                                0x7ff600a84c29
                                                0x7ff600a84c2f
                                                0x7ff600a84c34
                                                0x7ff600a84c3b
                                                0x7ff600a84c47
                                                0x7ff600a84c49
                                                0x7ff600a84c4e
                                                0x7ff600a84c54
                                                0x7ff600a84c5c
                                                0x7ff600a84c70
                                                0x7ff600a84c73
                                                0x7ff600a84c7a
                                                0x7ff600a84c7e
                                                0x7ff600a84c85
                                                0x7ff600a84c93
                                                0x7ff600a84ca1
                                                0x7ff600a84cad
                                                0x7ff600a84cb0
                                                0x7ff600a84cb3
                                                0x7ff600a84cc3
                                                0x7ff600a84cc7
                                                0x7ff600a84cce
                                                0x7ff600a84cd1
                                                0x7ff600a84cd8
                                                0x7ff600a84ce6
                                                0x7ff600a84ced
                                                0x7ff600a84cfb
                                                0x7ff600a84d09
                                                0x7ff600a84d10
                                                0x7ff600a84d15
                                                0x7ff600a84d18
                                                0x7ff600a84d1b
                                                0x7ff600a84d23
                                                0x7ff600a84d2b
                                                0x7ff600a84d32
                                                0x7ff600a84d3b
                                                0x7ff600a84d42
                                                0x7ff600a84d50
                                                0x7ff600a84d5c
                                                0x7ff600a84d5f
                                                0x7ff600a84d62
                                                0x7ff600a84d72
                                                0x7ff600a84d79
                                                0x7ff600a84d85
                                                0x7ff600a84d8c
                                                0x7ff600a84d99
                                                0x7ff600a84d9e
                                                0x7ff600a84da8
                                                0x7ff600a84db4
                                                0x7ff600a84db7
                                                0x7ff600a84dba
                                                0x7ff600a84dca
                                                0x7ff600a84dd5
                                                0x7ff600a84de1
                                                0x7ff600a84de8
                                                0x7ff600a84df5
                                                0x7ff600a84dfb
                                                0x7ff600a84e01
                                                0x7ff600a84e0b
                                                0x7ff600a84e0d
                                                0x7ff600a84e15
                                                0x7ff600a84e22
                                                0x7ff600a84e2e
                                                0x7ff600a84e31
                                                0x7ff600a84e34
                                                0x7ff600a84e3c
                                                0x7ff600a84e44
                                                0x7ff600a84e48
                                                0x7ff600a84e4b
                                                0x7ff600a84e51
                                                0x7ff600a84e61
                                                0x7ff600a84e68
                                                0x7ff600a84e75
                                                0x7ff600a84e7f
                                                0x7ff600a84e8b
                                                0x7ff600a84e8e
                                                0x7ff600a84e91
                                                0x7ff600a84e99
                                                0x7ff600a84ea1
                                                0x7ff600a84ea7
                                                0x7ff600a84eaf
                                                0x7ff600a84eb4
                                                0x7ff600a84eb7
                                                0x7ff600a84ebc
                                                0x7ff600a84ec4
                                                0x7ff600a84ece
                                                0x7ff600a84eda
                                                0x7ff600a84edd
                                                0x7ff600a84ee0
                                                0x7ff600a84ee8
                                                0x7ff600a84ef0
                                                0x7ff600a84ef6
                                                0x7ff600a84efc
                                                0x7ff600a84eff
                                                0x7ff600a84f07
                                                0x7ff600a84f0c
                                                0x7ff600a84f0f
                                                0x7ff600a84f14
                                                0x7ff600a84f24
                                                0x7ff600a84f2b
                                                0x7ff600a84f39
                                                0x7ff600a84f44
                                                0x7ff600a84f4e
                                                0x7ff600a84f55
                                                0x7ff600a84f63
                                                0x7ff600a84f71
                                                0x7ff600a84f78
                                                0x7ff600a84f7d
                                                0x7ff600a84f8d
                                                0x7ff600a84f9b
                                                0x7ff600a84fa2
                                                0x7ff600a84fa8
                                                0x7ff600a84fb1
                                                0x7ff600a84fba
                                                0x7ff600a84fc7
                                                0x7ff600a84fd3
                                                0x7ff600a84fd6
                                                0x7ff600a84fd9
                                                0x7ff600a84fe9
                                                0x7ff600a84ff5
                                                0x7ff600a84ff8
                                                0x7ff600a84ffb
                                                0x7ff600a8500b
                                                0x7ff600a85017
                                                0x7ff600a8501a
                                                0x7ff600a8501d
                                                0x7ff600a8502d
                                                0x7ff600a85039
                                                0x7ff600a8503c
                                                0x7ff600a8503f
                                                0x7ff600a8504f
                                                0x7ff600a8505b
                                                0x7ff600a8505e
                                                0x7ff600a85061
                                                0x7ff600a85071
                                                0x7ff600a8507d
                                                0x7ff600a85080
                                                0x7ff600a85083
                                                0x7ff600a85093
                                                0x7ff600a8509f
                                                0x7ff600a850a2
                                                0x7ff600a850a5
                                                0x7ff600a850b5
                                                0x7ff600a850c3
                                                0x7ff600a850cf
                                                0x7ff600a850d6
                                                0x7ff600a850de
                                                0x7ff600a850e6
                                                0x7ff600a850ed
                                                0x7ff600a850f2
                                                0x7ff600a850fa
                                                0x7ff600a85101
                                                0x7ff600a8510e
                                                0x7ff600a85115
                                                0x7ff600a85122
                                                0x7ff600a85129
                                                0x7ff600a8512e
                                                0x7ff600a85136
                                                0x7ff600a8513b
                                                0x7ff600a85143
                                                0x7ff600a8514a
                                                0x7ff600a8514f
                                                0x7ff600a85152
                                                0x7ff600a85155
                                                0x7ff600a8515d
                                                0x7ff600a85162
                                                0x7ff600a8516a
                                                0x7ff600a8516e
                                                0x7ff600a85173
                                                0x7ff600a85178
                                                0x7ff600a85180
                                                0x7ff600a85187
                                                0x7ff600a85195
                                                0x7ff600a8519b
                                                0x7ff600a851a4
                                                0x7ff600a851a7
                                                0x7ff600a851aa
                                                0x7ff600a851ab
                                                0x7ff600a851ad
                                                0x7ff600a851b3
                                                0x7ff600a851b5
                                                0x7ff600a851b8
                                                0x7ff600a851bc
                                                0x7ff600a851bf
                                                0x7ff600a851c2
                                                0x7ff600a851c5
                                                0x7ff600a851c8
                                                0x7ff600a851d0
                                                0x7ff600a851d8
                                                0x7ff600a851df
                                                0x7ff600a851e8
                                                0x7ff600a851ef
                                                0x7ff600a851fd
                                                0x7ff600a85209
                                                0x7ff600a8520c
                                                0x7ff600a8520f
                                                0x7ff600a8521f
                                                0x7ff600a85226
                                                0x7ff600a85232
                                                0x7ff600a85239
                                                0x7ff600a85246
                                                0x7ff600a8524b
                                                0x7ff600a85255
                                                0x7ff600a85261
                                                0x7ff600a85264
                                                0x7ff600a85267
                                                0x7ff600a85277
                                                0x7ff600a85282
                                                0x7ff600a8528e
                                                0x7ff600a85295
                                                0x7ff600a852a2
                                                0x7ff600a852a8
                                                0x7ff600a852aa
                                                0x7ff600a852b2
                                                0x7ff600a852b9
                                                0x7ff600a852be
                                                0x7ff600a852c6
                                                0x7ff600a852cb
                                                0x7ff600a852d0
                                                0x7ff600a852da
                                                0x7ff600a852dc
                                                0x7ff600a852e1
                                                0x7ff600a852e6
                                                0x7ff600a852eb
                                                0x7ff600a852ef
                                                0x7ff600a852f5
                                                0x7ff600a852fe

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocCountErrorLastTick$CriticalCurrentEnterFileFreeModuleNameProcessSection
                                                • String ID:
                                                • API String ID: 1060730505-0
                                                • Opcode ID: bee0547ae477b349c0c23e1389f9f64a399d9a0a10bf805c2eabf4dcc3b92129
                                                • Instruction ID: 7252922f54168560ef9a861eea8fb071940af2a999a0328bddc9ef2acda3dfc2
                                                • Opcode Fuzzy Hash: bee0547ae477b349c0c23e1389f9f64a399d9a0a10bf805c2eabf4dcc3b92129
                                                • Instruction Fuzzy Hash: 28322D3260DBC195EBA4CB55E4953BEA7A0FBC9B84F504036DA8D877AADF7CD0508B00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9952B Relevance: 16.7, APIs: 11, Instructions: 165filememorysynchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseHandle$CacheContextCurrentFileFlushInstructionMutexProcessProtectReleaseThreadUnmapViewVirtual
                                                • String ID:
                                                • API String ID: 720865997-0
                                                • Opcode ID: e93c07b3313aa8c34091c4aa5aa9469947b26889c9e106f8d626bc8297830cba
                                                • Instruction ID: 2df340cc13358108c2c80fc808040ce57ca4e3b4ebd20369ae3e5280331d0024
                                                • Opcode Fuzzy Hash: e93c07b3313aa8c34091c4aa5aa9469947b26889c9e106f8d626bc8297830cba
                                                • Instruction Fuzzy Hash: D0A1B83660CBC5D5EB709B19E0983AAB7A0F785B44F50413ACA8D87BA9DF3ED445CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A729D0 Relevance: 16.6, APIs: 11, Instructions: 97COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentProcess$Handle$Duplicate$Close
                                                • String ID:
                                                • API String ID: 2460367780-0
                                                • Opcode ID: 9f6d3992a0016340412eb0c1a2979604ad45c7d61c160ede4df5ff98bee21c35
                                                • Instruction ID: 42a9dc7552d212001127143338366f41f88b34930d3c7541952d46357941a1e1
                                                • Opcode Fuzzy Hash: 9f6d3992a0016340412eb0c1a2979604ad45c7d61c160ede4df5ff98bee21c35
                                                • Instruction Fuzzy Hash: F051C83290CA81D6E7609F65E8443AAB7B0FBC5794F604135E68E82BADDF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8E0B0 Relevance: 16.6, APIs: 11, Instructions: 58serviceCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Service$ErrorLast$Open$CloseHandleManager$QueryStartStatus
                                                • String ID:
                                                • API String ID: 2116210095-0
                                                • Opcode ID: a50e8226779ef91989411fbe9fd4d2c81d9892322ef9375afe8a5266083979f9
                                                • Instruction ID: fd8eb6d748d1bd5931c3e9289850cd80d013baff6d3b7250382497816d412598
                                                • Opcode Fuzzy Hash: a50e8226779ef91989411fbe9fd4d2c81d9892322ef9375afe8a5266083979f9
                                                • Instruction Fuzzy Hash: D031413292C69192E360DB21F84872AB761FB85785F204135E68F82BADDF3DE444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7D1E0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 211COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead$ErrorLast$DirectoryWindows
                                                • String ID: \??\$\SystemRoot\
                                                • API String ID: 3075816565-2587235755
                                                • Opcode ID: 07cb673153ef94fd232611e7033229692c5c876dac8cd3dbd9c801af0df1676b
                                                • Instruction ID: 6566bc5815c06a51bf840a5c0fdc576492f5395e53c800ce9a71d7e48ba54725
                                                • Opcode Fuzzy Hash: 07cb673153ef94fd232611e7033229692c5c876dac8cd3dbd9c801af0df1676b
                                                • Instruction Fuzzy Hash: 65B1C86661CBC196DB608B19E8847AEB7B0FB85B84F104135EA8D87BADDF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A873C0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Initialize$AllocateDescriptorFreeSecurity$AddressDaclHandleModuleProc
                                                • String ID: 41#4%<fg{199U
                                                • API String ID: 174918539-644288483
                                                • Opcode ID: bf574b2b2f38f8eac3c8388624a48e8d472a27eb99ba5fa521db369a933ada40
                                                • Instruction ID: 01cdf1b1a5783a96092409d3ca28c5ce7c109a974ff2bf468770015814f6e94f
                                                • Opcode Fuzzy Hash: bf574b2b2f38f8eac3c8388624a48e8d472a27eb99ba5fa521db369a933ada40
                                                • Instruction Fuzzy Hash: 6F51F37260CBC196E7708F14E4587ABB7A1F785748F604139D68E86BA9DFBED048CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A73230 Relevance: 15.3, APIs: 10, Instructions: 348memoryinjectionCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 28%
                                                			E00007FF67FF600A73230(long long __rax, long long __rcx, long long __rdx, void* __r8, long long __r9, long long _a8, long long _a16, signed int _a24, long long _a32, void* _a40, void* _a48) {
				void* _v16;
				void* _v24;
				long long _v32;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				void* _v72;
				void* _v80;
				void* _v88;
				void* _v96;
				void* _v104;
				void* _v112;
				void* _v120;
				void* _v128;
				void* _v132;
				void* _v136;
				void* _v144;
				void* _v152;
				void* _v160;
				void* _v168;
				void* _v176;
				void* _v184;
				void* _v192;
				void* _v200;
				long long _v208;
				void* _v216;
				void* _v232;
				void* _t257;
				void* _t258;
				void* _t259;
				void* _t260;
				void* _t263;
				void* _t267;
				long long _t283;
				signed long long _t290;
				long long _t293;
				signed long long _t296;
				long long _t460;

				_t283 = __rax;
				_a32 = __r9;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_v32 = _t460;
				_v208 = 0;
				 *((intOrPtr*)(__rax - 0x77)) =  *((intOrPtr*)(__rax - 0x77)) + _t267;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax)) + _t257;
				 *((intOrPtr*)(__rax - 0x7d)) =  *((intOrPtr*)(__rax - 0x7d)) + _t267;
				_t258 = E00007FF67FF600A7FBB0( *0x1F740000000098BC,  *0x1F74000000009934);
				 *0x1F74000000009914 = _t283;
				goto 0xa732a4;
				 *((long long*)(0x1f74000000009914)) = 0;
				 *0x1F74000000009854 =  *((intOrPtr*)(0x1f74000000009914));
				if ( *((long long*)( *((intOrPtr*)(0x1f74000000009854)) + 0xd8)) != 0) goto 0xa732f0;
				SetLastError(??);
				 *((long long*)(0x1f740000000098d4)) = 0;
				_t259 = E00007FF67FF600AA828C(_t258,  *0x1F7400000000990C, E00007FF67FF600A73999);
				if ( *((long long*)( *((intOrPtr*)(0x1f74000000009854)) + 0x110)) != 0) goto 0xa7332f;
				SetLastError(??);
				 *((long long*)(0x1f740000000098dc)) = 0;
				_t260 = E00007FF67FF600AA828C(_t259,  *((intOrPtr*)(0x1f7400000000990c)), E00007FF67FF600A739A3);
				if ( *0x1F74000000009944 != 0) goto 0xa73380;
				_t290 =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x190));
				 *0x1F740000000098FC = _t290;
				if ( *0x1F740000000098FC == 0) goto 0xa73380;
				 *_t290 =  *_t290 | _t290;
				 *((long long*)(0x1f740000000098e4)) = 0;
				E00007FF67FF600AA828C(_t260,  *((intOrPtr*)(0x1f7400000000990c)), E00007FF67FF600A739AD);
				if ( *0x1F7400000000993C != 0) goto 0xa73399;
				GetCurrentProcess();
				 *0x1F7400000000993C = _t290;
				_t293 =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114)) +  *0x1F7400000000995C;
				r8d = 0;
				_t263 = E00007FF67FF600A71000(_t267, _t293,  *0x1F7400000000993C, __r8);
				 *0x1F7400000000987C = _t293;
				if ( *((long long*)(0x1f7400000000987c)) != 0) goto 0xa733ea;
				 *((long long*)(0x1f740000000098ec)) = 0;
				E00007FF67FF600AA828C(_t263,  *((intOrPtr*)(0x1f7400000000990c)), E00007FF67FF600A739B7);
				_t296 =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114)) +  *((intOrPtr*)(0x1f7400000000995c));
				 *_t296 =  *_t296 | _t296;
				 *0x1F74000000009884 = _t296;
				if ( *0x1F74000000009884 != 0) goto 0xa73439;
				 *((long long*)(0x1f740000000098f4)) = 0;
				E00007FF67FF600AA828C(_t296,  *((intOrPtr*)(0x1f7400000000990c)), E00007FF67FF600A739C1);
				 *((long long*)(0x1f7400000000988c)) =  *0x1F74000000009884 +  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xf0)) +  *((intOrPtr*)(0x1f7400000000995c)) + 8;
				 *((long long*)(0x1f74000000009864)) =  *((intOrPtr*)(0x1f7400000000987c)) +  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xf0)) +  *((intOrPtr*)(0x1f7400000000995c)) + 8;
				 *((long long*)(0x1f7400000000989c)) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xe8)) -  *0x1F74000000009884;
				 *((long long*)(0x1f7400000000986c)) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xe8)) -  *((intOrPtr*)(0x1f7400000000987c));
				E00007FF67FF600AA7840();
				 *0x1F740000000098A4 = 0;
				 *0x1F740000000098A4 =  *0x1F740000000098A4 + 1;
				 *((long long*)(0x1f74000000009900)) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x178));
				if ( *0x1F740000000098A4 -  *((intOrPtr*)(0x1f74000000009900)) >= 0) goto 0xa7381e;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x18 +  *0x1F740000000098A4 * 0x40)) == 0) goto 0xa73819;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x28 +  *0x1F740000000098A4 * 0x40)) != 0) goto 0xa7358e;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x30 +  *0x1F740000000098A4 * 0x40)) == 0) goto 0xa73819;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x20 +  *0x1F740000000098A4 * 0x40)) == 0) goto 0xa736a8;
				 *((long long*)(0x1f740000000098ac)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x28 +  *0x1F740000000098A4 * 0x40));
				 *0x1F740000000098A8 =  *((intOrPtr*)(0x1f74000000009864)) -  *((intOrPtr*)(0x1f740000000098ac)) + 4 -  *((intOrPtr*)(0x1f7400000000986c));
				 *((short*)( *((intOrPtr*)(0x1f7400000000988c)))) = 0x25ff;
				 *((long long*)(0x1f7400000000988c)) =  *((intOrPtr*)(0x1f7400000000988c)) + 2;
				 *((long long*)(0x1f74000000009864)) =  *((intOrPtr*)(0x1f74000000009864)) + 2;
				 *((long long*)( *((intOrPtr*)(0x1f7400000000988c)))) = 0;
				 *((long long*)(0x1f7400000000988c)) =  *((intOrPtr*)(0x1f7400000000988c)) + 4;
				 *((long long*)(0x1f74000000009864)) =  *((intOrPtr*)(0x1f74000000009864)) + 4;
				 *((long long*)( *((intOrPtr*)(0x1f7400000000988c)))) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x18 +  *0x1F740000000098A4 * 0x40));
				 *((long long*)(0x1f7400000000988c)) =  *((intOrPtr*)(0x1f7400000000988c)) + 8;
				 *((long long*)(0x1f74000000009864)) =  *((intOrPtr*)(0x1f74000000009864)) + 8;
				 *((long long*)( *((intOrPtr*)(0x1f740000000098ac)) -  *((intOrPtr*)(0x1f7400000000989c)))) =  *((intOrPtr*)(0x1f740000000098a8));
				goto 0xa73819;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x30 +  *0x1F740000000098A4 * 0x40)) == 0) goto 0xa737c5;
				 *((long long*)( *((intOrPtr*)(0x1f7400000000988c)))) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x18 +  *0x1F740000000098A4 * 0x40));
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x38 +  *0x1F740000000098A4 * 0x40)) == 0) goto 0xa7377a;
				 *((long long*)(0x1f740000000098b4)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x30 +  *0x1F740000000098A4 * 0x40));
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x30 +  *0x1F740000000098A4 * 0x40)) -  *((intOrPtr*)(0x1f7400000000989c)))) =  *((intOrPtr*)(0x1f74000000009864)) -  *((intOrPtr*)(0x1f740000000098b4)) + 4 -  *((intOrPtr*)(0x1f7400000000986c));
				goto 0xa737a7;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x30 +  *0x1F740000000098A4 * 0x40)) -  *((intOrPtr*)(0x1f7400000000989c)))) =  *((intOrPtr*)(0x1f74000000009864));
				 *((long long*)(0x1f7400000000988c)) =  *((intOrPtr*)(0x1f7400000000988c)) + 8;
				 *((long long*)(0x1f74000000009864)) =  *((intOrPtr*)(0x1f74000000009864)) + 8;
				goto 0xa73819;
				 *((long long*)(0x1f74000000009904)) =  *0x1F740000000098A4 * 0x40 +  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170));
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x170)) + 0x28 +  *0x1F740000000098A4 * 0x40)) -  *((intOrPtr*)(0x1f7400000000989c)))) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009904)) + 0x18));
				goto L1;
				 *((intOrPtr*)(0x1f74000000009854)) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114));
				__rax =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114)) +  *((intOrPtr*)(0x1f7400000000995c));
				__eax = __rax;
				__rcx = 0x1f74000000009894;
				 *0x1F74000000009844 = 0x1f74000000009894;
				__r9 = __rax;
				__r8 =  *0x1F74000000009884;
				__rdx =  *((intOrPtr*)(0x1f7400000000987c));
				__rcx =  *0x1F7400000000993C;
				__eax = WriteProcessMemory(??, ??, ??, ??, ??);
				if (__rax == 0) goto 0xa738a3;
				 *((intOrPtr*)(0x1f74000000009854)) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114));
				__rax =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114)) +  *((intOrPtr*)(0x1f7400000000995c));
				if ( *((intOrPtr*)(0x1f74000000009894)) !=  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0x114)) +  *((intOrPtr*)(0x1f7400000000995c))) goto 0xa738a1;
				__rax =  *((intOrPtr*)(0x1f74000000009854));
				 *((intOrPtr*)(0x1f74000000009854)) =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xe8));
				__rax =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xe0));
				__rax =  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xe0)) -  *((intOrPtr*)( *((intOrPtr*)(0x1f74000000009854)) + 0xe8));
				 *((intOrPtr*)(0x1f7400000000987c)) =  *((intOrPtr*)(0x1f7400000000987c)) + __rax;
				 *((long long*)(0x1f7400000000985c)) = __rax;
				goto 0xa738a9;
				__eax = GetLastError();
				__rcx =  *0x1F74000000009884;
				__eax = LocalFree(??);
				__rax = 0x1f74000000009874;
				 *((long long*)(0x1f74000000009844)) = 0x1f74000000009874;
				r9d = 0x20;
				__r8 =  *((intOrPtr*)(0x1f74000000009894));
				__rdx =  *((intOrPtr*)(0x1f7400000000987c));
				__rcx =  *0x1F7400000000993C;
				__eax = VirtualProtectEx(??, ??, ??, ??, ??);
				if (0x1f74000000009874 != 0) goto 0xa738e6;
				__eax = GetLastError();
				if ( *((long long*)(0x1f7400000000994c)) == 0) goto 0xa73901;
				__rax =  *((intOrPtr*)(0x1f7400000000994c));
				__rcx =  *((intOrPtr*)(0x1f7400000000987c));
				 *((long long*)( *((intOrPtr*)(0x1f7400000000994c)))) =  *((intOrPtr*)(0x1f7400000000987c));
				if ( *((long long*)(0x1f7400000000985c)) == 0) goto 0xa73926;
				if ( *((long long*)(0x1f74000000009954)) == 0) goto 0xa73926;
				__rax =  *((intOrPtr*)(0x1f74000000009954));
				__rcx =  *((intOrPtr*)(0x1f74000000009854));
				 *((long long*)( *((intOrPtr*)(0x1f74000000009954)))) =  *((intOrPtr*)(0x1f74000000009854));
				goto 0xa73992;
				__rax =  *((intOrPtr*)(0x1f74000000009854));
				 *0x1F740000000098CC =  *((intOrPtr*)(0x1f74000000009854));
				__rax =  *((intOrPtr*)(0x1f740000000098cc));
				 *((long long*)(0x1f740000000098c4)) =  *((intOrPtr*)(0x1f740000000098cc));
				if ( *((long long*)(0x1f740000000098c4)) == 0) goto 0xa73986;
				__rcx =  *((intOrPtr*)(0x1f740000000098c4));
				__eax = E00007FF67FF600A7FFA0(__rcx);
				__rax = 0x1;
				 *(__rbp + __rcx + 0x48) =  *(__rbp + __rcx + 0x48) << 0x8b;
				 *0x1 = fs;
				 *0x1 =  *0x1 + __al;
				__al = __al + bpl;
				r8d = r8d &  *__rbx;
				 *0x8501E082FFFFFF8C =  *((intOrPtr*)(0x8501e082ffffff8c)) + __cl;
				 *0x1 =  *0x1 + __al;
				 *0x8501E082FFFFFF8A =  *((intOrPtr*)(0x8501e082ffffff8a)) + __cl;
				 *0x1 =  *0x1 + __al;
				__bl = __bl + bpl;
				__al = __al | 0x00000048;
				 *0x1F7400000000991C = 0;
				__rax =  *((intOrPtr*)(0x1f7400000000985c));
				__rax =  *((intOrPtr*)(0x1f740000000098d4));
				__rax =  *((intOrPtr*)(0x1f740000000098dc));
				__rax =  *((intOrPtr*)(0x1f740000000098e4));
				__rax =  *((intOrPtr*)(0x1f740000000098ec));
				__rax =  *((intOrPtr*)(0x1f740000000098f4));
				return __eax;
			}











































                                                0x7ff600a73230
                                                0x7ff600a73230
                                                0x7ff600a73235
                                                0x7ff600a7323a
                                                0x7ff600a7323f
                                                0x7ff600a7324b
                                                0x7ff600a73253
                                                0x7ff600a73265
                                                0x7ff600a7326b
                                                0x7ff600a7326d
                                                0x7ff600a73289
                                                0x7ff600a7328e
                                                0x7ff600a73296
                                                0x7ff600a73298
                                                0x7ff600a732ac
                                                0x7ff600a732bd
                                                0x7ff600a732ca
                                                0x7ff600a732d0
                                                0x7ff600a732eb
                                                0x7ff600a732fc
                                                0x7ff600a73309
                                                0x7ff600a7330f
                                                0x7ff600a7332a
                                                0x7ff600a73337
                                                0x7ff600a7333e
                                                0x7ff600a73344
                                                0x7ff600a73353
                                                0x7ff600a7335e
                                                0x7ff600a73360
                                                0x7ff600a7337b
                                                0x7ff600a73389
                                                0x7ff600a7338b
                                                0x7ff600a73391
                                                0x7ff600a733a4
                                                0x7ff600a733ab
                                                0x7ff600a733b8
                                                0x7ff600a733bd
                                                0x7ff600a733c8
                                                0x7ff600a733ca
                                                0x7ff600a733e5
                                                0x7ff600a733f5
                                                0x7ff600a7340a
                                                0x7ff600a7340c
                                                0x7ff600a73417
                                                0x7ff600a73419
                                                0x7ff600a73434
                                                0x7ff600a7345d
                                                0x7ff600a73486
                                                0x7ff600a7349f
                                                0x7ff600a734b8
                                                0x7ff600a734dd
                                                0x7ff600a734e2
                                                0x7ff600a734f9
                                                0x7ff600a7350b
                                                0x7ff600a73520
                                                0x7ff600a73544
                                                0x7ff600a73568
                                                0x7ff600a73588
                                                0x7ff600a735ab
                                                0x7ff600a735ce
                                                0x7ff600a735f2
                                                0x7ff600a735fe
                                                0x7ff600a7360c
                                                0x7ff600a7361a
                                                0x7ff600a73624
                                                0x7ff600a73633
                                                0x7ff600a73641
                                                0x7ff600a73668
                                                0x7ff600a73674
                                                0x7ff600a73682
                                                0x7ff600a736a1
                                                0x7ff600a736a3
                                                0x7ff600a736c6
                                                0x7ff600a736ee
                                                0x7ff600a7370e
                                                0x7ff600a7372d
                                                0x7ff600a73776
                                                0x7ff600a73778
                                                0x7ff600a737a4
                                                0x7ff600a737b0
                                                0x7ff600a737be
                                                0x7ff600a737c3
                                                0x7ff600a737dd
                                                0x7ff600a73816
                                                0x7ff600a73819
                                                0x7ff600a73823
                                                0x7ff600a73829
                                                0x7ff600a73830
                                                0x7ff600a73832
                                                0x7ff600a73837
                                                0x7ff600a7383c
                                                0x7ff600a7383f
                                                0x7ff600a73844
                                                0x7ff600a73849
                                                0x7ff600a73851
                                                0x7ff600a73859
                                                0x7ff600a73860
                                                0x7ff600a73866
                                                0x7ff600a73874
                                                0x7ff600a73876
                                                0x7ff600a73880
                                                0x7ff600a73887
                                                0x7ff600a7388e
                                                0x7ff600a73896
                                                0x7ff600a7389c
                                                0x7ff600a738a1
                                                0x7ff600a738a3
                                                0x7ff600a738a9
                                                0x7ff600a738ae
                                                0x7ff600a738b4
                                                0x7ff600a738b9
                                                0x7ff600a738be
                                                0x7ff600a738c4
                                                0x7ff600a738c9
                                                0x7ff600a738ce
                                                0x7ff600a738d6
                                                0x7ff600a738de
                                                0x7ff600a738e0
                                                0x7ff600a738ef
                                                0x7ff600a738f1
                                                0x7ff600a738f9
                                                0x7ff600a738fe
                                                0x7ff600a73907
                                                0x7ff600a73912
                                                0x7ff600a73914
                                                0x7ff600a7391c
                                                0x7ff600a73921
                                                0x7ff600a73924
                                                0x7ff600a73926
                                                0x7ff600a7392b
                                                0x7ff600a73933
                                                0x7ff600a7393b
                                                0x7ff600a7394c
                                                0x7ff600a7394e
                                                0x7ff600a73956
                                                0x7ff600a7395b
                                                0x7ff600a73964
                                                0x7ff600a73969
                                                0x7ff600a7396c
                                                0x7ff600a7396e
                                                0x7ff600a73970
                                                0x7ff600a73973
                                                0x7ff600a73979
                                                0x7ff600a7397b
                                                0x7ff600a73981
                                                0x7ff600a73983
                                                0x7ff600a73985
                                                0x7ff600a73987
                                                0x7ff600a73992
                                                0x7ff600a73999
                                                0x7ff600a739a3
                                                0x7ff600a739ad
                                                0x7ff600a739b7
                                                0x7ff600a739c1
                                                0x7ff600a739d0

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$LocalProcess$AllocCurrentFreeMemoryProtectVirtualWrite
                                                • String ID:
                                                • API String ID: 2079003842-0
                                                • Opcode ID: 6469138d49f4e629315e003c4e2f5004f0d104526c8cbc031b0e22bb9260147c
                                                • Instruction ID: fdd0c8f777350b3797ffecbccecc44236202a271078edab3f07a17362059a20a
                                                • Opcode Fuzzy Hash: 6469138d49f4e629315e003c4e2f5004f0d104526c8cbc031b0e22bb9260147c
                                                • Instruction Fuzzy Hash: AB12C737619B85C5DB60CB19E4903AAB7A0F7C8B84F215036EA8E87B69DF3CD545CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A73C80 Relevance: 15.3, APIs: 10, Instructions: 289memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 62a1227b88620cb6b344f4c1191382de6b5a11c61a11c46de2938a3e723b9947
                                                • Instruction ID: 63a75c037966d4f60bb4547b0ae9d8be28769dd2eed396ea48561dc2f746df38
                                                • Opcode Fuzzy Hash: 62a1227b88620cb6b344f4c1191382de6b5a11c61a11c46de2938a3e723b9947
                                                • Instruction Fuzzy Hash: 85F11A76609BC195EB718B05E4903AAB360FBDDB80F614136DA8E977A9DF3DE540CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A856D1 Relevance: 15.2, APIs: 10, Instructions: 186memoryfileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$Protect$FileUnmapView$CacheCloseCurrentFlushFreeHandleInstructionProcess
                                                • String ID:
                                                • API String ID: 1884829510-0
                                                • Opcode ID: 63b49c7530fcb4dedb9c17681c221bc885f23ab510d39fbd361d53c5524208c4
                                                • Instruction ID: 8649f2154884a186f80693d473b51e30b55d5ff2f38189467cda7f1b8c722de0
                                                • Opcode Fuzzy Hash: 63b49c7530fcb4dedb9c17681c221bc885f23ab510d39fbd361d53c5524208c4
                                                • Instruction Fuzzy Hash: 04B1EA76A0DBC191EB70CB15E4983AAA7A0FBC5740F604136DA8E87BA9DF3DD544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A74A20 Relevance: 15.1, APIs: 10, Instructions: 114synchronizationthreadinjectionCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 16%
                                                			E00007FF67FF600A74A20(long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40) {
				char _v16;
				long long _v24;
				char _v32;
				void* _v40;
				char _v48;
				char _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v88;
				long long _v104;
				long long _v112;
				long long _v120;
				void* _t81;
				long long _t91;
				char* _t98;
				intOrPtr _t100;

				_t132 = __r8;
				_t91 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v72 = 0;
				_v112 = 0;
				_v120 = 0;
				r8d = 0;
				E00007FF67FF600A73230(__rax, _a16, _a8, __r8,  &_v88);
				_v80 = _t91;
				if (_v80 == 0) goto 0xa74c70;
				r8d = 0;
				E00007FF67FF600A71000(_t81, _t91, _a8, _t132);
				_v64 = _t91;
				_v120 =  &_v56;
				r9d = 4;
				VirtualProtectEx(??, ??, ??, ??, ??);
				if (_a40 == 0) goto 0xa74b0d;
				_v120 =  &_v48;
				WriteProcessMemory(??, ??, ??, ??, ??);
				if (_a40 == 0) goto 0xa74c44;
				if (_v64 == 0) goto 0xa74b21;
				_v40 = _v64;
				goto 0xa74b2e;
				_v40 = _a32;
				_v104 =  &_v32;
				_v112 = 0;
				_t98 = _v40;
				_v120 = _t98;
				r8d = 0;
				E00007FF67FF600A749C0(_a8, 0, _v80);
				_v24 = _t98;
				if (_v24 == 0) goto 0xa74c3c;
				 *_t98 =  *_t98;
				dil = dil + dil;
				asm("adc eax, 0x9263d");
				if (_t98 != 0xffffffff) goto 0xa74b96;
				GetLastError();
				GetExitCodeThread(??, ??);
				CloseHandle(??);
				if (_a40 != 0) goto 0xa74bcf;
				_v72 = 1;
				goto 0xa74c3a;
				_t100 = _a40;
				E00007FF67FF600A75580(_t100, _a32, _t100);
				if (_t100 != 0) goto 0xa74c32;
				_t101 = _a40;
				_v120 =  &_v16;
				ReadProcessMemory(??, ??, ??, ??, ??);
				if (_a40 == 0) goto 0xa74c2a;
				_v72 = 1;
				goto 0xa74c30;
				GetLastError();
				goto 0xa74c3a;
				_v72 = 1;
				goto 0xa74c42;
				GetLastError();
				goto 0xa74c4b;
				GetLastError();
				E00007FF67FF600A71330(_a40, _v64, _a8);
				return E00007FF67FF600A71330(_t101, _v88, _a8);
			}




















                                                0x7ff600a74a20
                                                0x7ff600a74a20
                                                0x7ff600a74a20
                                                0x7ff600a74a25
                                                0x7ff600a74a2a
                                                0x7ff600a74a2f
                                                0x7ff600a74a3b
                                                0x7ff600a74a43
                                                0x7ff600a74a4b
                                                0x7ff600a74a59
                                                0x7ff600a74a6c
                                                0x7ff600a74a71
                                                0x7ff600a74a7c
                                                0x7ff600a74a82
                                                0x7ff600a74a94
                                                0x7ff600a74a99
                                                0x7ff600a74aaa
                                                0x7ff600a74aaf
                                                0x7ff600a74ac5
                                                0x7ff600a74ad4
                                                0x7ff600a74ae2
                                                0x7ff600a74aff
                                                0x7ff600a74b07
                                                0x7ff600a74b13
                                                0x7ff600a74b1a
                                                0x7ff600a74b1f
                                                0x7ff600a74b29
                                                0x7ff600a74b33
                                                0x7ff600a74b38
                                                0x7ff600a74b40
                                                0x7ff600a74b45
                                                0x7ff600a74b4f
                                                0x7ff600a74b5c
                                                0x7ff600a74b61
                                                0x7ff600a74b72
                                                0x7ff600a74b81
                                                0x7ff600a74b84
                                                0x7ff600a74b86
                                                0x7ff600a74b8e
                                                0x7ff600a74b90
                                                0x7ff600a74ba6
                                                0x7ff600a74bb5
                                                0x7ff600a74bc3
                                                0x7ff600a74bc5
                                                0x7ff600a74bcd
                                                0x7ff600a74bcf
                                                0x7ff600a74be1
                                                0x7ff600a74be8
                                                0x7ff600a74bea
                                                0x7ff600a74bf9
                                                0x7ff600a74c16
                                                0x7ff600a74c1e
                                                0x7ff600a74c20
                                                0x7ff600a74c28
                                                0x7ff600a74c2a
                                                0x7ff600a74c30
                                                0x7ff600a74c32
                                                0x7ff600a74c3a
                                                0x7ff600a74c3c
                                                0x7ff600a74c42
                                                0x7ff600a74c44
                                                0x7ff600a74c58
                                                0x7ff600a74c7b

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastVirtual$AllocProcess$Query$CurrentMemory$CloseCodeExitHandleLocalObjectProtectReadSingleThreadWaitWrite
                                                • String ID:
                                                • API String ID: 620437659-0
                                                • Opcode ID: aca013211670bce8eb7d3e9336385dcf2ce6761695c3f07f4cfa6374358b4803
                                                • Instruction ID: 1838ce00c8d2ef5e97c6fa83677d4f681a8e0d4b0c2424e9d846c3ea8de7c810
                                                • Opcode Fuzzy Hash: aca013211670bce8eb7d3e9336385dcf2ce6761695c3f07f4cfa6374358b4803
                                                • Instruction Fuzzy Hash: 1F51F73260DA8196E7708B55F8447AAB3A4FB89794F608135EACD83BADCF7CD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A71000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 143memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$Alloc$CurrentProcessQuery
                                                • String ID: @
                                                • API String ID: 2973090906-2766056989
                                                • Opcode ID: 9643dc82478bbcc09d5f3aefce602b0b2fd0663e60a53a8c0f5078effce8021d
                                                • Instruction ID: 56167a843952538cfb9132fafdfddff6e3fd718ba765174ce9755c48d02e4046
                                                • Opcode Fuzzy Hash: 9643dc82478bbcc09d5f3aefce602b0b2fd0663e60a53a8c0f5078effce8021d
                                                • Instruction Fuzzy Hash: 45813F32A1CBC595E7608B19E84436AB7E0F785784F604135EACE86B9EDF7CD484CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A86AE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 111stringmemoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 18%
                                                			E00007FF67FF600A86AE0(void* __ecx, void* __eflags, signed int* __rax, long long __rcx, void* __rdx, long long _a8) {
				void* _v16;
				void* _v24;
				void* _v28;
				signed long long _v32;
				void* _v36;
				long long _v40;
				signed int _v48;
				signed int _v56;
				void* _v328;
				long long _v336;
				char _v344;
				void* _v360;
				void* _v368;
				long long _v376;
				int _t54;
				void* _t67;
				intOrPtr _t86;
				signed int _t91;
				long long _t95;
				void* _t119;

				_a8 = __rcx;
				_v336 = 0;
				_t54 = E00007FF67FF600A7C6A0(__ecx, _t67, __rax, 0xb099c8);
				_v344 = __rax;
				if (_v344 == 0) goto 0xa86d58;
				r9d = 4;
				r8d = 0x1000;
				 *__rax =  *__rax | _t54;
				_v56 = __rax;
				_v48 = 0;
				_v48 = _v48 + 1;
				if (_v48 - 0x1000 >= 0) goto 0xa86d42;
				_v40 = 0;
				_v376 = 0;
				r9d = 0x800;
				_push(_t119);
				if (_v48 << 2 < 0) goto 0xa86c21;
				if ( *((long long*)( *((intOrPtr*)(_t119 + 0x160)) + 8)) == 0) goto 0xa86c21;
				_t86 =  *((intOrPtr*)(_t119 + 0x160));
				E00007FF67FF600ACE450(_t86,  *((intOrPtr*)(_t86 + 8)));
				if (_t86 != 0) goto 0xa86c21;
				 *((long long*)(_t119 + 0x20)) = 0;
				r9d = 0x800;
				_push(_t119);
				if (_v56 << 2 < 0) goto 0xa86c21;
				if ( *((long long*)( *((intOrPtr*)(_t119 + 0x160)) + 8)) == 0) goto 0xa86c21;
				 *((long long*)(_t119 + 0x17c)) = 1;
				goto 0xa86c2c;
				 *((long long*)(_t119 + 0x17c)) = 0;
				_v56 =  *((intOrPtr*)(_t119 + 0x17c));
				_v56 = 0;
				if (_v56 == 0) goto 0xa86d3d;
				_t91 =  *((intOrPtr*)(_t119 + 0x160));
				E00007FF67FF600A7C930( *((intOrPtr*)(_t91 + 8)),  &_v344);
				lstrlenA(??);
				_v48 = _t91;
				lstrlenA(??);
				 *(_t119 + 0x174) = _t91;
				if (_v48 -  *(_t119 + 0x174) <= 0) goto 0xa86d3d;
				_t95 = _t119 + _v48 -  *(_t119 + 0x174) + 0x50;
				E00007FF67FF600ACF51C(_t95,  *((intOrPtr*)(_t119 + 0x1a0)));
				if (_t95 != 0) goto 0xa86d3d;
				GetCurrentProcess();
				_v40 = _t95;
				_v32 =  *(_t119 + 0x168) << 2;
				GetCurrentProcess();
				_v376 = 2;
				 *((long long*)(_t119 + 0x28)) = 0;
				 *((long long*)(_t119 + 0x20)) = 0;
				_t54 = DuplicateHandle(??, ??, ??, ??, ??, ??, ??);
				if (_t95 == 0) goto 0xa86d3d;
				goto 0xa86d42;
				goto L1;
				r8d = 0x8000;
				__rdx = 0;
				__rcx =  *((intOrPtr*)(__rsp + 0x160));
				__eax = VirtualFree(??, ??, ??);
				__rax =  *((intOrPtr*)(__rsp + 0x48));
				return __eax;
			}























                                                0x7ff600a86ae0
                                                0x7ff600a86aec
                                                0x7ff600a86afe
                                                0x7ff600a86b03
                                                0x7ff600a86b0e
                                                0x7ff600a86b14
                                                0x7ff600a86b1a
                                                0x7ff600a86b2b
                                                0x7ff600a86b2d
                                                0x7ff600a86b35
                                                0x7ff600a86b4f
                                                0x7ff600a86b63
                                                0x7ff600a86b69
                                                0x7ff600a86b80
                                                0x7ff600a86b89
                                                0x7ff600a86ba0
                                                0x7ff600a86ba5
                                                0x7ff600a86bb4
                                                0x7ff600a86bbd
                                                0x7ff600a86bc9
                                                0x7ff600a86bd0
                                                0x7ff600a86bde
                                                0x7ff600a86be7
                                                0x7ff600a86bfe
                                                0x7ff600a86c03
                                                0x7ff600a86c12
                                                0x7ff600a86c14
                                                0x7ff600a86c1f
                                                0x7ff600a86c21
                                                0x7ff600a86c33
                                                0x7ff600a86c3c
                                                0x7ff600a86c4f
                                                0x7ff600a86c5a
                                                0x7ff600a86c66
                                                0x7ff600a86c70
                                                0x7ff600a86c76
                                                0x7ff600a86c85
                                                0x7ff600a86c8b
                                                0x7ff600a86ca0
                                                0x7ff600a86cba
                                                0x7ff600a86cca
                                                0x7ff600a86cd1
                                                0x7ff600a86cd3
                                                0x7ff600a86cd9
                                                0x7ff600a86ced
                                                0x7ff600a86cf5
                                                0x7ff600a86cfb
                                                0x7ff600a86d03
                                                0x7ff600a86d0b
                                                0x7ff600a86d31
                                                0x7ff600a86d39
                                                0x7ff600a86d3b
                                                0x7ff600a86d3d
                                                0x7ff600a86d42
                                                0x7ff600a86d48
                                                0x7ff600a86d4a
                                                0x7ff600a86d52
                                                0x7ff600a86d58
                                                0x7ff600a86d64

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentProcessVirtuallstrlen$AllocDuplicateFreeHandle
                                                • String ID: Section
                                                • API String ID: 3115487881-3805168499
                                                • Opcode ID: d4065ad8a0acd81522d11bd27884611b7d5ab0e569339cec33646e2e58657f5c
                                                • Instruction ID: afc9b456b5b401a9325353588998e7bdbdd5b61fba25be34d3389cfff98759b4
                                                • Opcode Fuzzy Hash: d4065ad8a0acd81522d11bd27884611b7d5ab0e569339cec33646e2e58657f5c
                                                • Instruction Fuzzy Hash: 3851D772A0CAC196E7709B15E4583EBA7A0FB89784F604139DA8E87B9DDF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A80020 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 44%
                                                			E00007FF67FF600A80020(void* __ecx, void* __edx, long long __rcx, long long __rdx, long long __r8, void* __r9, void* _a8, long long _a16, long long _a24, long long _a32, signed int _a40) {
				long long _v24;
				signed int _v28;
				signed int _v32;
				char _v72;
				char _v344;
				long long _v360;
				long long _v376;
				long long _v400;
				void* _v408;
				signed long long _v416;
				char _v456;
				signed long long _v472;
				signed char _t88;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				intOrPtr* _t117;
				signed long long _t123;

				_t187 = __r9;
				_t97 = __edx;
				_t96 = __ecx;
				_a32 = r9d;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FF67FF600A7E730(_a8 + 0x130, L"<Invalid>");
				if ( *((long long*)(_a8 + 0xd8)) == 0) goto 0xa80308;
				E00007FF67FF600A7F460(E00007FF67FF600A7E080(E00007FF67FF600A7F410(_a8 + 0x130),  &_v456),  &_v456);
				r8d = 0x30;
				VirtualQuery(??, ??, ??);
				if (_a8 != 0x30) goto 0xa80107;
				if (_v376 != 0x1000) goto 0xa80107;
				if (_v400 == 0) goto 0xa80107;
				r9d = 0x104;
				_t117 = _a8;
				E00007FF67FF600A7B680(_t117, _v400,  *_t117,  &_v344);
				if (_t117 == 0) goto 0xa80107;
				E00007FF67FF600A7E8C0(_t96, __edx,  &_v456,  &_v344,  &_v344);
				if ((E00007FF67FF600A7F300( &_v456) & 0x000000ff) == 0) goto 0xa80136;
				E00007FF67FF600A7F490( &_v456, L"sub_%0X",  *_a8, __r9);
				goto 0xa80176;
				E00007FF67FF600A7F640(E00007FF67FF600A7E360( &_v72,  &_v456),  &_v72);
				E00007FF67FF600A7F490( &_v456, L"public %s", _a8, _t187);
				_t88 = E00007FF67FF600A7E460( &_v72);
				_v28 =  *((intOrPtr*)(_a8 + 0x160));
				_t123 = _v28 << 2;
				 *_t123 =  *_t123 | _t88;
				_v416 = _t123;
				_v360 = 0xffffffff;
				_v32 = 0;
				goto 0xa801d3;
				_v32 = _v32 + 1;
				_v24 =  *((intOrPtr*)(_a8 + 0x160));
				if (_v32 - _v24 >= 0) goto 0xa80255;
				E00007FF67FF600A80340(_a8,  &_v360);
				if (_v360 != 0xffffffff) goto 0xa80239;
				E00007FF67FF600A7E730(_a8 + 0x130, L"Internal error while composing the disassembling string");
				goto 0xa802f3;
				 *((long long*)(_v416 + _v32 * 4)) = _v360;
				goto 0xa801c2;
				 *((long long*)(_a8 + 0xbc)) = 0;
				 *((long long*)(_a8 + 0xc0)) = _a32;
				 *((long long*)(_a8 + 0xc8)) = _a24;
				if ( *((long long*)(_a8 + 0xc0)) <= 0) goto 0xa802cd;
				_v472 = _a40 & 0x000000ff;
				r9d = 1;
				E00007FF67FF600A80690(_t97, _t98, _t99, _t100, _a8,  &_v456, _v416, _t187);
				_v472 = _a40 & 0x000000ff;
				r9d = 0;
				E00007FF67FF600A80690(_t97, _t98, _t99, _t100, _a8,  &_v456, _v416, _t187);
				LocalFree(??);
				E00007FF67FF600A7E460( &_v456);
				return E00007FF67FF600A7E360(_a16, _a8 + 0x130);
			}






















                                                0x7ff600a80020
                                                0x7ff600a80020
                                                0x7ff600a80020
                                                0x7ff600a80020
                                                0x7ff600a80025
                                                0x7ff600a8002a
                                                0x7ff600a8002f
                                                0x7ff600a80053
                                                0x7ff600a80067
                                                0x7ff600a80092
                                                0x7ff600a80097
                                                0x7ff600a800ad
                                                0x7ff600a800b7
                                                0x7ff600a800c4
                                                0x7ff600a800cc
                                                0x7ff600a800ce
                                                0x7ff600a800dc
                                                0x7ff600a800ec
                                                0x7ff600a800f3
                                                0x7ff600a80102
                                                0x7ff600a80116
                                                0x7ff600a8012f
                                                0x7ff600a80134
                                                0x7ff600a80150
                                                0x7ff600a80164
                                                0x7ff600a80171
                                                0x7ff600a80184
                                                0x7ff600a80193
                                                0x7ff600a801a3
                                                0x7ff600a801a5
                                                0x7ff600a801aa
                                                0x7ff600a801b5
                                                0x7ff600a801c0
                                                0x7ff600a801cc
                                                0x7ff600a801e1
                                                0x7ff600a801f6
                                                0x7ff600a80208
                                                0x7ff600a80215
                                                0x7ff600a8022f
                                                0x7ff600a80234
                                                0x7ff600a8024d
                                                0x7ff600a80250
                                                0x7ff600a8025d
                                                0x7ff600a80276
                                                0x7ff600a8028c
                                                0x7ff600a802a2
                                                0x7ff600a802ac
                                                0x7ff600a802b0
                                                0x7ff600a802c8
                                                0x7ff600a802d5
                                                0x7ff600a802d9
                                                0x7ff600a802ee
                                                0x7ff600a802f8
                                                0x7ff600a80303
                                                0x7ff600a80335

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocFreeQueryVirtual
                                                • String ID: <Invalid>$Internal error while composing the disassembling string$public %s$sub_%0X
                                                • API String ID: 2627483936-4009540495
                                                • Opcode ID: cd50f8e589eb31c6f4afa37403400d15381000ccfb926499124d7b0cc83d7bf0
                                                • Instruction ID: 1b6bb8b229c7f458d926c11c9a2b84fe1216c75140a78abeaebc2cc04e0a395d
                                                • Opcode Fuzzy Hash: cd50f8e589eb31c6f4afa37403400d15381000ccfb926499124d7b0cc83d7bf0
                                                • Instruction Fuzzy Hash: EA710872A18BC695EB70DB15E4847EAA760FB84784F504132EA9D87BAEDF7CD144CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEC918 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 45%
                                                			E00007FF67FF600AEC918(void* __ecx, long long __rbx, void* __rdx, long long __rsi, intOrPtr* __r8, void* __r9) {
				void* _t44;
				signed long long _t67;
				signed long long _t71;
				intOrPtr _t74;
				signed long long _t91;
				struct HINSTANCE__* _t102;
				signed long long _t103;
				signed long long _t108;
				long long _t110;
				void* _t114;
				signed long long _t118;
				signed long long _t120;
				signed long long _t123;
				struct HINSTANCE__* _t124;
				long _t127;
				void* _t130;
				WCHAR* _t135;

				 *((long long*)(_t114 + 8)) = __rbx;
				 *((long long*)(_t114 + 0x10)) = _t110;
				 *((long long*)(_t114 + 0x18)) = __rsi;
				r15d = __ecx;
				_t120 =  *0xb2fde8; // 0xc4f55cf73642
				_t103 = _t102 | 0xffffffff;
				_t91 = _t120 ^  *(0x7ff600a70000 + 0xc6810 + _t135 * 8);
				asm("dec eax");
				if (_t91 == _t103) goto 0xaecacf;
				if (_t91 == 0) goto 0xaec981;
				_t67 = _t91;
				goto 0xaecad1;
				if (__r8 == __r9) goto 0xaeca63;
				_t108 =  *((intOrPtr*)(__r8));
				_t74 =  *((intOrPtr*)(0x7ff600a70000 + 0xc6770 + _t108 * 8));
				if (_t74 == 0) goto 0xaec9a8;
				if (_t74 == _t103) goto 0xaeca4f;
				goto 0xaeca4a;
				r8d = 0x800;
				LoadLibraryExW(_t135, _t130, _t127);
				if (_t67 != 0) goto 0xaeca18;
				GetLastError();
				if (_t67 != 0x57) goto 0xaeca16;
				r8d = _t44;
				E00007FF67FF600AE8BC0(__r8);
				if (_t67 == 0) goto 0xaeca16;
				r8d = _t44;
				E00007FF67FF600AE8BC0(__r8);
				if (_t67 == 0) goto 0xaeca16;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				goto 0xaeca18;
				if (0 != 0) goto 0xaeca31;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc6770 + _t108 * 8)) = _t103;
				goto 0xaeca4f;
				_t20 = 0x7ff600a70000 + 0xc6770 + _t108 * 8;
				_t71 =  *_t20;
				 *_t20 = 0;
				if (_t71 == 0) goto 0xaeca4a;
				FreeLibrary(_t124);
				if (0 != 0) goto 0xaecaa4;
				if (__r8 + 4 != __r9) goto 0xaec98a;
				if (0 == 0) goto 0xaecab4;
				GetProcAddress(_t102);
				if (_t71 == 0) goto 0xaecaad;
				_t118 =  *0xb2fde8; // 0xc4f55cf73642
				asm("loope 0x41");
				asm("dec eax");
				 *(0x7ff600a70000 + 0xc6810 + _t135 * 8) = _t71 ^ _t118;
				goto 0xaecad1;
				goto 0xaeca65;
				_t123 =  *0xb2fde8; // 0xc4f55cf73642
				asm("enter 0xd348, 0xcf");
				 *(0x7ff600a70000 + 0xc6810 + _t135 * 8) = _t103 ^ _t123;
				return r10d;
			}




















                                                0x7ff600aec918
                                                0x7ff600aec91d
                                                0x7ff600aec922
                                                0x7ff600aec934
                                                0x7ff600aec94f
                                                0x7ff600aec956
                                                0x7ff600aec960
                                                0x7ff600aec968
                                                0x7ff600aec96e
                                                0x7ff600aec977
                                                0x7ff600aec979
                                                0x7ff600aec97c
                                                0x7ff600aec984
                                                0x7ff600aec98a
                                                0x7ff600aec98d
                                                0x7ff600aec998
                                                0x7ff600aec99d
                                                0x7ff600aec9a3
                                                0x7ff600aec9b5
                                                0x7ff600aec9bb
                                                0x7ff600aec9c7
                                                0x7ff600aec9c9
                                                0x7ff600aec9d2
                                                0x7ff600aec9da
                                                0x7ff600aec9e4
                                                0x7ff600aec9eb
                                                0x7ff600aec9ed
                                                0x7ff600aec9fa
                                                0x7ff600aeca01
                                                0x7ff600aeca03
                                                0x7ff600aeca0b
                                                0x7ff600aeca14
                                                0x7ff600aeca22
                                                0x7ff600aeca27
                                                0x7ff600aeca2f
                                                0x7ff600aeca34
                                                0x7ff600aeca34
                                                0x7ff600aeca34
                                                0x7ff600aeca3f
                                                0x7ff600aeca44
                                                0x7ff600aeca4d
                                                0x7ff600aeca56
                                                0x7ff600aeca68
                                                0x7ff600aeca70
                                                0x7ff600aeca79
                                                0x7ff600aeca7b
                                                0x7ff600aeca8b
                                                0x7ff600aeca94
                                                0x7ff600aeca9a
                                                0x7ff600aecaa2
                                                0x7ff600aecaab
                                                0x7ff600aecaad
                                                0x7ff600aecac0
                                                0x7ff600aecac7
                                                0x7ff600aecaed

                                                APIs
                                                • GetProcAddress.KERNEL32(?,?,00000006,00007FF600AED19A,?,?,?,00007FF600AEA4D6,?,?,?,00007FF600AE8D0D), ref: 00007FF600AECA70
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AddressProc
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 190572456-537541572
                                                • Opcode ID: 4beac683b613c28f46479a9c1b4e57897bc23d502085f6d7bc3fcd108909d3d4
                                                • Instruction ID: 8e08fcd5bb9e98bc61aa5d1bba4d087903cae4d420fbb7a9784ea5171726b38c
                                                • Opcode Fuzzy Hash: 4beac683b613c28f46479a9c1b4e57897bc23d502085f6d7bc3fcd108909d3d4
                                                • Instruction Fuzzy Hash: F341C163B1D686A1FA11DB1698046B56292BF46BE0F288535DD0ECB78EFF3DE4438340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A86B43 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 95stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentProcesslstrlen$DuplicateFreeHandleVirtual
                                                • String ID: Section
                                                • API String ID: 1334103914-3805168499
                                                • Opcode ID: d464c8f64401d4c6a8661782222f6c7fb8461e1b47df6676de4bee0c08360af3
                                                • Instruction ID: 9b979af7429614695499f3796a47b04e3fdb7c646485d198fbfb8d44fc6cb8e3
                                                • Opcode Fuzzy Hash: d464c8f64401d4c6a8661782222f6c7fb8461e1b47df6676de4bee0c08360af3
                                                • Instruction Fuzzy Hash: D151C772A0CAC196EB70DB15E4443EBA7A0FB89B84F604135DA8D87B99DF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AECBF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 31%
                                                			E00007FF67FF600AECBF0(long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed long long _t46;
				intOrPtr _t53;
				signed long long _t54;
				signed long long _t77;
				signed long long _t82;
				long _t86;
				void* _t89;
				WCHAR* _t92;

				_t46 = _t82;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rbp;
				 *((long long*)(_t46 + 0x18)) = __rsi;
				 *((long long*)(_t46 + 0x20)) = __rdi;
				if (__rdx == __r8) goto 0xaeccf1;
				_t77 =  *((intOrPtr*)(__rdx));
				_t53 =  *((intOrPtr*)(0x7ff600a70000 + 0xc6770 + _t77 * 8));
				if (_t53 == 0) goto 0xaecc44;
				if (_t53 == 0xffffffff) goto 0xaecce4;
				goto 0xaeccdf;
				r8d = 0x800;
				LoadLibraryExW(_t92, _t89, _t86);
				_t54 = _t46;
				if (_t46 != 0) goto 0xaeccb3;
				GetLastError();
				if (_t46 != 0x57) goto 0xaeccb1;
				_t12 = _t54 + 7; // 0x7
				r8d = _t12;
				E00007FF67FF600AE8BC0(__r8);
				if (_t46 == 0) goto 0xaeccb1;
				_t13 = _t54 + 7; // 0x7
				r8d = _t13;
				E00007FF67FF600AE8BC0(__r8);
				if (_t46 == 0) goto 0xaeccb1;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				goto 0xaeccb3;
				if (0 != 0) goto 0xaeccc6;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc6770 + _t77 * 8)) = _t46 | 0xffffffff;
				goto 0xaecce4;
				_t18 = 0x7ff600a70000 + 0xc6770 + _t77 * 8;
				 *_t18 = 0;
				if ( *_t18 == 0) goto 0xaeccdf;
				FreeLibrary(??);
				if (0 != 0) goto 0xaeccfc;
				if (__rdx + 4 != __r8) goto 0xaecc26;
				if (0 != 0) goto 0xaeccfc;
				goto 0xaecd08;
				return GetProcAddress(??, ??);
			}











                                                0x7ff600aecbf0
                                                0x7ff600aecbf3
                                                0x7ff600aecbf7
                                                0x7ff600aecbfb
                                                0x7ff600aecbff
                                                0x7ff600aecc19
                                                0x7ff600aecc26
                                                0x7ff600aecc28
                                                0x7ff600aecc33
                                                0x7ff600aecc39
                                                0x7ff600aecc3f
                                                0x7ff600aecc51
                                                0x7ff600aecc57
                                                0x7ff600aecc5d
                                                0x7ff600aecc63
                                                0x7ff600aecc65
                                                0x7ff600aecc6e
                                                0x7ff600aecc70
                                                0x7ff600aecc70
                                                0x7ff600aecc7e
                                                0x7ff600aecc85
                                                0x7ff600aecc87
                                                0x7ff600aecc87
                                                0x7ff600aecc95
                                                0x7ff600aecc9c
                                                0x7ff600aecc9e
                                                0x7ff600aecca6
                                                0x7ff600aeccaf
                                                0x7ff600aeccb6
                                                0x7ff600aeccbc
                                                0x7ff600aeccc4
                                                0x7ff600aeccc9
                                                0x7ff600aeccc9
                                                0x7ff600aeccd4
                                                0x7ff600aeccd9
                                                0x7ff600aecce2
                                                0x7ff600aecceb
                                                0x7ff600aeccf6
                                                0x7ff600aeccfa
                                                0x7ff600aecd26

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: LibraryLoad$AddressErrorLastProc
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 778228865-537541572
                                                • Opcode ID: 0803218ccca148635c975896638882d65d4c908342ef49f8dcabd9e51bfe734d
                                                • Instruction ID: 0e41416b6b73e59ddbc997da9a61a95db701f2456922af0ba8023c37bc8a8dc7
                                                • Opcode Fuzzy Hash: 0803218ccca148635c975896638882d65d4c908342ef49f8dcabd9e51bfe734d
                                                • Instruction Fuzzy Hash: 7C31D422F1DA82A5EA119B5698041796290BF85BF4F3C4631DE1E877DAFF3DE402C300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9E027 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80fileinjectionsleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ProcessProtectVirtual$HandleMemoryWrite$CloseCurrentDuplicateErrorFileLastSleepUnmapView
                                                • String ID: 2
                                                • API String ID: 2175802472-450215437
                                                • Opcode ID: 490ac623da02e4c15513d8fb1d0b6c2fc4f1dea937745ef43551734f58a78701
                                                • Instruction ID: 748e28d6152917d988b77e69033db11e75edd6c58895a480c050ff8c0374d227
                                                • Opcode Fuzzy Hash: 490ac623da02e4c15513d8fb1d0b6c2fc4f1dea937745ef43551734f58a78701
                                                • Instruction Fuzzy Hash: 6241A93660C685A5EB71CB45E4543AAB760F789784F608036DA8D83B5EDF7DD544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A74CE0 Relevance: 12.2, APIs: 8, Instructions: 163memorythreadCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 47%
                                                			E00007FF67FF600A74CE0(signed char __ecx, void* __edi, void* __esi, void* __esp, long long __rax, long long __rdx, long long __r8, signed char _a4, signed char _a8, intOrPtr _a12, long long _a16, long long _a24) {
				void* _v4;
				char _v136;
				char _v148;
				void* _v156;
				long long _v164;
				signed int _v168;
				void* _v172;
				long long _v176;
				signed long long _v180;
				signed int _v184;
				void* _v188;
				signed long long _v192;
				long long _v200;
				void* _v204;
				char _v208;
				char _v212;
				long long _v216;
				void* _v220;
				signed char _t82;
				signed char _t83;
				void* _t90;
				long long _t111;
				signed long long _t114;
				signed long long _t117;
				long long _t130;
				intOrPtr* _t131;
				signed long long _t133;
				signed long long _t138;
				void* _t172;

				_t111 = __rax;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __ecx;
				_v208 = 0;
				E00007FF67FF600A75730(_a16);
				E00007FF67FF600A758C0(_a24);
				E00007FF67FF600A7C6A0(__ecx, _t90, _t111, 0xb07fe0);
				_v216 = _t111;
				E00007FF67FF600A7C6A0(__ecx, _t90, _t111, 0xb07fd0);
				_v200 = _t111;
				if (_v216 == 0) goto 0xa74fa8;
				if (_v200 == 0) goto 0xa74fa8;
				_v184 = 0;
				r8d = 0;
				_v192 = 0;
				_v180 = 0xffffffff;
				if (_v184 != 0) goto 0xa74df4;
				_v184 = 0x10000;
				if (_v184 - 0x400000 >= 0) goto 0xa74df2;
				_v184 = _v184 << 1;
				if (_v192 == 0) goto 0xa74db6;
				LocalFree(??);
				_t114 = _v184;
				 *_t114 =  *_t114 | _t114;
				_v192 = _t114;
				r9d = 0;
				r8d = _v184;
				_v180 = _t114;
				if (_v180 != 0) goto 0xa74df0;
				goto 0xa74df2;
				goto 0xa74d8f;
				goto 0xa74e2f;
				_v184 = _v184 << 1;
				_t117 = _v184;
				 *_t117 =  *_t117 | _t117;
				_v192 = _t117;
				r9d = 0;
				r8d = _v184;
				_v180 = _t117;
				if (_v180 != 0) goto 0xa74f92;
				_v176 = _v192;
				if (0 == 1) goto 0xa74f92;
				GetCurrentProcessId();
				if ( *((intOrPtr*)(_v176 + 0x50)) != 0) goto 0xa74f6a;
				_v168 = 0;
				goto 0xa74e7b;
				_v168 = _v168 + 1;
				if (_v168 -  *((intOrPtr*)(_v176 + 4)) >= 0) goto 0xa74f6a;
				if ((GetVersion() & 0x000000ff) - 4 <= 0) goto 0xa74eb5;
				_v164 =  *((intOrPtr*)(_v176 + 0x130 + _v168 * 0x50));
				goto 0xa74ecd;
				_t130 =  *((intOrPtr*)(_v176 + 0x100 + _v168 * 0x50));
				_v164 = _t130;
				_t82 = GetCurrentThreadId();
				if (_v164 == _t130) goto 0xa74f65;
				_t131 =  &_v136;
				_t83 = _t82 & 0x00000058;
				 *_t131 =  *_t131 + _t83;
				 *_t131 =  *_t131 + _t83;
				 *((long long*)(_t172 - 0xe8 + 0x60)) = _v164;
				_t133 = _a8 & 0x000000ff;
				if (_t133 == 0) goto 0xa74f30;
				if (_t133 != 0) goto 0xa74f65;
				E00007FF67FF600A75610(_a12,  &_v168);
				if ((_a4 & 0x000000ff) == 0) goto 0xa74f60;
				E00007FF67FF600A757A0( *((intOrPtr*)(_t172 - 0xe8 + 0x110)),  &_v148);
				_v212 = 1;
				goto 0xa74e70;
				if ( *_v180 != 0) goto 0xa74f76;
				goto 0xa74f92;
				_t138 = _v180 +  *_v180;
				_v180 = _t138;
				goto 0xa74e44;
				LocalFree(0x302454ff);
				if (_t138 == 0) goto 0xa74fa8;
				GetLastError();
				return _v212;
			}
































                                                0x7ff600a74ce0
                                                0x7ff600a74ce0
                                                0x7ff600a74ce5
                                                0x7ff600a74cea
                                                0x7ff600a74cf7
                                                0x7ff600a74d04
                                                0x7ff600a74d11
                                                0x7ff600a74d1f
                                                0x7ff600a74d24
                                                0x7ff600a74d32
                                                0x7ff600a74d37
                                                0x7ff600a74d42
                                                0x7ff600a74d4e
                                                0x7ff600a74d54
                                                0x7ff600a74d61
                                                0x7ff600a74d6f
                                                0x7ff600a74d78
                                                0x7ff600a74d85
                                                0x7ff600a74d87
                                                0x7ff600a74d97
                                                0x7ff600a74d9f
                                                0x7ff600a74da9
                                                0x7ff600a74db0
                                                0x7ff600a74db6
                                                0x7ff600a74dc6
                                                0x7ff600a74dc8
                                                0x7ff600a74dcd
                                                0x7ff600a74dd0
                                                0x7ff600a74de3
                                                0x7ff600a74dec
                                                0x7ff600a74dee
                                                0x7ff600a74df0
                                                0x7ff600a74df2
                                                0x7ff600a74dfa
                                                0x7ff600a74dfe
                                                0x7ff600a74e0e
                                                0x7ff600a74e10
                                                0x7ff600a74e15
                                                0x7ff600a74e18
                                                0x7ff600a74e2b
                                                0x7ff600a74e34
                                                0x7ff600a74e3f
                                                0x7ff600a74e49
                                                0x7ff600a74e4f
                                                0x7ff600a74e60
                                                0x7ff600a74e66
                                                0x7ff600a74e6e
                                                0x7ff600a74e77
                                                0x7ff600a74e87
                                                0x7ff600a74e99
                                                0x7ff600a74eaf
                                                0x7ff600a74eb3
                                                0x7ff600a74ec2
                                                0x7ff600a74ec9
                                                0x7ff600a74ecd
                                                0x7ff600a74ed7
                                                0x7ff600a74edd
                                                0x7ff600a74ef8
                                                0x7ff600a74efb
                                                0x7ff600a74efd
                                                0x7ff600a74f03
                                                0x7ff600a74f08
                                                0x7ff600a74f12
                                                0x7ff600a74f2e
                                                0x7ff600a74f3d
                                                0x7ff600a74f4c
                                                0x7ff600a74f5b
                                                0x7ff600a74f60
                                                0x7ff600a74f65
                                                0x7ff600a74f72
                                                0x7ff600a74f74
                                                0x7ff600a74f85
                                                0x7ff600a74f88
                                                0x7ff600a74f8d
                                                0x7ff600a74f97
                                                0x7ff600a74fa0
                                                0x7ff600a74fa2
                                                0x7ff600a74fb5

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocCurrentFree$ErrorLastProcessThreadVersion
                                                • String ID:
                                                • API String ID: 3183500424-0
                                                • Opcode ID: 5a2dd84283333ea9b0742b6d27c4abd54a7fe6137644e527da80b162ef7b8190
                                                • Instruction ID: ee42404bf8fd1765459e9c7594244454511c47e2beffc3d25df20c9f91c80072
                                                • Opcode Fuzzy Hash: 5a2dd84283333ea9b0742b6d27c4abd54a7fe6137644e527da80b162ef7b8190
                                                • Instruction Fuzzy Hash: 7381D932A1CA8197E7609B15E85436AB7A0FBC9794F608135E78E83B9DDF7DD844CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9E8E0 Relevance: 12.2, APIs: 8, Instructions: 152injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$Process$Memory$Write$AllocProtect$Query$CurrentRead
                                                • String ID:
                                                • API String ID: 2961373630-0
                                                • Opcode ID: a7a5094028c9d9d11b3f1e80a9f841eb310ea96cf783ac10b9ea1f29184865e0
                                                • Instruction ID: 8e0b012e42b577a7ada9a96a09623eb02b0f82439bcd2bdd0e55cba7653cc145
                                                • Opcode Fuzzy Hash: a7a5094028c9d9d11b3f1e80a9f841eb310ea96cf783ac10b9ea1f29184865e0
                                                • Instruction Fuzzy Hash: AF81C77661CA819AD760CF29E48476AB7A0FB89744F504135EA8EC7B99DF3DD504CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7AA00 Relevance: 12.1, APIs: 8, Instructions: 53filememoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleLocal$AllocFreeMappingModuleNameView
                                                • String ID:
                                                • API String ID: 2797480782-0
                                                • Opcode ID: 23b20c1e7a5773189e3852ba58506879e7c81687cf71a9096db6ee8f36caf8ea
                                                • Instruction ID: 424020e79c13e07a4bd5422851002058fc34f91a68b7d31dcee50232eacdbf23
                                                • Opcode Fuzzy Hash: 23b20c1e7a5773189e3852ba58506879e7c81687cf71a9096db6ee8f36caf8ea
                                                • Instruction Fuzzy Hash: C3210C32A1CA8192E7608B15F95471AB7A0F7C57A4F204234EA8E87BACCF7ED4458B00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7D610 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 145memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 28%
                                                			E00007FF67FF600A7D610(short __ecx, void* __edx, void* __eflags, long long __rcx, long long __rdx, void* __r8, void* _a8, long long _a16) {
				void* _v32;
				long long _v40;
				signed int* _v48;
				long long _v56;
				signed int _v64;
				signed int* _v72;
				long long _v88;
				signed char _t87;
				void* _t93;
				long long _t112;
				signed int* _t115;
				signed int* _t118;
				long long _t119;

				_t95 = __edx;
				_a16 = __rdx;
				_a8 = __rcx;
				 *_a8 = 0;
				 *((long long*)(_a8 + 8)) = 0;
				 *((long long*)(_a8 + 0xc)) = 0;
				 *((char*)(_a8 + 0x10)) = 0;
				_t112 = _a8;
				 *((char*)(_t112 + 0x18)) = 0;
				E00007FF67FF600A7C6A0(__ecx, __edx, _t112, 0xb09560);
				_v56 = _t112;
				_v64 = 0;
				r8d = 0;
				_v72 = 0;
				if (_v64 != 0) goto 0xa7d701;
				_v64 = 0x10000;
				_v64 = _v64 << 1;
				_t87 = LocalFree(??);
				_t115 = _v64;
				 *_t115 =  *_t115 | _t87;
				_v72 = _t115;
				r9d = 0;
				r8d = _v64;
				_v48 = _t115;
				if (_v48 == 0) goto 0xa7d6ff;
				if (_v64 != 0x400000) goto 0xa7d6a8;
				goto 0xa7d73c;
				_v64 = _v64 << 1;
				_t118 = _v64;
				 *_t118 =  *_t118 | _t87;
				_v72 = _t118;
				r9d = 0;
				r8d = _v64;
				_v48 = _t118;
				if (_v48 != 0) goto 0xa7d893;
				_t119 = _v72;
				_v32 = _t119;
				_v40 = 0;
				if (_a16 == 0) goto 0xa7d779;
				dil = dil + dil;
				asm("adc eax, 0x89ac4");
				_v40 = _t119;
				if (0 == 1) goto 0xa7d880;
				if ( *((long long*)(_v32 + 0x40)) == 0) goto 0xa7d825;
				if (_v40 == 0) goto 0xa7d7ee;
				r9d = 0;
				r8d = 0x8000;
				E00007FF67FF600A7C9A0(__ecx, _v40, __r8);
				if (_v32 == 0) goto 0xa7d7ee;
				_v88 = _v40;
				r9d =  *((intOrPtr*)(_v32 + 0x64));
				r8d =  *(_v32 + 0x58);
				E00007FF67FF600A7D9C0(_t95, _v32, _a8,  *((intOrPtr*)(_v32 + 0x50)));
				goto 0xa7d823;
				_v88 =  *((intOrPtr*)(_v32 + 0x40));
				r9d =  *((intOrPtr*)(_v32 + 0x64));
				r8d =  *(_v32 + 0x58);
				E00007FF67FF600A7D9C0(_t95, _v32, _a8,  *((intOrPtr*)(_v32 + 0x50)));
				goto 0xa7d858;
				_v88 = L"[System Process]";
				r9d =  *((intOrPtr*)(_v32 + 0x64));
				r8d =  *(_v32 + 0x58);
				E00007FF67FF600A7D9C0(_t95, _v32, _a8,  *((intOrPtr*)(_v32 + 0x50)));
				if ( *_v32 != 0) goto 0xa7d864;
				goto 0xa7d880;
				_v32 = _v32 +  *_v32;
				goto 0xa7d779;
				if (_v40 == 0) goto 0xa7d893;
				LocalFree(??);
				_t93 = LocalFree(??);
				 *((char*)(_a8 + 0x18)) = 1;
				 *((char*)(_a8 + 0x18)) = 0;
				return _t93;
			}
















                                                0x7ff600a7d610
                                                0x7ff600a7d610
                                                0x7ff600a7d614
                                                0x7ff600a7d625
                                                0x7ff600a7d634
                                                0x7ff600a7d643
                                                0x7ff600a7d652
                                                0x7ff600a7d656
                                                0x7ff600a7d65e
                                                0x7ff600a7d66b
                                                0x7ff600a7d670
                                                0x7ff600a7d675
                                                0x7ff600a7d682
                                                0x7ff600a7d690
                                                0x7ff600a7d69e
                                                0x7ff600a7d6a0
                                                0x7ff600a7d6ae
                                                0x7ff600a7d6b7
                                                0x7ff600a7d6bd
                                                0x7ff600a7d6cd
                                                0x7ff600a7d6cf
                                                0x7ff600a7d6d4
                                                0x7ff600a7d6d7
                                                0x7ff600a7d6ea
                                                0x7ff600a7d6f3
                                                0x7ff600a7d6fd
                                                0x7ff600a7d6ff
                                                0x7ff600a7d707
                                                0x7ff600a7d70b
                                                0x7ff600a7d71b
                                                0x7ff600a7d71d
                                                0x7ff600a7d722
                                                0x7ff600a7d725
                                                0x7ff600a7d738
                                                0x7ff600a7d741
                                                0x7ff600a7d747
                                                0x7ff600a7d74c
                                                0x7ff600a7d751
                                                0x7ff600a7d762
                                                0x7ff600a7d76d
                                                0x7ff600a7d76f
                                                0x7ff600a7d774
                                                0x7ff600a7d77e
                                                0x7ff600a7d78e
                                                0x7ff600a7d79a
                                                0x7ff600a7d79c
                                                0x7ff600a7d79f
                                                0x7ff600a7d7b2
                                                0x7ff600a7d7b9
                                                0x7ff600a7d7c0
                                                0x7ff600a7d7ca
                                                0x7ff600a7d7d3
                                                0x7ff600a7d7e7
                                                0x7ff600a7d7ec
                                                0x7ff600a7d7f7
                                                0x7ff600a7d801
                                                0x7ff600a7d80a
                                                0x7ff600a7d81e
                                                0x7ff600a7d823
                                                0x7ff600a7d82c
                                                0x7ff600a7d836
                                                0x7ff600a7d83f
                                                0x7ff600a7d853
                                                0x7ff600a7d860
                                                0x7ff600a7d862
                                                0x7ff600a7d876
                                                0x7ff600a7d87b
                                                0x7ff600a7d886
                                                0x7ff600a7d88d
                                                0x7ff600a7d898
                                                0x7ff600a7d8a6
                                                0x7ff600a7d8b4
                                                0x7ff600a7d8c4

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocFree
                                                • String ID: [System Process]
                                                • API String ID: 2012307162-1083941768
                                                • Opcode ID: 939f2f4c0784e771f7df72125f45c15a69f092ef02a4cd9819aab921527b010d
                                                • Instruction ID: c0fdcde5ccca3d6b7abeda905bcead34330ff2a882c7dcecc21f5a6a64e3d143
                                                • Opcode Fuzzy Hash: 939f2f4c0784e771f7df72125f45c15a69f092ef02a4cd9819aab921527b010d
                                                • Instruction Fuzzy Hash: 5771A73661CB8196D7608B55E48475ABBA0FBC9B90F205035EB8E83BADCF7DD484CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A717A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead$CloseHandle$OpenThread
                                                • String ID: $
                                                • API String ID: 472240123-3993045852
                                                • Opcode ID: 7a561752c269bd6d893ed5298389602a793fe27564169b03343edb2f4ea5ee71
                                                • Instruction ID: e5cab3d92723f5467eb80cc287c8cbb15d2e5882bbe445ac49ce33e325f08afa
                                                • Opcode Fuzzy Hash: 7a561752c269bd6d893ed5298389602a793fe27564169b03343edb2f4ea5ee71
                                                • Instruction Fuzzy Hash: B051A86360CA81A6E6608B25E85476AA3F0FB86784F604135E7CEC7B9DDF3DD546CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A85FF0 Relevance: 10.6, APIs: 7, Instructions: 98memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Virtual$AllocFreeQuery
                                                • String ID:
                                                • API String ID: 985890503-0
                                                • Opcode ID: 4a1675f91ad5cd99ca1fe39acddc9df5ea12fe598fe7316ec68700935a9da08a
                                                • Instruction ID: 01e6229d486da94b695739ec0c29fcb253c638e1737ffeafaad15bd51e5a972b
                                                • Opcode Fuzzy Hash: 4a1675f91ad5cd99ca1fe39acddc9df5ea12fe598fe7316ec68700935a9da08a
                                                • Instruction Fuzzy Hash: 9751E93291CB8196E760DB15E45436AB7A0FBC5794F204135EA8E83BAEDF7DE484CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB1F1C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 50%
                                                			E00007FF67FF600AB1F1C(void* __ecx, long long __rbx, void* __rdx, long long __rsi, intOrPtr* __r8, void* __r9) {
				_Unknown_base(*)()* _t43;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t68;
				signed long long _t71;
				struct HINSTANCE__* _t84;
				signed long long _t85;
				signed long long _t88;
				long long _t90;
				void* _t94;
				struct HINSTANCE__* _t99;
				long _t102;
				void* _t105;
				signed long long _t106;
				WCHAR* _t109;

				 *((long long*)(_t94 + 8)) = __rbx;
				 *((long long*)(_t94 + 0x10)) = _t90;
				 *((long long*)(_t94 + 0x18)) = __rsi;
				_t85 = _t71;
				_t106 = _t105 | 0xffffffff;
				_t59 =  *((intOrPtr*)(0x7ff600a70000 + 0xc58d0 + _t85 * 8));
				if (_t59 == _t106) goto 0xab204b;
				if (_t59 != 0) goto 0xab204d;
				if (__r8 == __r9) goto 0xab2043;
				_t88 =  *((intOrPtr*)(__r8));
				_t67 =  *((intOrPtr*)(0x7ff600a70000 + 0xc58b8 + _t88 * 8));
				_t60 = _t59;
				if (_t67 == 0) goto 0xab1f8e;
				if (_t67 != _t106) goto 0xab2025;
				goto 0xab1ff9;
				r8d = 0x800;
				LoadLibraryExW(_t109, _t105, _t102);
				_t68 = _t60;
				if (_t60 != 0) goto 0xab2005;
				GetLastError();
				if (_t60 != 0x57) goto 0xab1fe7;
				_t16 = _t68 + 7; // 0x7
				r8d = _t16;
				E00007FF67FF600AE8BC0(__r8);
				if (_t60 == 0) goto 0xab1fe7;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t60 != 0) goto 0xab2005;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc58b8 + _t88 * 8)) = _t106;
				goto 0xab1f6c;
				_t23 = 0x7ff600a70000 + 0xc58b8 + _t88 * 8;
				_t64 =  *_t23;
				 *_t23 = _t60;
				if (_t64 == 0) goto 0xab2025;
				FreeLibrary(_t99);
				_t43 = GetProcAddress(_t84);
				if (_t64 == 0) goto 0xab2043;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc58d0 + _t85 * 8)) = _t64;
				goto 0xab204d;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc58d0 + _t85 * 8)) = _t106;
				return _t43;
			}




















                                                0x7ff600ab1f1c
                                                0x7ff600ab1f21
                                                0x7ff600ab1f26
                                                0x7ff600ab1f38
                                                0x7ff600ab1f41
                                                0x7ff600ab1f56
                                                0x7ff600ab1f5a
                                                0x7ff600ab1f63
                                                0x7ff600ab1f6c
                                                0x7ff600ab1f72
                                                0x7ff600ab1f75
                                                0x7ff600ab1f7d
                                                0x7ff600ab1f81
                                                0x7ff600ab1f86
                                                0x7ff600ab1f8c
                                                0x7ff600ab1f9b
                                                0x7ff600ab1fa1
                                                0x7ff600ab1fa7
                                                0x7ff600ab1fad
                                                0x7ff600ab1faf
                                                0x7ff600ab1fb8
                                                0x7ff600ab1fba
                                                0x7ff600ab1fba
                                                0x7ff600ab1fc8
                                                0x7ff600ab1fcf
                                                0x7ff600ab1fd1
                                                0x7ff600ab1fd9
                                                0x7ff600ab1fe5
                                                0x7ff600ab1ff1
                                                0x7ff600ab2000
                                                0x7ff600ab200f
                                                0x7ff600ab200f
                                                0x7ff600ab200f
                                                0x7ff600ab201a
                                                0x7ff600ab201f
                                                0x7ff600ab202b
                                                0x7ff600ab2034
                                                0x7ff600ab2039
                                                0x7ff600ab2041
                                                0x7ff600ab2043
                                                0x7ff600ab2069

                                                APIs
                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF600AB241A,?,?,?,00007FF600AA90E8,?,?,?,?,00007FF600AA86E1), ref: 00007FF600AB1FA1
                                                • GetLastError.KERNEL32(?,?,?,00007FF600AB241A,?,?,?,00007FF600AA90E8,?,?,?,?,00007FF600AA86E1), ref: 00007FF600AB1FAF
                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF600AB241A,?,?,?,00007FF600AA90E8,?,?,?,?,00007FF600AA86E1), ref: 00007FF600AB1FD9
                                                • FreeLibrary.KERNEL32(?,?,?,00007FF600AB241A,?,?,?,00007FF600AA90E8,?,?,?,?,00007FF600AA86E1), ref: 00007FF600AB201F
                                                • GetProcAddress.KERNEL32(?,?,?,00007FF600AB241A,?,?,?,00007FF600AA90E8,?,?,?,?,00007FF600AA86E1), ref: 00007FF600AB202B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                • String ID: api-ms-
                                                • API String ID: 2559590344-2084034818
                                                • Opcode ID: e8763b27488018392c40c89bcc63b26d3eaeaa215b4269d5c4944178ab587a0b
                                                • Instruction ID: 5fc406d5eef0e9b5e25c28f112f8147b26c12bafe24b8249e5671cb8663d66f4
                                                • Opcode Fuzzy Hash: e8763b27488018392c40c89bcc63b26d3eaeaa215b4269d5c4944178ab587a0b
                                                • Instruction Fuzzy Hash: F831A622F1EA46A1EE11AB169800A7562E4FF49BA0FB94536DD1E8739BDF3CF445C300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A71A00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID: H
                                                • API String ID: 1726664587-2852464175
                                                • Opcode ID: d04c3c017a1c5e196127fbe6e89a4e0e3ee941722fff904cbd8961fdfb5718ef
                                                • Instruction ID: 75d181597ebe34428e6094f07cd6e0948b89a6a89052f23f419438aed2e443f4
                                                • Opcode Fuzzy Hash: d04c3c017a1c5e196127fbe6e89a4e0e3ee941722fff904cbd8961fdfb5718ef
                                                • Instruction Fuzzy Hash: DE41CE72A0CB8191DA708B19F88476AB3A5FBC5784F604176EACD82B5DDF7CD545CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AEC7FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3177248105-537541572
                                                • Opcode ID: e9a57756e9efbf8f01c6870ab96863d758675ea79037a57d5399c89cf5ee5f5c
                                                • Instruction ID: 45a985b8c7cfbeb644903103d0bfc29a229991322bada6d1046cdde8a6f8b5c1
                                                • Opcode Fuzzy Hash: e9a57756e9efbf8f01c6870ab96863d758675ea79037a57d5399c89cf5ee5f5c
                                                • Instruction Fuzzy Hash: 3F31B122F1DA82A4FE519B2699001796294AF55BB0F6C4631DE2EC67CFFF3DE4428200
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB2150 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 46%
                                                			E00007FF67FF600AB2150(long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* _a8, void* _a16, void* _a24, void* _a32) {
				struct HINSTANCE__* _t25;
				signed long long _t35;
				signed long long _t36;
				intOrPtr _t41;
				signed long long _t42;
				signed long long _t58;
				signed long long _t63;
				long _t67;
				void* _t70;
				WCHAR* _t73;

				_t35 = _t63;
				 *((long long*)(_t35 + 8)) = __rbx;
				 *((long long*)(_t35 + 0x10)) = __rbp;
				 *((long long*)(_t35 + 0x18)) = __rsi;
				 *((long long*)(_t35 + 0x20)) = __rdi;
				if (__rdx == __r8) goto 0xab2214;
				_t58 =  *((intOrPtr*)(__rdx));
				_t41 =  *((intOrPtr*)(0x7ff600a70000 + 0xc58b8 + _t58 * 8));
				_t36 = _t35;
				if (_t41 == 0) goto 0xab21a2;
				if (_t41 != 0xffffffff) goto 0xab224e;
				goto 0xab2207;
				r8d = 0x800;
				LoadLibraryExW(_t73, _t70, _t67);
				_t42 = _t36;
				if (_t36 != 0) goto 0xab2235;
				GetLastError();
				if (_t36 != 0x57) goto 0xab21fb;
				_t13 = _t42 + 7; // 0x7
				r8d = _t13;
				E00007FF67FF600AE8BC0(__r8);
				if (_t36 == 0) goto 0xab21fb;
				r8d = 0;
				_t25 = LoadLibraryExW(??, ??, ??);
				if (_t36 != 0) goto 0xab2235;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc58b8 + _t58 * 8)) = _t36 | 0xffffffff;
				if (__rdx + 4 != __r8) goto 0xab2186;
				return _t25;
			}













                                                0x7ff600ab2150
                                                0x7ff600ab2153
                                                0x7ff600ab2157
                                                0x7ff600ab215b
                                                0x7ff600ab215f
                                                0x7ff600ab2179
                                                0x7ff600ab2186
                                                0x7ff600ab2188
                                                0x7ff600ab2190
                                                0x7ff600ab2194
                                                0x7ff600ab219a
                                                0x7ff600ab21a0
                                                0x7ff600ab21af
                                                0x7ff600ab21b5
                                                0x7ff600ab21bb
                                                0x7ff600ab21c1
                                                0x7ff600ab21c3
                                                0x7ff600ab21cc
                                                0x7ff600ab21ce
                                                0x7ff600ab21ce
                                                0x7ff600ab21dc
                                                0x7ff600ab21e3
                                                0x7ff600ab21e5
                                                0x7ff600ab21ed
                                                0x7ff600ab21f9
                                                0x7ff600ab21ff
                                                0x7ff600ab220e
                                                0x7ff600ab2234

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                • String ID: api-ms-
                                                • API String ID: 2559590344-2084034818
                                                • Opcode ID: a1a40e21a294fcb37a97141da572b959e0a6d100407631ac653ade7ac44b29d4
                                                • Instruction ID: b8b650ba5d3417fc10e9c116fb1fe178d8cd5fa1b962172295b2d4af5d232e21
                                                • Opcode Fuzzy Hash: a1a40e21a294fcb37a97141da572b959e0a6d100407631ac653ade7ac44b29d4
                                                • Instruction Fuzzy Hash: 28218532E19A42A1EA558B1698046B962A4FF4ABF0F784235DE2DD77DADF3CF441C300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AECAF0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 16%
                                                			E00007FF67FF600AECAF0(void* __ecx, long long __rbx, signed int __rcx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t31;
				void* _t41;
				intOrPtr _t42;
				void* _t43;
				void* _t76;
				void* _t79;
				struct HINSTANCE__* _t80;

				_t41 = _t76;
				 *((long long*)(_t41 + 8)) = __rbx;
				 *((long long*)(_t41 + 0x10)) = __rbp;
				 *((long long*)(_t41 + 0x18)) = __rsi;
				 *((long long*)(_t41 + 0x20)) = __rdi;
				_t42 =  *((intOrPtr*)(0x7ff600a70000 + 0xc6770 + __rcx * 8));
				if (_t42 == 0) goto 0xaecb31;
				_t43 =  ==  ? 0 : _t42;
				goto 0xaecbd3;
				r8d = 0x800;
				LoadLibraryExW(??, ??, ??);
				if (_t43 != 0) goto 0xaecba2;
				GetLastError();
				if (_t43 != 0x57) goto 0xaecb9f;
				r8d = _t31;
				E00007FF67FF600AE8BC0(_t79);
				if (_t43 == 0) goto 0xaecb9f;
				r8d = _t31;
				E00007FF67FF600AE8BC0(_t79);
				if (_t43 == 0) goto 0xaecb9f;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				goto 0xaecba2;
				if (0 != 0) goto 0xaecbb7;
				 *((intOrPtr*)(0x7ff600a70000 + 0xc6770 + __rcx * 8)) =  *(0x7ff600a70000 + 0xa45a0 + __rcx * 8) | 0xffffffff;
				goto 0xaecbd3;
				_t17 = 0x7ff600a70000 + 0xc6770 + __rcx * 8;
				 *_t17 = 0;
				if ( *_t17 == 0) goto 0xaecbd0;
				return FreeLibrary(_t80);
			}










                                                0x7ff600aecaf0
                                                0x7ff600aecaf3
                                                0x7ff600aecaf7
                                                0x7ff600aecafb
                                                0x7ff600aecaff
                                                0x7ff600aecb12
                                                0x7ff600aecb1f
                                                0x7ff600aecb28
                                                0x7ff600aecb2c
                                                0x7ff600aecb3e
                                                0x7ff600aecb44
                                                0x7ff600aecb50
                                                0x7ff600aecb52
                                                0x7ff600aecb5b
                                                0x7ff600aecb63
                                                0x7ff600aecb6d
                                                0x7ff600aecb74
                                                0x7ff600aecb76
                                                0x7ff600aecb83
                                                0x7ff600aecb8a
                                                0x7ff600aecb8c
                                                0x7ff600aecb94
                                                0x7ff600aecb9d
                                                0x7ff600aecba5
                                                0x7ff600aecbab
                                                0x7ff600aecbb5
                                                0x7ff600aecbba
                                                0x7ff600aecbba
                                                0x7ff600aecbc5
                                                0x7ff600aecbed

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3177248105-537541572
                                                • Opcode ID: 729670ac2ff70bf69c496fa058fed09ff1f840dd9a04fd88a69eca2b035bd6f6
                                                • Instruction ID: ef4e5047cfaf7a60e761d44e18150613aca65bf03946637cf637fab864d7905f
                                                • Opcode Fuzzy Hash: 729670ac2ff70bf69c496fa058fed09ff1f840dd9a04fd88a69eca2b035bd6f6
                                                • Instruction Fuzzy Hash: E5219422B2DB42A1EA119B16940557967A4FF49FB4F290635DE2EC77DAEF3DE0028300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8EEA0 Relevance: 10.6, APIs: 7, Instructions: 60fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleView$MappingSizeUnmap
                                                • String ID:
                                                • API String ID: 1223616889-0
                                                • Opcode ID: 44eef390041ab0d3254c3ea23637240f976756c3bdab72cf0c32cfce08029799
                                                • Instruction ID: f7cb3cd6483fa1c16f6fbda29d03fa04a2b4950bdfae2ad4a1e5a76a8638b4f4
                                                • Opcode Fuzzy Hash: 44eef390041ab0d3254c3ea23637240f976756c3bdab72cf0c32cfce08029799
                                                • Instruction Fuzzy Hash: A531EB3290CA8196E360DB15F45875ABBA0F7C5794F204235EB8983BA9CFBDD445CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA0B90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AddressByteCharFreeLibraryMultiProcWide$FromListLoadMallocPathTask
                                                • String ID: SHGetKnownFolderPath$shell32.dll
                                                • API String ID: 2053887120-2936008475
                                                • Opcode ID: 6836c0180a66f51b892767a2f4edb261c605105233f42f0df6dde0d0d209575c
                                                • Instruction ID: 072daa47091dd4c235882573e00e30e85676e6e80b8bbfdcb7d7581f94d68206
                                                • Opcode Fuzzy Hash: 6836c0180a66f51b892767a2f4edb261c605105233f42f0df6dde0d0d209575c
                                                • Instruction Fuzzy Hash: 3A117336B4CB52A4EA04CB56E814476A760AF8ABD0F644031DD4E837ADDF3DF545C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B04A9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                • String ID: CONOUT$
                                                • API String ID: 3230265001-3130406586
                                                • Opcode ID: d717f8b26216eaebd7ffbf007f72761637fddc8fc4ed0ab98288029631c65211
                                                • Instruction ID: 82c146e1223c14dbf2f6e032da01a1840d825f38b87891920cd010cbeba108e3
                                                • Opcode Fuzzy Hash: d717f8b26216eaebd7ffbf007f72761637fddc8fc4ed0ab98288029631c65211
                                                • Instruction Fuzzy Hash: 5D118E21B2CA4296E3509B56E954329B2A0FB89FE4F240234EE5EC7798CF7EE544C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B04904 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                • String ID: CONOUT$
                                                • API String ID: 3230265001-3130406586
                                                • Opcode ID: b5c3cd62564dd62cf5e1f4bbf20f678638a7cb6e74e9e576d757d9a0e26505d5
                                                • Instruction ID: 41fd049f81eb50d4a06ffd1219d6a8ad15bd7634a345ec7b843f417c047eb09a
                                                • Opcode Fuzzy Hash: b5c3cd62564dd62cf5e1f4bbf20f678638a7cb6e74e9e576d757d9a0e26505d5
                                                • Instruction Fuzzy Hash: BA114F36A2CA4297E7509B55E51432963A0FB89BA8F304234EA9F8779CCF3EE455C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8E1C0 Relevance: 10.5, APIs: 7, Instructions: 37serviceCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: OpenService$CloseErrorHandleLastManager
                                                • String ID:
                                                • API String ID: 2659350385-0
                                                • Opcode ID: b8f73b470a324c70786b4371399335781bf08ba8a452c3ffd39a6216c081b46d
                                                • Instruction ID: ae968e6b02f30366224ce381e901d9118cced7e1ef71fde43c314aa974e61121
                                                • Opcode Fuzzy Hash: b8f73b470a324c70786b4371399335781bf08ba8a452c3ffd39a6216c081b46d
                                                • Instruction Fuzzy Hash: 45111C6291CA8192E760DB21F54872AB760FB85784F205234EA8F82BADDF7DE5448B04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8E270 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 29fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 16%
                                                			E00007FF67FF600A8E270(long long __rax, long long __rcx, long long _a8) {
				long long _v24;
				short _v176;
				short _v178;
				short _v180;
				short _v182;
				short _v184;
				long long _v200;
				long long _v208;
				long long _v216;

				_a8 = __rcx;
				_v184 = 0x5c;
				_v182 = 0x5c;
				_v180 = 0x2e;
				_v178 = 0x5c;
				_v176 = 0;
				E00007FF67FF600ACF3AC(__rax, __rcx, 0x50, _a8);
				_v200 = 0;
				_v208 = 0;
				_v216 = 3;
				r9d = 0;
				r8d = 3;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				_v24 = __rax;
				if (_v24 == 0xffffffff) goto 0xa8e310;
				return CloseHandle(??);
			}












                                                0x7ff600a8e270
                                                0x7ff600a8e27c
                                                0x7ff600a8e283
                                                0x7ff600a8e28a
                                                0x7ff600a8e291
                                                0x7ff600a8e298
                                                0x7ff600a8e2b0
                                                0x7ff600a8e2b6
                                                0x7ff600a8e2bf
                                                0x7ff600a8e2c7
                                                0x7ff600a8e2cf
                                                0x7ff600a8e2d2
                                                0x7ff600a8e2e1
                                                0x7ff600a8e2e8
                                                0x7ff600a8e2f9
                                                0x7ff600a8e319

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseCreateFileHandle
                                                • String ID: .$\$\$\
                                                • API String ID: 3498533004-3136547729
                                                • Opcode ID: 8ae7af4a803f2688edbea8c35340251d6340ede71dbb525a335b67d5036f9306
                                                • Instruction ID: dde4ed9a8c6cab1735a765a2b589c72b0de2ade9dbb62a682c61e7c09ed33f4d
                                                • Opcode Fuzzy Hash: 8ae7af4a803f2688edbea8c35340251d6340ede71dbb525a335b67d5036f9306
                                                • Instruction Fuzzy Hash: 82010C2252C6C191E330CB50F41879EB6B0FB81364F605238E7A947BD8DFBEC5498B44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7B030 Relevance: 9.2, APIs: 6, Instructions: 163fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 19%
                                                			E00007FF67FF600A7B030(long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, void* _a32, void* _a40) {
				void* _v20;
				void* _v24;
				signed short _v28;
				long long _v32;
				long long _v40;
				long long _v48;
				void* _v52;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v120;
				long long _v128;
				long long _v136;
				void* _t114;
				void* _t115;
				long long _t125;
				long long _t131;
				long long _t140;
				signed long long _t145;
				void* _t191;

				_t125 = __rax;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v96 = 0;
				_v120 = 0;
				_v128 = 0;
				_v136 = 3;
				r9d = 0;
				r8d = 1;
				 *((intOrPtr*)(__rax)) =  *((intOrPtr*)(__rax));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				_v104 = __rax;
				if (_v104 == 0xffffffff) goto 0xa7b358;
				_v128 = 0;
				_v136 = 0;
				r9d = 0;
				r8d = 2;
				CreateFileMappingW(??, ??, ??, ??, ??, ??);
				_v88 = __rax;
				if (_v88 == 0) goto 0xa7b34d;
				_v136 = 0;
				r9d = 0;
				r8d = 0;
				MapViewOfFile(??, ??, ??, ??, ??);
				_v88 = __rax;
				if (_v88 == 0) goto 0xa7b342;
				E00007FF67FF600A7BE00(__rax, _v88);
				_v80 = _t125;
				if (_v80 == 0) goto 0xa7b337;
				if (( *(_v80 + 0x18) & 0x0000ffff) != 0x20b) goto 0xa7b13d;
				_v64 =  *((intOrPtr*)(_v80 + 0x88));
				goto 0xa7b149;
				_t131 =  *((intOrPtr*)(_v80 + 0x78));
				_v64 = _t131;
				E00007FF67FF600A7C090(_t115, _v80, __rax);
				_v72 = _v88 + _t131;
				if (_v72 == 0) goto 0xa7b337;
				E00007FF67FF600A7C090(_t115, _v80);
				_v56 = _v88 + _v72;
				 *(_t191 + 0x74) = 0;
				 *(_t191 + 0x74) =  *(_t191 + 0x74) + 1;
				if ( *(_t191 + 0x74) -  *((intOrPtr*)(_v72 + 0x18)) >= 0) goto 0xa7b2ef;
				_t140 =  *((intOrPtr*)(_v56 +  *(_t191 + 0x74) * 4));
				_v40 = _t140;
				E00007FF67FF600A7C090(_t115, _v80);
				_v48 = _v88 + _t140;
				 *(_t191 + 0x8c) = 0;
				goto 0xa7b217;
				 *(_t191 + 0x8c) =  *(_t191 + 0x8c) + 1;
				if ( *(_t191 + 0x8c) - _a32 >= 0) goto 0xa7b2ea;
				_t145 =  *(_t191 + 0x8c);
				E00007FF67FF600ACF440(_t114, _t115, _v48,  *((intOrPtr*)(_a16 + _t145 * 8)));
				if (_t145 != 0) goto 0xa7b2e5;
				_v28 = E00007FF67FF600A7C090(_t115, _v80);
				E00007FF67FF600A7C090(_t115, _v80);
				_v32 =  *((intOrPtr*)(_v88 + _v72 + (_v28 & 0x0000ffff) * 4));
				 *((long long*)(_a24 +  *(_t191 + 0x8c) * 8)) = _a8 + _v32;
				_v104 = 1;
				goto 0xa7b2ea;
				goto 0xa7b206;
				goto L1;
				if (_v104 == 0) goto 0xa7b337;
				 *(__rsp + 0x74) = 0;
				goto 0xa7b30b;
				 *(__rsp + 0x74) =  *(__rsp + 0x74) + 1;
				 *(__rsp + 0x74) =  *(__rsp + 0x74) + 1;
				__rax = _a32;
				if ( *(__rsp + 0x74) - _a32 >= 0) goto 0xa7b337;
				__rax =  *(__rsp + 0x74);
				__rcx = _a24;
				if ( *((long long*)(_a24 +  *(__rsp + 0x74) * 8)) != 0) goto 0xa7b335;
				_v104 = 0;
				goto 0xa7b337;
				goto 0xa7b300;
				__rcx = _v88;
				__eax = UnmapViewOfFile(??);
				__rcx = _v96;
				__eax = CloseHandle(??);
				__rcx =  *((intOrPtr*)(__rsp + 0x40));
				__eax = CloseHandle(??);
				__rax = _v104;
				return __eax;
			}



























                                                0x7ff600a7b030
                                                0x7ff600a7b030
                                                0x7ff600a7b035
                                                0x7ff600a7b03a
                                                0x7ff600a7b03f
                                                0x7ff600a7b04b
                                                0x7ff600a7b053
                                                0x7ff600a7b05c
                                                0x7ff600a7b064
                                                0x7ff600a7b06c
                                                0x7ff600a7b06f
                                                0x7ff600a7b080
                                                0x7ff600a7b082
                                                0x7ff600a7b088
                                                0x7ff600a7b093
                                                0x7ff600a7b099
                                                0x7ff600a7b0a2
                                                0x7ff600a7b0aa
                                                0x7ff600a7b0ad
                                                0x7ff600a7b0ba
                                                0x7ff600a7b0c0
                                                0x7ff600a7b0cb
                                                0x7ff600a7b0d1
                                                0x7ff600a7b0da
                                                0x7ff600a7b0dd
                                                0x7ff600a7b0ea
                                                0x7ff600a7b0f0
                                                0x7ff600a7b0fb
                                                0x7ff600a7b106
                                                0x7ff600a7b10b
                                                0x7ff600a7b116
                                                0x7ff600a7b12a
                                                0x7ff600a7b137
                                                0x7ff600a7b13b
                                                0x7ff600a7b142
                                                0x7ff600a7b145
                                                0x7ff600a7b152
                                                0x7ff600a7b164
                                                0x7ff600a7b16f
                                                0x7ff600a7b182
                                                0x7ff600a7b194
                                                0x7ff600a7b199
                                                0x7ff600a7b1aa
                                                0x7ff600a7b1ba
                                                0x7ff600a7b1c9
                                                0x7ff600a7b1cc
                                                0x7ff600a7b1df
                                                0x7ff600a7b1f1
                                                0x7ff600a7b1f9
                                                0x7ff600a7b204
                                                0x7ff600a7b210
                                                0x7ff600a7b225
                                                0x7ff600a7b22b
                                                0x7ff600a7b246
                                                0x7ff600a7b24d
                                                0x7ff600a7b27a
                                                0x7ff600a7b28f
                                                0x7ff600a7b2ac
                                                0x7ff600a7b2d7
                                                0x7ff600a7b2db
                                                0x7ff600a7b2e3
                                                0x7ff600a7b2e5
                                                0x7ff600a7b2ea
                                                0x7ff600a7b2f4
                                                0x7ff600a7b2f6
                                                0x7ff600a7b2fe
                                                0x7ff600a7b304
                                                0x7ff600a7b307
                                                0x7ff600a7b30b
                                                0x7ff600a7b316
                                                0x7ff600a7b318
                                                0x7ff600a7b31c
                                                0x7ff600a7b329
                                                0x7ff600a7b32b
                                                0x7ff600a7b333
                                                0x7ff600a7b335
                                                0x7ff600a7b337
                                                0x7ff600a7b33c
                                                0x7ff600a7b342
                                                0x7ff600a7b347
                                                0x7ff600a7b34d
                                                0x7ff600a7b352
                                                0x7ff600a7b358
                                                0x7ff600a7b363

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleView$MappingUnmap
                                                • String ID:
                                                • API String ID: 3514913828-0
                                                • Opcode ID: 2b2a4651955cb8a803e460c80734e3954aaf762fe0bbebcf8132833e4edeff40
                                                • Instruction ID: a50d4204df8880ecea7bcfd40225d93d24504115c492953e966fc80351c8cd40
                                                • Opcode Fuzzy Hash: 2b2a4651955cb8a803e460c80734e3954aaf762fe0bbebcf8132833e4edeff40
                                                • Instruction Fuzzy Hash: 9991C57261C68186E760CB19E85476AB7A0F7C8B94F204135EA8D87BADDF3CE841CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7B880 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CriticalErrorLastQuerySectionVirtual$EnterLeave
                                                • String ID:
                                                • API String ID: 884135157-0
                                                • Opcode ID: 1326d8e801c6d50af600bd4ad5827215f45925f5120db184bb4aaa036eb55607
                                                • Instruction ID: a6f747c91747019cc8f28ea18ee98cd11cf0516ca187057174261a116df33edc
                                                • Opcode Fuzzy Hash: 1326d8e801c6d50af600bd4ad5827215f45925f5120db184bb4aaa036eb55607
                                                • Instruction Fuzzy Hash: 1B710B66618B4596EB60CB19E48437EA7A4F7C9B80FA44136DA8E837BDCF3DD440CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A74FF0 Relevance: 9.1, APIs: 6, Instructions: 132memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 55%
                                                			E00007FF67FF600A74FF0(void* __ecx, void* __edi, void* __esi, void* __esp, long long __rax, long long _a8) {
				char _v72;
				long long _v84;
				void* _v92;
				void* _v100;
				long long _v104;
				void* _v108;
				long long _v112;
				signed long long _v116;
				signed int _v120;
				void* _v124;
				signed long long _v128;
				long long _v136;
				void* _v140;
				long long _v144;
				long long _v148;
				long long _v152;
				void* _v156;
				signed char _t61;
				signed char _t62;
				void* _t66;
				signed long long _t87;
				signed long long _t90;
				intOrPtr* _t100;
				long long _t101;
				signed long long _t106;
				long long _t108;
				void* _t133;

				_a8 = _t108;
				E00007FF67FF600A7C6A0(__ecx, _t66, __rax, 0xb07fe0);
				_v152 = __rax;
				E00007FF67FF600A7C6A0(__ecx, _t66, __rax, 0xb07fd0);
				_v136 = __rax;
				_v144 = 0;
				if (_v152 == 0) goto 0xa75228;
				if (_v136 == 0) goto 0xa75228;
				_v120 = 0;
				r8d = 0;
				_v128 = 0;
				_v116 = 0xffffffff;
				if (_v120 != 0) goto 0xa750e4;
				_v120 = 0x10000;
				if (_v120 - 0x400000 >= 0) goto 0xa750e2;
				_v120 = _v120 << 1;
				if (_v128 == 0) goto 0xa750a6;
				LocalFree(??);
				_t87 = _v120;
				 *_t87 =  *_t87 | _t87;
				_v128 = _t87;
				r9d = 0;
				r8d = _v120;
				_v116 = _t87;
				if (_v116 != 0) goto 0xa750e0;
				goto 0xa750e2;
				goto 0xa7507f;
				goto 0xa7511f;
				_v120 = _v120 << 1;
				_t90 = _v120;
				 *_t90 =  *_t90 | _t90;
				_v128 = _t90;
				r9d = 0;
				r8d = _v120;
				_v116 = _t90;
				if (_v116 != 0) goto 0xa75212;
				_v112 = _v128;
				if (0 == 1) goto 0xa75212;
				if ( *((intOrPtr*)(_v112 + 0x50)) != _a8) goto 0xa751ea;
				if ( *((long long*)(_v112 + 4)) <= 0) goto 0xa751e8;
				_t61 = GetVersion();
				if ((_t61 & 0x000000ff) - 4 <= 0) goto 0xa75185;
				_v104 =  *((intOrPtr*)(_v112 + 0x130));
				goto 0xa75196;
				_v104 =  *((intOrPtr*)(_v112 + 0x100));
				_t100 =  &_v72;
				_t62 = _t61 & 0x00000058;
				 *_t100 =  *_t100 + _t62;
				 *_t100 =  *_t100 + _t62;
				_t101 = _v104;
				 *((long long*)(_t133 - 0xa8 + 0x60)) = _t101;
				if (_t101 != 0) goto 0xa751e8;
				_v148 = _v84;
				goto 0xa75212;
				if ( *_v116 != 0) goto 0xa751f6;
				goto 0xa75212;
				_t106 = _v116 +  *_v116;
				_v116 = _t106;
				goto 0xa75134;
				LocalFree(0x302454ff);
				if (_t106 == 0) goto 0xa75228;
				return GetLastError();
			}






























                                                0x7ff600a74ff0
                                                0x7ff600a75006
                                                0x7ff600a7500b
                                                0x7ff600a75019
                                                0x7ff600a7501e
                                                0x7ff600a75023
                                                0x7ff600a75032
                                                0x7ff600a7503e
                                                0x7ff600a75044
                                                0x7ff600a75051
                                                0x7ff600a7505f
                                                0x7ff600a75068
                                                0x7ff600a75075
                                                0x7ff600a75077
                                                0x7ff600a75087
                                                0x7ff600a7508f
                                                0x7ff600a75099
                                                0x7ff600a750a0
                                                0x7ff600a750a6
                                                0x7ff600a750b6
                                                0x7ff600a750b8
                                                0x7ff600a750bd
                                                0x7ff600a750c0
                                                0x7ff600a750d3
                                                0x7ff600a750dc
                                                0x7ff600a750de
                                                0x7ff600a750e0
                                                0x7ff600a750e2
                                                0x7ff600a750ea
                                                0x7ff600a750ee
                                                0x7ff600a750fe
                                                0x7ff600a75100
                                                0x7ff600a75105
                                                0x7ff600a75108
                                                0x7ff600a7511b
                                                0x7ff600a75124
                                                0x7ff600a7512f
                                                0x7ff600a75139
                                                0x7ff600a7514f
                                                0x7ff600a7515e
                                                0x7ff600a75164
                                                0x7ff600a75170
                                                0x7ff600a7517e
                                                0x7ff600a75183
                                                0x7ff600a75191
                                                0x7ff600a75196
                                                0x7ff600a751b1
                                                0x7ff600a751b4
                                                0x7ff600a751b6
                                                0x7ff600a751b8
                                                0x7ff600a751bd
                                                0x7ff600a751dc
                                                0x7ff600a751e3
                                                0x7ff600a751e8
                                                0x7ff600a751f2
                                                0x7ff600a751f4
                                                0x7ff600a75205
                                                0x7ff600a75208
                                                0x7ff600a7520d
                                                0x7ff600a75217
                                                0x7ff600a75220
                                                0x7ff600a75236

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Local$AllocFree$ErrorLastVersion
                                                • String ID:
                                                • API String ID: 1042959361-0
                                                • Opcode ID: 3f89e54b6591f063de4d92e7e2251cf8ab641336408488c6718242e43d63fe02
                                                • Instruction ID: 3c347c9a7324172e6647e41c56b857cab260789d0bb072ae28b37405536ba1e4
                                                • Opcode Fuzzy Hash: 3f89e54b6591f063de4d92e7e2251cf8ab641336408488c6718242e43d63fe02
                                                • Instruction Fuzzy Hash: AC612C32A1DA8196E7609B25E84436AB7B0F7C5795F608135EB8E83BADCF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A98DC0 Relevance: 9.1, APIs: 6, Instructions: 127filesynchronizationCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 29%
                                                			E00007FF67FF600A98DC0(void* __edi, void* __esi, void* __esp, long long __rcx, signed long long __rdx, long long __r8, long long _a8, signed long long _a16, long long _a24) {
				void* _v24;
				long long _v32;
				void* _v40;
				long long _v312;
				signed int _v320;
				signed int _v328;
				char _v600;
				long long _v616;
				long long _v632;
				signed int _t71;
				void* _t72;
				void* _t83;
				signed long long _t114;
				signed long long _t115;
				long long _t117;
				long long _t119;
				long long _t125;
				void* _t153;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v616 = 0;
				if (( *(_a8 + 0x71) & 0x000000ff) == 0) goto 0xa99087;
				if (( *(_a8 + 0x73) & 0x000000ff) != 0) goto 0xa99087;
				_t71 = E00007FF67FF600A87240(_a8, 0xb0d0cc, 0xb0d0e4,  *((intOrPtr*)(_a8 + 0x78)),  &_v600);
				if (_a16 != 0) goto 0xa98e43;
				_v32 = 1;
				goto 0xa98e4e;
				_v32 = 0;
				_v328 = _t71;
				_t114 = _v328 & 0x000000ff;
				if (_t114 == 0) goto 0xa98e7b;
				_t72 = E00007FF67FF600A86820( &_v600);
				_a16 = _t114;
				if (_a16 == 0) goto 0xa99087;
				_t115 = _v328 & 0x000000ff;
				if (_t115 == 0) goto 0xa98eaa;
				 *_t115 =  *_t115 + _t72;
				WaitForSingleObject(??, ??);
				_t117 = _a8;
				E00007FF67FF600A87240(_t117, 0xb0d0d8, 0xb0d0e4,  *((intOrPtr*)(_t117 + 0x78)),  &_v312);
				if (_a24 != 0) goto 0xa98ef8;
				asm("pushad");
				 *_t117 =  *_t117 + _t117;
				asm("and al, 0xfe");
				asm("invalid");
				_v24 = _t117;
				goto 0xa98f04;
				_v24 = 0;
				_v320 = _v24;
				if (_a24 != 0) goto 0xa98f2e;
				if (_v320 == 0) goto 0xa99052;
				if (_a24 != 0) goto 0xa98f63;
				_v632 = 0;
				r9d = 0;
				r8d = 0;
				_pop(_t119);
				 *_t119 =  *_t119 + _t119;
				dil = dil + dil;
				asm("adc eax, 0x6e3bd");
				 *((long long*)(_t153 + 0x2b0)) = _t119;
				if ( *((long long*)(_t153 + 0x2b0)) == 0) goto 0xa98fa2;
				E00007FF67FF600A98760(__edi, __esi, __esp, _a16,  *((intOrPtr*)(_t153 + 0x2b0)));
				 *((long long*)(_t153 + 0x30)) = _t119;
				if (_v312 == 0) goto 0xa98fa2;
				UnmapViewOfFile(??);
				if (_v312 == 0) goto 0xa98fbb;
				CloseHandle(??);
				if ( *((long long*)(_t153 + 0x30)) == 0) goto 0xa99052;
				if (( *(_a16 + 0x75) & 0x000000ff) == 0) goto 0xa99052;
				_v32 = 0;
				if (( *(_a16 + 0x74) & 0x000000ff) == 0) goto 0xa9900c;
				_t125 = _a16;
				E00007FF67FF600A885C0(_t125,  *((intOrPtr*)(_t125 + 0x68)));
				_v32 = _t125;
				if (( *(_a16 + 0x74) & 0x000000ff) == 0) goto 0xa99027;
				if (_v32 == 0) goto 0xa99052;
				E00007FF67FF600A88920(_t83,  *((intOrPtr*)(_a16 + 0x68)),  *((intOrPtr*)(_a16 + 0x78)),  *((intOrPtr*)(_t153 + 0x30)), _v32);
				if ((_v320 & 0x000000ff) == 0) goto 0xa9906d;
				ReleaseMutex(??);
				if ((_v320 & 0x000000ff) == 0) goto 0xa99087;
				return CloseHandle(??);
			}





















                                                0x7ff600a98dc0
                                                0x7ff600a98dc5
                                                0x7ff600a98dca
                                                0x7ff600a98dd6
                                                0x7ff600a98ded
                                                0x7ff600a98e01
                                                0x7ff600a98e26
                                                0x7ff600a98e34
                                                0x7ff600a98e36
                                                0x7ff600a98e41
                                                0x7ff600a98e43
                                                0x7ff600a98e56
                                                0x7ff600a98e5d
                                                0x7ff600a98e67
                                                0x7ff600a98e6e
                                                0x7ff600a98e73
                                                0x7ff600a98e84
                                                0x7ff600a98e8a
                                                0x7ff600a98e94
                                                0x7ff600a98ea1
                                                0x7ff600a98ea3
                                                0x7ff600a98eb2
                                                0x7ff600a98ecc
                                                0x7ff600a98eda
                                                0x7ff600a98ee5
                                                0x7ff600a98ee6
                                                0x7ff600a98eea
                                                0x7ff600a98eec
                                                0x7ff600a98eee
                                                0x7ff600a98ef6
                                                0x7ff600a98ef8
                                                0x7ff600a98f0c
                                                0x7ff600a98f1d
                                                0x7ff600a98f28
                                                0x7ff600a98f37
                                                0x7ff600a98f39
                                                0x7ff600a98f42
                                                0x7ff600a98f45
                                                0x7ff600a98f51
                                                0x7ff600a98f52
                                                0x7ff600a98f54
                                                0x7ff600a98f56
                                                0x7ff600a98f5b
                                                0x7ff600a98f6c
                                                0x7ff600a98f7e
                                                0x7ff600a98f83
                                                0x7ff600a98f91
                                                0x7ff600a98f9b
                                                0x7ff600a98fab
                                                0x7ff600a98fb5
                                                0x7ff600a98fc1
                                                0x7ff600a98fd5
                                                0x7ff600a98fd7
                                                0x7ff600a98ff1
                                                0x7ff600a98ff3
                                                0x7ff600a98fff
                                                0x7ff600a99004
                                                0x7ff600a9901a
                                                0x7ff600a99025
                                                0x7ff600a9904c
                                                0x7ff600a9905c
                                                0x7ff600a99066
                                                0x7ff600a99077
                                                0x7ff600a9908e

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: lstrcat$CloseFileHandleView$CurrentMutexObjectProcessReleaseSingleUnmapWaitlstrcpy
                                                • String ID:
                                                • API String ID: 658288151-0
                                                • Opcode ID: d40c4f235f58e21f0fe8de472b0930d9883dff4a74c97d06ddae8d2fe58b7745
                                                • Instruction ID: a3822cc339f1a05d7fda06538f83106ee9e27c3a38a10e71369fd5ec6a427b7d
                                                • Opcode Fuzzy Hash: d40c4f235f58e21f0fe8de472b0930d9883dff4a74c97d06ddae8d2fe58b7745
                                                • Instruction Fuzzy Hash: 3271D92270CAC5A5EB719B15E4983AB77A4FBC6740F600135D6DD86BAACF3DD444CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9F290 Relevance: 9.1, APIs: 6, Instructions: 95memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 27%
                                                			E00007FF67FF600A9F290(void* __rax, long long __rcx, long long __rdx, long long _a8, long long _a16) {
				long long _v24;
				long long _v28;
				void* _v32;
				long long _v36;
				long long _v40;
				signed long long _v48;
				signed int _v56;
				long _t47;
				long _t50;
				signed char _t52;
				signed char _t53;
				void* _t58;
				signed long long _t67;
				signed long long _t68;
				signed long long _t69;
				signed long long _t70;
				void* _t105;
				long long _t106;
				void* _t107;

				_a16 = __rdx;
				_a8 = __rcx;
				_v24 = _t106;
				r9d = 0;
				r8d = 0;
				_v56 = E00007FF67FF600A9F480(__rax, _a8, _a16, _t107);
				_t67 = _v56 & 0x000000ff;
				if (_t67 != 0) goto 0xa9f437;
				dil = dil + dil;
				asm("adc eax, 0x67f5f");
				_v48 = _t67;
				r8d = 0x8000;
				_t47 = GetModuleFileNameW(??, ??, ??);
				if (_t67 != 0) goto 0xa9f30e;
				_v40 = 0;
				E00007FF67FF600AA828C(_t47, _v24, E00007FF67FF600A9F43E);
				r9b = 1;
				_v56 = E00007FF67FF600A9F480(_t67, _a8, _a16, _v48);
				_t68 = _v56 & 0x000000ff;
				if (_t68 != 0) goto 0xa9f42c;
				r8d = 0x8000;
				_t50 = GetModuleFileNameW(??, ??, ??);
				if (_t68 != 0) goto 0xa9f36b;
				_v36 = 0;
				E00007FF67FF600AA828C(_t50, _v24, E00007FF67FF600A9F444);
				r9b = 1;
				_t52 = E00007FF67FF600A9F480(_t68, _a8, _a16, _v48);
				_v56 = _t52;
				_t69 = _v56 & 0x000000ff;
				if (_t69 != 0) goto 0xa9f42c;
				asm("push es");
				 *((intOrPtr*)(_t105 - 0x38e68a40)) =  *((intOrPtr*)(_t105 - 0x38e68a40)) + _t52;
				_t53 = _t52 & 0x00000038;
				 *_t69 =  *_t69 + _t53;
				 *_t69 =  *_t69 + _t53;
				E00007FF67FF600AA828C(_t53, _v24, E00007FF67FF600A9F44A);
				r9d = 0;
				_v56 = E00007FF67FF600A9F480(_t69, _a8, _a16, _v48);
				_t70 = _v56 & 0x000000ff;
				if (_t70 != 0) goto 0xa9f42c;
				dil = 0;
				asm("adc eax, 0x68064");
				if (_t70 != 0) goto 0xa9f411;
				_v28 = 0;
				E00007FF67FF600AA828C(_t55, _v24, E00007FF67FF600A9F450);
				r9d = 0;
				_v56 = E00007FF67FF600A9F480(_t70, _a8, _a16, _v48);
				_t58 = LocalFree(??);
				return _t58;
			}






















                                                0x7ff600a9f290
                                                0x7ff600a9f295
                                                0x7ff600a9f29e
                                                0x7ff600a9f2a3
                                                0x7ff600a9f2a6
                                                0x7ff600a9f2b8
                                                0x7ff600a9f2bc
                                                0x7ff600a9f2c3
                                                0x7ff600a9f2d2
                                                0x7ff600a9f2d4
                                                0x7ff600a9f2d9
                                                0x7ff600a9f2de
                                                0x7ff600a9f2eb
                                                0x7ff600a9f2f3
                                                0x7ff600a9f2f5
                                                0x7ff600a9f309
                                                0x7ff600a9f30e
                                                0x7ff600a9f325
                                                0x7ff600a9f329
                                                0x7ff600a9f330
                                                0x7ff600a9f336
                                                0x7ff600a9f348
                                                0x7ff600a9f350
                                                0x7ff600a9f352
                                                0x7ff600a9f366
                                                0x7ff600a9f36b
                                                0x7ff600a9f37d
                                                0x7ff600a9f382
                                                0x7ff600a9f386
                                                0x7ff600a9f38d
                                                0x7ff600a9f3a1
                                                0x7ff600a9f3a2
                                                0x7ff600a9f3a8
                                                0x7ff600a9f3ab
                                                0x7ff600a9f3ad
                                                0x7ff600a9f3bb
                                                0x7ff600a9f3c0
                                                0x7ff600a9f3d7
                                                0x7ff600a9f3db
                                                0x7ff600a9f3e2
                                                0x7ff600a9f3ed
                                                0x7ff600a9f3ef
                                                0x7ff600a9f3f6
                                                0x7ff600a9f3f8
                                                0x7ff600a9f40c
                                                0x7ff600a9f411
                                                0x7ff600a9f428
                                                0x7ff600a9f431
                                                0x7ff600a9f458

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$DirectoryLocalModuleName$AllocAttributesCurrentFreeSystemUnwind
                                                • String ID:
                                                • API String ID: 3934050604-0
                                                • Opcode ID: f2544738a975e200d9cc71525cc8726ee7fa71f728ec5e29cd827fe203469e6f
                                                • Instruction ID: cc5887e721c20c1c6c2c5685d02a7b4c99220f8c0d826b5a75244c10a0d79597
                                                • Opcode Fuzzy Hash: f2544738a975e200d9cc71525cc8726ee7fa71f728ec5e29cd827fe203469e6f
                                                • Instruction Fuzzy Hash: 2F414C2271CA8196EB609B11E45026BBB60FBD9784F205136EACDC7B6EDF2DE5448B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7B4B0 Relevance: 9.1, APIs: 6, Instructions: 95fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleView$MappingUnmap
                                                • String ID:
                                                • API String ID: 3514913828-0
                                                • Opcode ID: 3cb3e3de03c7843d770d5fa9dafcd5e1c1800f1705d8779ca91d641f7d036bd1
                                                • Instruction ID: ac1d9b4279a6a46d925f6a34b126418566fbc7f353943e82cd51f2722ef3fbf6
                                                • Opcode Fuzzy Hash: 3cb3e3de03c7843d770d5fa9dafcd5e1c1800f1705d8779ca91d641f7d036bd1
                                                • Instruction Fuzzy Hash: 5351D672A1CB4186E7508B19E89432AB7A0F785B94F204135EB9D83BADDF7DD485CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8FCB0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 92memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AllocLocal$FreeVirtual$CreateCurrentFileThread
                                                • String ID: @
                                                • API String ID: 2880960719-2766056989
                                                • Opcode ID: 2a6d4274db3a1a2695e5c2e097a6256f996f59b6a25c104d018fcbfb8917e32c
                                                • Instruction ID: 4ec6282ea3fcb82ac8f638db7acefca5b87135196451116f3884e606c5e687cd
                                                • Opcode Fuzzy Hash: 2a6d4274db3a1a2695e5c2e097a6256f996f59b6a25c104d018fcbfb8917e32c
                                                • Instruction Fuzzy Hash: F941E376629B8586D790CB19E08471AB7A1F789B84F105035FB8E87BA9CF7DD444CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A99CE0 Relevance: 9.1, APIs: 7, Instructions: 319memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AllocLocal$lstrlen
                                                • String ID:
                                                • API String ID: 508594189-0
                                                • Opcode ID: 943f1ed8bbe8407d9f774125ce4ba39fe41f9f214ce9e3803e7c2818f938e998
                                                • Instruction ID: 6b6e17ef4242ea3eadee939c52e4c38dde3b7dea5d1233301c60bac98c3b4e5f
                                                • Opcode Fuzzy Hash: 943f1ed8bbe8407d9f774125ce4ba39fe41f9f214ce9e3803e7c2818f938e998
                                                • Instruction Fuzzy Hash: 27F16477609A45D6DB60CF19E09032AB7A0F7C9B99F204226EB8D87768DF3ED551CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7B370 Relevance: 9.1, APIs: 6, Instructions: 62fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleView$MappingUnmap
                                                • String ID:
                                                • API String ID: 3514913828-0
                                                • Opcode ID: c90248847836166f1803d437283402f3fb44467cf48f788af61c802ceb1b7e94
                                                • Instruction ID: 5348c0ad631c723a26b33462bcaecfd1281bf7424d196d2eb2e44d082b293480
                                                • Opcode Fuzzy Hash: c90248847836166f1803d437283402f3fb44467cf48f788af61c802ceb1b7e94
                                                • Instruction Fuzzy Hash: D0310D72A1CB8182E7608B05F85832AB7A0F7C5BA4F204135EA9D83BADCF7DD444CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A86C3C Relevance: 9.1, APIs: 6, Instructions: 53stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentProcesslstrlen$DuplicateFreeHandleVirtual
                                                • String ID:
                                                • API String ID: 1334103914-0
                                                • Opcode ID: 0992072e05032f67e9fb9c4fe19b280ff0e1c6b6700c9e1131e9b948b1cb87c4
                                                • Instruction ID: 66f4bf2a1b27bcfb3e3ca44b86c96c152bf59357e77f6ffd816d704da8cfd4ef
                                                • Opcode Fuzzy Hash: 0992072e05032f67e9fb9c4fe19b280ff0e1c6b6700c9e1131e9b948b1cb87c4
                                                • Instruction Fuzzy Hash: A621C672A0CAC196E770CB25E5583EAA7A0FBC9B84F504135DA8E82B59DF7DD544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AE23CC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 113COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 70%
                                                			E00007FF67FF600AE23CC(intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, signed int __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				void* _t24;
				void* _t33;
				short _t36;
				intOrPtr* _t51;
				void* _t73;
				void* _t88;
				void* _t89;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t51 = __rcx;
				 *((intOrPtr*)(__rcx - 0x7bf0fe08)) =  *((intOrPtr*)(__rcx - 0x7bf0fe08)) + _t24;
				asm("stc");
				 *__rax =  *__rax + _t24;
				 *__rcx =  *__rcx + sil;
				 *0xfaf240d =  *0xfaf240d & __rsi;
				 *__rax =  *__rax + _t24;
				 *0xE527E7FFFFFFC1 =  *((intOrPtr*)(0xe527e7ffffffc1)) + _t24;
				asm("adc al, 0x3");
				 *__rax =  *__rax + _t24;
				E00007FF67FF600ACF944(__rax, 0xb35930, __rdx, L"Runtime Error!\n\nProgram: ");
				if (__rax != 0) goto 0xae2514;
				 *0xb35b6a = _t36;
				r8d = 0x104;
				GetModuleFileNameW(??, ??, ??);
				if (__rax != 0) goto 0xae2474;
				E00007FF67FF600ACF944(__rax, 0xb35962, _t73, L"<program name unknown>");
				if (__rax != 0) goto 0xae2514;
				if ( *0x17FE2021A0C26 != _t36) goto 0xae2478;
				if (0x7ff600b35963 - 0x3c <= 0) goto 0xae24b4;
				r9d = 3;
				E00007FF67FF600AF0A34(0xffffffffffffffc5, __rcx, 0x7ff600b358ec, _t73 - 0xffffffffffffffc5, L"...", _t88);
				if (0xffffffffffffffc5 != 0) goto 0xae2514;
				E00007FF67FF600ACF3AC(0xffffffffffffffc5, 0xb35930, _t89, L"\n\n");
				if (0xffffffffffffffc5 != 0) goto 0xae2514;
				_t87 = __rcx;
				E00007FF67FF600ACF3AC(0xffffffffffffffc5, 0xb35930, _t89, __rcx);
				if (0xffffffffffffffc5 != 0) goto 0xae2514;
				r8d = 0x12010;
				E00007FF67FF600AF0D68(_t33, 0xffffffffffffffc5, __rcx, 0xb35930, L"Microsoft Visual C++ Runtime Library", __rsi, 0xb35930, __rcx);
				goto 0xae24fb;
				return E00007FF67FF600AE2324(r14d, _t51, _t87);
			}










                                                0x7ff600ae23cc
                                                0x7ff600ae23d1
                                                0x7ff600ae23d6
                                                0x7ff600ae23e4
                                                0x7ff600ae23f0
                                                0x7ff600ae23f6
                                                0x7ff600ae23f7
                                                0x7ff600ae23f9
                                                0x7ff600ae2402
                                                0x7ff600ae240a
                                                0x7ff600ae240c
                                                0x7ff600ae240f
                                                0x7ff600ae2411
                                                0x7ff600ae2427
                                                0x7ff600ae242e
                                                0x7ff600ae243b
                                                0x7ff600ae2445
                                                0x7ff600ae244d
                                                0x7ff600ae2459
                                                0x7ff600ae2467
                                                0x7ff600ae246e
                                                0x7ff600ae2480
                                                0x7ff600ae248a
                                                0x7ff600ae2490
                                                0x7ff600ae24ab
                                                0x7ff600ae24b2
                                                0x7ff600ae24c1
                                                0x7ff600ae24c8
                                                0x7ff600ae24ca
                                                0x7ff600ae24d3
                                                0x7ff600ae24da
                                                0x7ff600ae24dc
                                                0x7ff600ae24ec
                                                0x7ff600ae24f1
                                                0x7ff600ae2513

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FileModuleName
                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                • API String ID: 514040917-4022980321
                                                • Opcode ID: 8476b2117ce05a1c75e836e70cdc8394fdf35f6b0470e19ad4060ed8c9a2881f
                                                • Instruction ID: f341efa20a7719d0e2b6ec21bbfaa53dba7803407758f665b838520b41e90d17
                                                • Opcode Fuzzy Hash: 8476b2117ce05a1c75e836e70cdc8394fdf35f6b0470e19ad4060ed8c9a2881f
                                                • Instruction Fuzzy Hash: 2741E422B08786B1FA24DB22A8106BA6395BF59BD0F640531DD5EC779FEF3CE1058700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB1E24 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Library$Load$ErrorFreeLast
                                                • String ID: api-ms-
                                                • API String ID: 3813093105-2084034818
                                                • Opcode ID: 8b6e75949f58db612957e09311ee977c6b5f31d9505b1f002d9f1b8d4252d1e5
                                                • Instruction ID: 411d9cfff31a78cef02221e275da74a8bd1126fcd983ba93173e8d6676c69ff4
                                                • Opcode Fuzzy Hash: 8b6e75949f58db612957e09311ee977c6b5f31d9505b1f002d9f1b8d4252d1e5
                                                • Instruction Fuzzy Hash: E721A432F0EA06A1EE55CB1698105796294FF4ABB0FB94630DE2D967DBDF3CF4418600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB206C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Library$Load$ErrorFreeLast
                                                • String ID: api-ms-
                                                • API String ID: 3813093105-2084034818
                                                • Opcode ID: 69cb304bbf9fe3be93aca6fc248ac55b28f9e948a7868dc8c3ecbe563068534f
                                                • Instruction ID: 32deb51dfceb0d47348b5a39739d97479009a1cd9f182fe13ef6f87d45618ea7
                                                • Opcode Fuzzy Hash: 69cb304bbf9fe3be93aca6fc248ac55b28f9e948a7868dc8c3ecbe563068534f
                                                • Instruction Fuzzy Hash: CD21B332A1DB45A1EA55DB1AA80027562A4EF4ABB0F681335DE2D877DADF3CF4418300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA12B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Event$Source$DeregisterErrorLastRegisterReport
                                                • String ID: %s failed with %d
                                                • API String ID: 544316925-2221204676
                                                • Opcode ID: ae354b54d0a053aa9c78a7a59c2db9947c41ba4d999c66adea2e7433fa162965
                                                • Instruction ID: a00b6ca1b8aa1ccc980e702bdce8e527c40ed54b26190af1d6e320372e6d4a64
                                                • Opcode Fuzzy Hash: ae354b54d0a053aa9c78a7a59c2db9947c41ba4d999c66adea2e7433fa162965
                                                • Instruction Fuzzy Hash: 39115E32A0CB8296EB648B51F45076AB361FB89794F600135EA8E83B59EF7DE054CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA1950 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Library$AddressFreeLoadProc
                                                • String ID: SHGetSpecialFolderPathA$shell32.dll
                                                • API String ID: 145871493-543337301
                                                • Opcode ID: 48038298fa4e4a897699d34aa3392eca7e6af670055d6a60be4e7cd13607ca12
                                                • Instruction ID: ae4644b0a7d6f51b94ace8ed10632a666d46e7415142ea8aa4ae14ea2aee1ea2
                                                • Opcode Fuzzy Hash: 48038298fa4e4a897699d34aa3392eca7e6af670055d6a60be4e7cd13607ca12
                                                • Instruction Fuzzy Hash: 48017C31B1DB4191EA148B22B55012AB3A0BB4ABC0F984035EE9E93B98DF3DE445C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AE40E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 5207963e5b6572dfa8f1c41e11260b4a07593f375f72dac7e61a7dd2015bac91
                                                • Instruction ID: b7c1f7b66727625b76fb2e780db60f6d96d709183191f018a79eae50ac63f956
                                                • Opcode Fuzzy Hash: 5207963e5b6572dfa8f1c41e11260b4a07593f375f72dac7e61a7dd2015bac91
                                                • Instruction Fuzzy Hash: 94F08261F1DA42A1EF448F21E88037563A0EF58B85FA41035D50FC63A9EF2EE588C310
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9E410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 23fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateExitHandleProcessWrite
                                                • String ID: c:\desktop\code.dat
                                                • API String ID: 3216412542-211762198
                                                • Opcode ID: 88a040865d47ccb5b6662c7254e6a461bdfa846805d1c7dc0c63c4ad991728b9
                                                • Instruction ID: 94875065e9c8416616f5a2e7cb378eb8d01a25ca34d4255d8a53100a460d81fe
                                                • Opcode Fuzzy Hash: 88a040865d47ccb5b6662c7254e6a461bdfa846805d1c7dc0c63c4ad991728b9
                                                • Instruction Fuzzy Hash: F2F0E132A1CA42A1E710CB24F85476A7770FB85744F601535D54E82769CF3EE149CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B02F68 Relevance: 7.8, APIs: 5, Instructions: 291COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 48%
                                                			E00007FF67FF600B02F68(void* __ebx, signed int __ecx, long long* __rax, long long __rbx, long long __rdx, long long __r9, char _a8, long long _a16, long long _a24, intOrPtr _a32) {
				signed long long _v72;
				long long _v80;
				signed int _v88;
				signed long long _v96;
				void* _v104;
				unsigned long long _v120;
				signed char _t124;
				intOrPtr _t136;
				int _t143;
				void* _t144;
				char _t155;
				char _t156;
				short _t158;
				unsigned long long _t163;
				void* _t164;
				signed int _t166;
				void* _t169;
				signed long long _t210;
				signed long long _t211;
				signed long long _t212;
				signed long long _t213;
				intOrPtr _t218;
				intOrPtr _t220;
				short* _t226;
				long long* _t228;
				signed long long _t233;
				void* _t235;
				intOrPtr _t242;
				signed long long _t258;
				unsigned long long _t275;
				void* _t277;
				void* _t278;
				signed long long _t286;
				signed long long _t287;
				unsigned long long _t288;
				intOrPtr* _t290;
				void* _t296;
				short* _t298;
				unsigned long long _t301;
				signed long long _t302;
				signed long long _t304;
				char* _t305;
				char* _t306;

				_a24 = __rbx;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0xb02fa9;
				E00007FF67FF600AE8CE4(__rax);
				 *__rax = 0;
				E00007FF67FF600AE8D04(__rax);
				 *__rax = 9;
				goto 0xb033a3;
				if (_t235 < 0) goto 0xb0338c;
				_t169 = r12d -  *0xb36760; // 0x40
				if (_t169 >= 0) goto 0xb0338c;
				r9d = 1;
				_t210 = __ecx & 0x0000003f;
				_v80 = __r9;
				_t286 = __ecx >> 6;
				_v88 = _t286;
				_t302 = _t210 + _t210 * 8;
				if ((r9b &  *(0xb36360 + 0x38 + _t302 * 8)) == 0) goto 0xb0338c;
				if (r13d - 0x7fffffff <= 0) goto 0xb03018;
				E00007FF67FF600AE8CE4(_t210);
				 *_t210 = 0;
				_t124 = E00007FF67FF600AE8D04(_t210);
				 *_t210 = 0x16;
				goto 0xb0339e;
				if (r13d == 0) goto 0xb03388;
				if ((_t124 & 0x00000002) != 0) goto 0xb03388;
				if (__rdx == 0) goto 0xb03001;
				r11d =  *((char*)(0xb36360 + 0x39 + _t302 * 8));
				_t211 =  *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _t286 * 8)) + 0x28 + _t302 * 8));
				_v96 = _t211;
				if (r11d != r9d) goto 0xb03081;
				_t212 =  !_t211;
				if ((r9b & r13d) != 0) goto 0xb03081;
				E00007FF67FF600AE8CE4(_t212);
				 *_t212 = 0;
				E00007FF67FF600AE8D04(_t212);
				 *_t212 = 0x16;
				E00007FF67FF600ACE12C();
				goto 0xb0321c;
				goto 0xb03117;
				_t213 =  !_t212;
				if ((r9b & r13d) == 0) goto 0xb03065;
				_t166 = r13d;
				_t277 =  <  ? 0x4 : _t275 >> 1;
				E00007FF67FF600AE8BEC(_t213, _t277);
				_t233 = _t213;
				E00007FF67FF600AE8E1C(_t213, 0);
				E00007FF67FF600AE8E1C(_t213, 0);
				_t304 = _t233;
				if (_t233 != 0) goto 0xb030e2;
				E00007FF67FF600AE8D04(_t213);
				 *_t213 = 0xc;
				E00007FF67FF600AE8CE4(_t213);
				 *_t213 = 8;
				goto 0xb0321c;
				r8d = 1;
				0xb02044();
				_t287 = _v88;
				r11b = _a8;
				r9d = 1;
				 *( *((intOrPtr*)(0xb36360 + _t287 * 8)) + 0x30 + _t302 * 8) = _t213;
				_t242 =  *((intOrPtr*)(0xb36360 + _t287 * 8));
				_v72 = _t304;
				r10d = 0xa;
				if (( *(_t242 + 0x38 + _t302 * 8) & 0x00000048) == 0) goto 0xb031a6;
				_t136 =  *((intOrPtr*)(_t242 + 0x3a + _t302 * 8));
				if (_t136 == r10b) goto 0xb031a6;
				if (_t277 == 0) goto 0xb031a6;
				 *_t304 = _t136;
				_t278 = _t277 - 1;
				_t305 = _t304 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _t287 * 8)) + 0x3a + _t302 * 8)) = r10b;
				if (r11b == 0) goto 0xb031a6;
				_t155 =  *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _t287 * 8)) + 0x3b + _t302 * 8));
				if (_t155 == r10b) goto 0xb031a6;
				if (_t278 == 0) goto 0xb031a6;
				 *_t305 = _t155;
				_t306 = _t305 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _t287 * 8)) + 0x3b + _t302 * 8)) = r10b;
				if (r11b != r9b) goto 0xb031a6;
				_t156 =  *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _t287 * 8)) + 0x3c + _t302 * 8));
				if (_t156 == r10b) goto 0xb031a6;
				if (_t278 - 1 == 0) goto 0xb031a6;
				 *_t306 = _t156;
				_t163 = __rdx - 7;
				_t218 =  *((intOrPtr*)(0xb36360 + _t287 * 8));
				 *((intOrPtr*)(_t218 + 0x3c + _t302 * 8)) = r10b;
				E00007FF67FF600AFCD74(r12d, _t218);
				if (_t218 == 0) goto 0xb0323a;
				_t220 =  *((intOrPtr*)(0xb36360 + _v88 * 8));
				if ( *((intOrPtr*)(_t220 + 0x38 + _t302 * 8)) - sil >= 0) goto 0xb0323a;
				GetConsoleMode(??, ??);
				if (_t220 == 0) goto 0xb0323a;
				if (_a8 != 2) goto 0xb0323f;
				r8d = _t166;
				_v120 = 0;
				ReadConsoleW(??, ??, ??, ??, ??);
				if (_t220 != 0) goto 0xb0322e;
				GetLastError();
				E00007FF67FF600AE8C94(r12d, _t220, _t233);
				E00007FF67FF600AE8E1C(_t220, _t233);
				goto 0xb033a6;
				goto 0xb0327a;
				_v80 = sil;
				r8d = _t166;
				_v120 = 0;
				_t143 = ReadFile(??, ??, ??, ??, ??);
				if (_a32 == 0) goto 0xb03352;
				if (_a32 - r13d > 0) goto 0xb03352;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _v88 * 8)) + 0x38 + _t302 * 8)) - sil >= 0) goto 0xb0321f;
				_t288 = _t163;
				if (_a8 == 2) goto 0xb032c3;
				_t258 = _t306 + __r9;
				_t158 = r12d;
				_v120 = _t301 >> 1;
				_t144 = E00007FF67FF600B02A9C(_t143, __ebx, _t158, _t164, _t258, _t288, _a16);
				goto 0xb0321f;
				if (_v80 == sil) goto 0xb03340;
				_t298 = _v72;
				_t226 = _t298;
				_t296 = _t298 + (_t288 >> 1) * 2;
				if (_t298 - _t296 >= 0) goto 0xb03333;
				if (_v96 == 0x1a) goto 0xb03329;
				if (_t158 != 0xd) goto 0xb0330f;
				_t290 = _t226 + 2;
				if (_t290 - _t296 >= 0) goto 0xb0330f;
				if ( *_t290 != _t164) goto 0xb0330f;
				r8d = 4;
				goto 0xb03315;
				r8d = 2;
				 *_t298 = _t158;
				if (_t226 + _t290 - _t296 < 0) goto 0xb032e6;
				goto 0xb03333;
				_t228 =  *((intOrPtr*)(0xb36360 + _t258 * 8));
				 *(_t228 + 0x38 + _t302 * 8) =  *(_t228 + 0x38 + _t302 * 8) | 0x00000002;
				goto 0xb0321f;
				E00007FF67FF600B027EC(_t144, r12d, _v72, _t298 + 2);
				goto 0xb032bc;
				GetLastError();
				if (_t228 != 5) goto 0xb03378;
				E00007FF67FF600AE8D04(_t228);
				 *_t228 = 9;
				E00007FF67FF600AE8CE4(_t228);
				 *_t228 = 5;
				goto 0xb0321c;
				if (_t228 != 0x6d) goto 0xb03215;
				goto 0xb0321f;
				goto 0xb033a6;
				E00007FF67FF600AE8CE4(0);
				 *0x00000000 = 0xa;
				E00007FF67FF600AE8D04(0);
				 *0x00000000 = 9;
				return E00007FF67FF600ACE12C();
			}














































                                                0x7ff600b02f68
                                                0x7ff600b02f6d
                                                0x7ff600b02f87
                                                0x7ff600b02f8e
                                                0x7ff600b02f90
                                                0x7ff600b02f97
                                                0x7ff600b02f99
                                                0x7ff600b02f9e
                                                0x7ff600b02fa4
                                                0x7ff600b02fad
                                                0x7ff600b02fb3
                                                0x7ff600b02fba
                                                0x7ff600b02fc3
                                                0x7ff600b02fc7
                                                0x7ff600b02fca
                                                0x7ff600b02fd9
                                                0x7ff600b02fdd
                                                0x7ff600b02fe2
                                                0x7ff600b02ff2
                                                0x7ff600b02fff
                                                0x7ff600b03001
                                                0x7ff600b03006
                                                0x7ff600b03008
                                                0x7ff600b0300d
                                                0x7ff600b03013
                                                0x7ff600b0301b
                                                0x7ff600b03023
                                                0x7ff600b0302c
                                                0x7ff600b0302e
                                                0x7ff600b03037
                                                0x7ff600b0303f
                                                0x7ff600b03059
                                                0x7ff600b0305e
                                                0x7ff600b03063
                                                0x7ff600b03065
                                                0x7ff600b0306a
                                                0x7ff600b0306c
                                                0x7ff600b03071
                                                0x7ff600b03077
                                                0x7ff600b0307c
                                                0x7ff600b0308e
                                                0x7ff600b03096
                                                0x7ff600b0309b
                                                0x7ff600b0309d
                                                0x7ff600b030a4
                                                0x7ff600b030a9
                                                0x7ff600b030b0
                                                0x7ff600b030b3
                                                0x7ff600b030ba
                                                0x7ff600b030bf
                                                0x7ff600b030c5
                                                0x7ff600b030c7
                                                0x7ff600b030cc
                                                0x7ff600b030d2
                                                0x7ff600b030d7
                                                0x7ff600b030dd
                                                0x7ff600b030e7
                                                0x7ff600b030eb
                                                0x7ff600b030f0
                                                0x7ff600b030fc
                                                0x7ff600b03104
                                                0x7ff600b0310e
                                                0x7ff600b03113
                                                0x7ff600b0311f
                                                0x7ff600b03124
                                                0x7ff600b0312a
                                                0x7ff600b0312c
                                                0x7ff600b03134
                                                0x7ff600b03138
                                                0x7ff600b0313a
                                                0x7ff600b0313d
                                                0x7ff600b03143
                                                0x7ff600b03149
                                                0x7ff600b03151
                                                0x7ff600b03157
                                                0x7ff600b0315f
                                                0x7ff600b03163
                                                0x7ff600b03165
                                                0x7ff600b03170
                                                0x7ff600b03175
                                                0x7ff600b0317d
                                                0x7ff600b03183
                                                0x7ff600b0318b
                                                0x7ff600b0318f
                                                0x7ff600b03191
                                                0x7ff600b03194
                                                0x7ff600b03198
                                                0x7ff600b031a1
                                                0x7ff600b031a9
                                                0x7ff600b031b0
                                                0x7ff600b031c2
                                                0x7ff600b031cb
                                                0x7ff600b031d7
                                                0x7ff600b031df
                                                0x7ff600b031e9
                                                0x7ff600b031fd
                                                0x7ff600b03200
                                                0x7ff600b03205
                                                0x7ff600b0320d
                                                0x7ff600b0320f
                                                0x7ff600b03217
                                                0x7ff600b03222
                                                0x7ff600b03229
                                                0x7ff600b03238
                                                0x7ff600b0323a
                                                0x7ff600b0324c
                                                0x7ff600b0324f
                                                0x7ff600b03257
                                                0x7ff600b0325f
                                                0x7ff600b0326d
                                                0x7ff600b0328f
                                                0x7ff600b03299
                                                0x7ff600b0329c
                                                0x7ff600b032ac
                                                0x7ff600b032af
                                                0x7ff600b032b2
                                                0x7ff600b032b7
                                                0x7ff600b032be
                                                0x7ff600b032cb
                                                0x7ff600b032cd
                                                0x7ff600b032d2
                                                0x7ff600b032d8
                                                0x7ff600b032df
                                                0x7ff600b032ed
                                                0x7ff600b032f3
                                                0x7ff600b032f5
                                                0x7ff600b032fc
                                                0x7ff600b03302
                                                0x7ff600b03307
                                                0x7ff600b0330d
                                                0x7ff600b0330f
                                                0x7ff600b03318
                                                0x7ff600b03325
                                                0x7ff600b03327
                                                0x7ff600b03329
                                                0x7ff600b0332d
                                                0x7ff600b0333b
                                                0x7ff600b03348
                                                0x7ff600b0334d
                                                0x7ff600b03352
                                                0x7ff600b0335b
                                                0x7ff600b0335d
                                                0x7ff600b03362
                                                0x7ff600b03368
                                                0x7ff600b0336d
                                                0x7ff600b03373
                                                0x7ff600b0337b
                                                0x7ff600b03383
                                                0x7ff600b0338a
                                                0x7ff600b0338c
                                                0x7ff600b03391
                                                0x7ff600b03393
                                                0x7ff600b03398
                                                0x7ff600b033bd

                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8de9dde6a4ec6fd4bb5eb3c3e81f24ebe1f9a6bd453d89836bb36ed6c551d285
                                                • Instruction ID: 1f45fef7055daeecd2166e640ef24bce32ce5428f93a5a4d9b08fbf6d71f0f59
                                                • Opcode Fuzzy Hash: 8de9dde6a4ec6fd4bb5eb3c3e81f24ebe1f9a6bd453d89836bb36ed6c551d285
                                                • Instruction Fuzzy Hash: A1C11722A0C78671E7619B1596482BD77A9FB92F80F744131DA4F8339ADF3EE955C300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A83D70 Relevance: 7.8, APIs: 6, Instructions: 253COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CriticalEnterFreeSectionVirtual
                                                • String ID:
                                                • API String ID: 1835248585-0
                                                • Opcode ID: c31a8010bdb861f2f6c2ed30234b31153301086dfd92d7fad143fdee6d0b9124
                                                • Instruction ID: 4864495c114658ed1131ee68d0c55bc4d848d26b8beb77d8324ae7255d092a20
                                                • Opcode Fuzzy Hash: c31a8010bdb861f2f6c2ed30234b31153301086dfd92d7fad143fdee6d0b9124
                                                • Instruction Fuzzy Hash: 06F1E57650DBC296E7B08B15E0843AAB7A4F789784F20013ADB8D87B99DF7DD484CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A78BC0 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Message$MultipleObjectsWait$DispatchPeekTranslate
                                                • String ID:
                                                • API String ID: 4084795276-0
                                                • Opcode ID: a53f720bcb1516caa89051093f823b247e6cd188066e7f7c88d85390fee3e598
                                                • Instruction ID: 41537a846dc2784e4305c29243798e6e14f6a59d45f73c7b23bf347889286421
                                                • Opcode Fuzzy Hash: a53f720bcb1516caa89051093f823b247e6cd188066e7f7c88d85390fee3e598
                                                • Instruction Fuzzy Hash: 45311E3295D6C196F3618B28E84876ABAA0FB81344F244035D6CE86BADCF7DD048DF11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9E290 Relevance: 7.6, APIs: 5, Instructions: 52synchronizationthreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CloseCodeExitHandleObjectSingleThreadWait
                                                • String ID:
                                                • API String ID: 2634376094-0
                                                • Opcode ID: 0084dbdca0eaf532ba7127690b1a6e1577e3ba9f6061e9a6529d54463a162ca3
                                                • Instruction ID: e312a3499b2e15bb6f41301aa148e871dc76c8e25b9060d331bd30055b5b2715
                                                • Opcode Fuzzy Hash: 0084dbdca0eaf532ba7127690b1a6e1577e3ba9f6061e9a6529d54463a162ca3
                                                • Instruction Fuzzy Hash: 0A21AC72A0C6819BD730DB55E45422EBBA0F785755F200135E68D86BAEDF7EE9448F00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A78030 Relevance: 7.5, APIs: 5, Instructions: 28synchronizationthreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseHandle$lstrcat$AllocFileLocalObjectSingleViewWaitlstrcpylstrlen$CurrentProcessTerminateThreadUnmap
                                                • String ID:
                                                • API String ID: 601521943-0
                                                • Opcode ID: 5f9a994b212d395036795721f0fd1fffab9ee51cda62d7eef8fa7396df992115
                                                • Instruction ID: bb9ec1b18eeb43e0edba60e6542f7f1bb0c5e97606fd7fea05037769744e50d3
                                                • Opcode Fuzzy Hash: 5f9a994b212d395036795721f0fd1fffab9ee51cda62d7eef8fa7396df992115
                                                • Instruction Fuzzy Hash: 21011236A6CAC191E7609B21F8547ABB761FBC5740F504031DA8E92B6DCF2DE4458B00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A79730 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 43%
                                                			E00007FF67FF600A79730(void* __rcx, void* __rdx, void* __r8, void* __r9, intOrPtr _a8) {
				long long _v16;
				long long _v24;
				void* _t26;
				void* _t28;

				E00007FF67FF600A76710(_t26, L"HandlePipedIpcMessage: Invoking client registered callback...\n", __rdx, __r8, __r9, __rcx);
				_v16 =  *((intOrPtr*)(_a8 + 0x28));
				_v24 =  *((intOrPtr*)(_a8 + 0x170));
				r8d =  *((intOrPtr*)(_a8 + 0x158));
				_t28 =  *((intOrPtr*)(_a8 + 0x20))();
				if ( *((long long*)(_a8 + 0x170)) == 0) goto 0xa797e4;
				E00007FF67FF600A76710(_t28, L"PipedIpcThread1: After callback issued, answer length is %d.  Setting Event2 and closing answer\n",  *((intOrPtr*)(_a8 + 0x170)), __r8,  *((intOrPtr*)(_a8 + 0x168)));
				SetEvent(??);
				E00007FF67FF600A78AC0(_a8 + 0x160);
				return LocalFree(??);
			}







                                                0x7ff600a79740
                                                0x7ff600a79757
                                                0x7ff600a79767
                                                0x7ff600a7977c
                                                0x7ff600a79797
                                                0x7ff600a797a6
                                                0x7ff600a797ba
                                                0x7ff600a797cb
                                                0x7ff600a797df
                                                0x7ff600a797fa

                                                APIs
                                                Strings
                                                • PipedIpcThread1: After callback issued, answer length is %d. Setting Event2 and closing answer, xrefs: 00007FF600A797B3
                                                • HandlePipedIpcMessage: Invoking client registered callback..., xrefs: 00007FF600A79739
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Close$Handle$ChangeEventFileFindFreeLocalNotificationUnmapView
                                                • String ID: HandlePipedIpcMessage: Invoking client registered callback...$PipedIpcThread1: After callback issued, answer length is %d. Setting Event2 and closing answer
                                                • API String ID: 1820706598-1065349934
                                                • Opcode ID: f9d0acc39a970f1f7088d31d5208ee7115568e0799f83eb84142b7b8c35e79d7
                                                • Instruction ID: b1dd4ce2e692f8723bdbc08f75cc122054744b4638f40a822fc3bb2a58046d6a
                                                • Opcode Fuzzy Hash: f9d0acc39a970f1f7088d31d5208ee7115568e0799f83eb84142b7b8c35e79d7
                                                • Instruction Fuzzy Hash: D0119936618A85D2DA04DB16E8942AA7770F7C9B84F644132EF4E87769CF3AD805CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AECD28 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastLibraryLoad
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3568775529-537541572
                                                • Opcode ID: f90b8a2d6c829792753309d562dbf1ccd1dea0b419ba0ff61b4a77eb6980c2de
                                                • Instruction ID: 7311a832feb0053c9bddea6066d08ae55db0d890285cbd1cb153ff945a91415a
                                                • Opcode Fuzzy Hash: f90b8a2d6c829792753309d562dbf1ccd1dea0b419ba0ff61b4a77eb6980c2de
                                                • Instruction Fuzzy Hash: CDF0B455F6C643A1FB64976A9C802B81281DF4AB90F684430CE0DC579EFF6EF4868740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9D6D0 Relevance: 6.3, APIs: 4, Instructions: 313injectionCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 45%
                                                			E00007FF67FF600A9D6D0(long long __rax, long long __rcx, long long __rdx, void* __r9, long long _a8, long long _a16, intOrPtr _a24, signed char _a32) {
				long long _v24;
				char _v28;
				char _v32;
				char _v40;
				long long _v48;
				signed int _v56;
				long long _v64;
				long long _v72;
				long long _v90;
				long long _v98;
				long long _v106;
				long long _v114;
				long long _v122;
				long long _v130;
				long long _v138;
				long long _v146;
				long long _v154;
				long long _v162;
				long long _v170;
				long long _v178;
				long long _v186;
				long long _v194;
				long long _v202;
				long long _v210;
				long long _v218;
				void* _v760;
				char _v1032;
				long long _v1040;
				long long _v1048;
				long long _v1064;
				long long _v1072;
				long long _v1080;
				char _t191;
				void* _t233;
				void* _t234;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t241;
				long long _t251;
				signed long long _t253;
				intOrPtr* _t261;
				void* _t262;
				long long _t264;
				long long _t265;
				long long _t266;
				long long _t267;
				long long _t268;
				signed long long _t269;
				long long _t270;
				long long _t271;
				long long _t272;
				long long _t273;
				long long _t274;
				long long _t275;
				long long _t276;
				long long _t277;
				long long _t278;
				long long _t279;
				long long _t280;
				long long _t281;
				long long _t282;
				long long _t283;
				long long _t284;
				long long _t285;
				long long _t286;
				long long _t287;
				long long _t288;
				long long _t289;
				long long _t290;
				long long _t291;
				long long _t292;
				long long _t293;
				long long _t294;
				long long _t295;
				long long _t296;
				long long _t297;
				long long _t301;
				intOrPtr _t354;
				intOrPtr _t355;
				intOrPtr _t356;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				intOrPtr _t360;
				intOrPtr _t361;
				intOrPtr _t362;
				intOrPtr _t363;
				intOrPtr _t364;
				intOrPtr _t365;
				intOrPtr _t366;
				intOrPtr _t367;
				void* _t374;
				void* _t379;

				_t379 = __r9;
				_t251 = __rax;
				_a32 = r9b;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_v1040 = 0;
				_t191 = E00007FF67FF600A9DEC0(_t236, _t237, __rax, _a16);
				_v1048 = _t251;
				if (_v1048 == 0) goto 0xa9deaf;
				_v64 = 0;
				_v1032 = _t191;
				_t253 = _a32 & 0x000000ff;
				if (_t253 != 0) goto 0xa9d7ae;
				E00007FF67FF600ACF020(_t234, _t253, _a8, _t379);
				_v56 = _t253 - 1;
				goto 0xa9d767;
				_v56 = _v56 - 1;
				if (_v56 < 0) goto 0xa9d7ae;
				_t241 = ( *(_a8 + _v56 * 2) & 0x0000ffff) - 0x5c;
				if (_t241 != 0) goto 0xa9d7ac;
				_t261 = _a8 + (_v56 + 1) * 2;
				_a8 = _t261;
				goto 0xa9d7ae;
				goto 0xa9d756;
				asm("pushad");
				 *_t261 =  *_t261 + _t261;
				if (_t241 < 0) goto 0xa9d7e7;
				_t262 = _t261 +  *_t261;
				E00007FF67FF600A75470(_t236, _t262, _a16);
				if (_t262 != 0) goto 0xa9d9c4;
				_v72 = 0x372;
				if ((E00007FF67FF600A71BF0(_t236, _t262, _a16) & 0x000000ff) == 0) goto 0xa9d9bf;
				_t264 =  &_v1032;
				_v48 = _t264;
				E00007FF67FF600A71530(_t235, _t264);
				 *((long long*)(_v48 + 0x32e)) = _t264;
				_t265 = _v48;
				 *((long long*)(_t265 + 0x332)) = 0;
				 *((long long*)(_t265 - 0x75)) =  *((long long*)(_t265 - 0x75)) - 1;
				 *((intOrPtr*)(_t265 + _t374)) = fs;
				 *0xFD3CF2E800033682 =  *((intOrPtr*)(0xfd3cf2e800033682)) + _t235;
				 *0xFD3CF2E800000003 =  *((intOrPtr*)(0xfd3cf2e800000003)) + dil;
				E00007FF67FF600A71530(_t235, _t265);
				 *((long long*)(_v48 + 0x33a)) = _t265;
				_t266 = _v48;
				 *((long long*)(_t266 + 0x33e)) = 0;
				 *((long long*)(_t266 - 0x75)) =  *((long long*)(_t266 - 0x75)) - 1;
				 *((intOrPtr*)(_t266 + _t374)) = fs;
				 *0xFD3CB0E800034284 =  *((intOrPtr*)(0xfd3cb0e800034284)) + _t235;
				 *0xFD3CB0E800000007 =  *((intOrPtr*)(0xfd3cb0e800000007)) + dil;
				E00007FF67FF600A71530(_t235, _t266);
				 *((long long*)(_v48 + 0x346)) = _t266;
				_t267 = _v48;
				 *((long long*)(_t267 + 0x34a)) = 0;
				 *((long long*)(_t267 - 0x75)) =  *((long long*)(_t267 - 0x75)) - 1;
				 *((intOrPtr*)(_t267 + _t374)) = fs;
				 *0xFD3C6EE800034E86 =  *((intOrPtr*)(0xfd3c6ee800034e86)) + _t235;
				 *0xFD3C6EE80000000B =  *((intOrPtr*)(0xfd3c6ee80000000b)) + dil;
				E00007FF67FF600A71530(_t235, _t267);
				 *((long long*)(_v48 + 0x352)) = _t267;
				 *((long long*)(_t267 - 0x75)) =  *((long long*)(_t267 - 0x75)) - 1;
				 *((intOrPtr*)(_t267 + _t374)) = fs;
				 *0xFD3C3EE800035688 =  *((intOrPtr*)(0xfd3c3ee800035688)) + _t235;
				 *0xFD3C3EE80000000F =  *((intOrPtr*)(0xfd3c3ee80000000f)) + dil;
				E00007FF67FF600A71530(_t235, _t267);
				 *((long long*)(_v48 + 0x35a)) = _t267;
				 *((long long*)(_t267 - 0x75)) =  *((long long*)(_t267 - 0x75)) - 1;
				 *((intOrPtr*)(_t267 + _t374)) = fs;
				 *0xFD3C0EE800035E8A =  *((intOrPtr*)(0xfd3c0ee800035e8a)) + _t235;
				 *0xFD3C0EE800000013 =  *((intOrPtr*)(0xfd3c0ee800000013)) + dil;
				E00007FF67FF600A71530(_t235, _t267);
				 *((long long*)(_v48 + 0x362)) = _t267;
				 *((long long*)(_t267 - 0x75)) =  *((long long*)(_t267 - 0x75)) - 1;
				 *((intOrPtr*)(_t267 + _t374)) = fs;
				 *0xFD3BDEE80003668C =  *((intOrPtr*)(0xfd3bdee80003668c)) + _t235;
				 *0xFD3BDEE800000017 =  *((intOrPtr*)(0xfd3bdee800000017)) + dil;
				E00007FF67FF600A71530(_t235, _t267);
				 *((long long*)(_v48 + 0x36a)) = _t267;
				 *((long long*)(_t267 - 0x75)) =  *((long long*)(_t267 - 0x75)) - 1;
				 *((intOrPtr*)(_t267 + _t374)) = fs;
				 *0xFD3BAEE800036E8E =  *((intOrPtr*)(0xfd3baee800036e8e)) + _t235;
				 *0xFD3BAEE800000019 =  *((intOrPtr*)(0xfd3baee800000019)) + dil;
				E00007FF67FF600A7A830();
				_t268 = _t267 - 0x10000;
				E00007FF67FF600A71000(_t235, _t268, _a16, _t268);
				_v64 = _t268;
				goto 0xa9ddbf;
				_t269 = E00007FF67FF600A71F40(_t268, _a16, _t268) & 0x000000ff;
				if (_t269 != 0) goto 0xa9dc94;
				if ( *0xb34ed0 != 0) goto 0xa9db64;
				_t354 =  *0xb34f18; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t354);
				 *0xb34ed0 = _t269;
				_t355 =  *0xb34f28; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t355);
				 *0xb34e98 = _t269;
				_t356 =  *0xb34f70; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t356);
				 *0xb34ea0 = _t269;
				_t357 =  *0xb34f30; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t357);
				 *0xb34e88 = _t269;
				_t358 =  *0xb34f48; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t358);
				 *0xb34f08 = _t269;
				_t359 =  *0xb34f20; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t359);
				 *0xb34ef8 = _t269;
				_t360 =  *0xb34f40; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t360);
				 *0xb34f50 = _t269;
				_t361 =  *0xb34f38; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t361);
				 *0xb34f60 = _t269;
				_t362 =  *0xb34f68; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t362);
				 *0xb34ee8 = _t269;
				_t363 =  *0xb34ea8; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t363);
				 *0xb34eb0 = _t269;
				_t364 =  *0xb34f10; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t364);
				 *0xb34f78 = _t269;
				_t365 =  *0xb34f00; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t365);
				 *0xb34e90 = _t269;
				_t366 =  *0xb34ee0; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t366);
				 *0xb34ec0 = _t269;
				_t367 =  *0xb34ed8; // 0x0
				E00007FF67FF600A72010(_t269, _a16, _t367);
				 *0xb34ef0 = _t269;
				_v72 = 0x3b6;
				_t270 =  *0xb34ed0; // 0x0
				_v218 = _t270;
				_v210 = 0;
				_t271 =  *0xb34e88; // 0x0
				_v202 = _t271;
				_t272 =  *0xb34f08; // 0x0
				_v194 = _t272;
				_v186 = 0;
				_t273 =  *0xb34ef8; // 0x0
				_v178 = _t273;
				_t274 =  *0xb34e98; // 0x0
				_v170 = _t274;
				_v162 = 0;
				_t275 =  *0xb34f50; // 0x0
				_v154 = _t275;
				_t276 =  *0xb34ea0; // 0x0
				_v146 = _t276;
				_t277 =  *0xb34f60; // 0x0
				_v138 = _t277;
				_t278 =  *0xb34ee8; // 0x0
				_v130 = _t278;
				_t279 =  *0xb34eb0; // 0x0
				_v122 = _t279;
				_t280 =  *0xb34f78; // 0x0
				_v114 = _t280;
				_t281 =  *0xb34e90; // 0x0
				_v106 = _t281;
				_t282 =  *0xb34ec0; // 0x0
				_v98 = _t282;
				_t283 =  *0xb34ef0; // 0x0
				_v90 = _t283;
				if (_v202 == 0) goto 0xa9dc8f;
				r8d = 0;
				E00007FF67FF600A71000(_t235, _t283, _a16, _t268);
				_v64 = _t283;
				goto 0xa9ddbf;
				_v72 = 0x3b6;
				_t284 =  *0xb34f18; // 0x0
				_v218 = _t284;
				_v210 = 0;
				_t285 =  *0xb34f30; // 0x0
				_v202 = _t285;
				_t286 =  *0xb34f48; // 0x0
				_v194 = _t286;
				_v186 = 0;
				_t287 =  *0xb34f20; // 0x0
				_v178 = _t287;
				_t288 =  *0xb34f28; // 0x0
				_v170 = _t288;
				_v162 = 0;
				_t289 =  *0xb34f40; // 0x0
				_v154 = _t289;
				_t290 =  *0xb34f70; // 0x0
				_v146 = _t290;
				_t291 =  *0xb34f38; // 0x0
				_v138 = _t291;
				_t292 =  *0xb34f68; // 0x0
				_v130 = _t292;
				_t293 =  *0xb34ea8; // 0x0
				_v122 = _t293;
				_t294 =  *0xb34f10; // 0x0
				_v114 = _t294;
				_t295 =  *0xb34f00; // 0x0
				_v106 = _t295;
				_t296 =  *0xb34ee0; // 0x0
				_v98 = _t296;
				_t297 =  *0xb34ed8; // 0x0
				_v90 = _t297;
				if (_v202 == 0) goto 0xa9ddbf;
				r8d = 0;
				E00007FF67FF600A71000(_t235, _t297, _a16, _t268);
				_v64 = _t297;
				if (_v64 == 0) goto 0xa9deaf;
				_v1080 =  &_v32;
				r9d = 4;
				VirtualProtectEx(??, ??, ??, ??, ??);
				_v1080 =  &_v40;
				WriteProcessMemory(??, ??, ??, ??, ??);
				if (_v72 == 0) goto 0xa9de78;
				_v1064 =  &_v28;
				_v1072 = 0;
				_t301 = _v64;
				_v1080 = _t301;
				r8d = 0x100000;
				E00007FF67FF600A749C0(_a16, 0, _v1048);
				_v1040 = _t301;
				if (_v1040 != 0) goto 0xa9deaf;
				GetLastError();
				_v24 = _t301;
				_t233 = E00007FF67FF600A71330(_t301, _v64, _a16);
				SetLastError(??);
				return _t233;
			}

































































































                                                0x7ff600a9d6d0
                                                0x7ff600a9d6d0
                                                0x7ff600a9d6d0
                                                0x7ff600a9d6d5
                                                0x7ff600a9d6da
                                                0x7ff600a9d6df
                                                0x7ff600a9d6eb
                                                0x7ff600a9d703
                                                0x7ff600a9d708
                                                0x7ff600a9d713
                                                0x7ff600a9d719
                                                0x7ff600a9d72d
                                                0x7ff600a9d731
                                                0x7ff600a9d73b
                                                0x7ff600a9d745
                                                0x7ff600a9d74d
                                                0x7ff600a9d754
                                                0x7ff600a9d760
                                                0x7ff600a9d76f
                                                0x7ff600a9d785
                                                0x7ff600a9d788
                                                0x7ff600a9d79e
                                                0x7ff600a9d7a2
                                                0x7ff600a9d7aa
                                                0x7ff600a9d7ac
                                                0x7ff600a9d7bf
                                                0x7ff600a9d7c0
                                                0x7ff600a9d7c4
                                                0x7ff600a9d7c6
                                                0x7ff600a9d7d0
                                                0x7ff600a9d7d7
                                                0x7ff600a9d7dd
                                                0x7ff600a9d7fa
                                                0x7ff600a9d800
                                                0x7ff600a9d805
                                                0x7ff600a9d80f
                                                0x7ff600a9d81c
                                                0x7ff600a9d822
                                                0x7ff600a9d82a
                                                0x7ff600a9d83d
                                                0x7ff600a9d840
                                                0x7ff600a9d845
                                                0x7ff600a9d84b
                                                0x7ff600a9d851
                                                0x7ff600a9d85e
                                                0x7ff600a9d864
                                                0x7ff600a9d86c
                                                0x7ff600a9d87f
                                                0x7ff600a9d882
                                                0x7ff600a9d887
                                                0x7ff600a9d88d
                                                0x7ff600a9d893
                                                0x7ff600a9d8a0
                                                0x7ff600a9d8a6
                                                0x7ff600a9d8ae
                                                0x7ff600a9d8c1
                                                0x7ff600a9d8c4
                                                0x7ff600a9d8c9
                                                0x7ff600a9d8cf
                                                0x7ff600a9d8d5
                                                0x7ff600a9d8e2
                                                0x7ff600a9d8f1
                                                0x7ff600a9d8f4
                                                0x7ff600a9d8f9
                                                0x7ff600a9d8ff
                                                0x7ff600a9d905
                                                0x7ff600a9d912
                                                0x7ff600a9d921
                                                0x7ff600a9d924
                                                0x7ff600a9d929
                                                0x7ff600a9d92f
                                                0x7ff600a9d935
                                                0x7ff600a9d942
                                                0x7ff600a9d951
                                                0x7ff600a9d954
                                                0x7ff600a9d959
                                                0x7ff600a9d95f
                                                0x7ff600a9d965
                                                0x7ff600a9d972
                                                0x7ff600a9d981
                                                0x7ff600a9d984
                                                0x7ff600a9d989
                                                0x7ff600a9d98f
                                                0x7ff600a9d995
                                                0x7ff600a9d99a
                                                0x7ff600a9d9b2
                                                0x7ff600a9d9b7
                                                0x7ff600a9d9bf
                                                0x7ff600a9d9d1
                                                0x7ff600a9d9d6
                                                0x7ff600a9d9e4
                                                0x7ff600a9d9ea
                                                0x7ff600a9d9f9
                                                0x7ff600a9d9fe
                                                0x7ff600a9da05
                                                0x7ff600a9da14
                                                0x7ff600a9da19
                                                0x7ff600a9da20
                                                0x7ff600a9da2f
                                                0x7ff600a9da34
                                                0x7ff600a9da3b
                                                0x7ff600a9da4a
                                                0x7ff600a9da4f
                                                0x7ff600a9da56
                                                0x7ff600a9da65
                                                0x7ff600a9da6a
                                                0x7ff600a9da71
                                                0x7ff600a9da80
                                                0x7ff600a9da85
                                                0x7ff600a9da8c
                                                0x7ff600a9da9b
                                                0x7ff600a9daa0
                                                0x7ff600a9daa7
                                                0x7ff600a9dab6
                                                0x7ff600a9dabb
                                                0x7ff600a9dac2
                                                0x7ff600a9dad1
                                                0x7ff600a9dad6
                                                0x7ff600a9dadd
                                                0x7ff600a9daec
                                                0x7ff600a9daf1
                                                0x7ff600a9daf8
                                                0x7ff600a9db07
                                                0x7ff600a9db0c
                                                0x7ff600a9db13
                                                0x7ff600a9db22
                                                0x7ff600a9db27
                                                0x7ff600a9db2e
                                                0x7ff600a9db3d
                                                0x7ff600a9db42
                                                0x7ff600a9db49
                                                0x7ff600a9db58
                                                0x7ff600a9db5d
                                                0x7ff600a9db64
                                                0x7ff600a9db6f
                                                0x7ff600a9db76
                                                0x7ff600a9db7e
                                                0x7ff600a9db8a
                                                0x7ff600a9db91
                                                0x7ff600a9db99
                                                0x7ff600a9dba0
                                                0x7ff600a9dba8
                                                0x7ff600a9dbb4
                                                0x7ff600a9dbbb
                                                0x7ff600a9dbc3
                                                0x7ff600a9dbca
                                                0x7ff600a9dbd2
                                                0x7ff600a9dbde
                                                0x7ff600a9dbe5
                                                0x7ff600a9dbed
                                                0x7ff600a9dbf4
                                                0x7ff600a9dbfc
                                                0x7ff600a9dc03
                                                0x7ff600a9dc0b
                                                0x7ff600a9dc12
                                                0x7ff600a9dc1a
                                                0x7ff600a9dc21
                                                0x7ff600a9dc29
                                                0x7ff600a9dc30
                                                0x7ff600a9dc38
                                                0x7ff600a9dc3f
                                                0x7ff600a9dc47
                                                0x7ff600a9dc4e
                                                0x7ff600a9dc56
                                                0x7ff600a9dc5d
                                                0x7ff600a9dc6e
                                                0x7ff600a9dc70
                                                0x7ff600a9dc82
                                                0x7ff600a9dc87
                                                0x7ff600a9dc8f
                                                0x7ff600a9dc94
                                                0x7ff600a9dc9f
                                                0x7ff600a9dca6
                                                0x7ff600a9dcae
                                                0x7ff600a9dcba
                                                0x7ff600a9dcc1
                                                0x7ff600a9dcc9
                                                0x7ff600a9dcd0
                                                0x7ff600a9dcd8
                                                0x7ff600a9dce4
                                                0x7ff600a9dceb
                                                0x7ff600a9dcf3
                                                0x7ff600a9dcfa
                                                0x7ff600a9dd02
                                                0x7ff600a9dd0e
                                                0x7ff600a9dd15
                                                0x7ff600a9dd1d
                                                0x7ff600a9dd24
                                                0x7ff600a9dd2c
                                                0x7ff600a9dd33
                                                0x7ff600a9dd3b
                                                0x7ff600a9dd42
                                                0x7ff600a9dd4a
                                                0x7ff600a9dd51
                                                0x7ff600a9dd59
                                                0x7ff600a9dd60
                                                0x7ff600a9dd68
                                                0x7ff600a9dd6f
                                                0x7ff600a9dd77
                                                0x7ff600a9dd7e
                                                0x7ff600a9dd86
                                                0x7ff600a9dd8d
                                                0x7ff600a9dd9e
                                                0x7ff600a9dda0
                                                0x7ff600a9ddb2
                                                0x7ff600a9ddb7
                                                0x7ff600a9ddc8
                                                0x7ff600a9dddd
                                                0x7ff600a9dde2
                                                0x7ff600a9ddfb
                                                0x7ff600a9de10
                                                0x7ff600a9de2d
                                                0x7ff600a9de35
                                                0x7ff600a9de3f
                                                0x7ff600a9de44
                                                0x7ff600a9de4c
                                                0x7ff600a9de54
                                                0x7ff600a9de5e
                                                0x7ff600a9de6e
                                                0x7ff600a9de73
                                                0x7ff600a9de7e
                                                0x7ff600a9de80
                                                0x7ff600a9de86
                                                0x7ff600a9de9d
                                                0x7ff600a9dea9
                                                0x7ff600a9debb

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$AllocErrorLastProcess$MemoryProtectQueryWrite$CurrentFileView
                                                • String ID:
                                                • API String ID: 386621533-0
                                                • Opcode ID: a7f0a7437e7c6be0e244ac8b01445422252ce37ac11748545564f57bc4eb4ac4
                                                • Instruction ID: 87b096c2b1e7ce602b8eaa459fa7eeb8be41885764e91730beb2d8e1663b8288
                                                • Opcode Fuzzy Hash: a7f0a7437e7c6be0e244ac8b01445422252ce37ac11748545564f57bc4eb4ac4
                                                • Instruction Fuzzy Hash: AF12077660DB8196E760DB15F8503AA73A4FB89784F204039DA8D8776EDF3EE181CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A95560 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 258memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 49%
                                                			E00007FF67FF600A95560(void* __ecx, void* __edx, long long __rcx, long long __rdx, void* __r9, long long _a8, void* _a16, long long _a24) {
				signed long long _v24;
				long long _v32;
				signed long long _v40;
				signed long long _v48;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				long long _v72;
				signed int _v76;
				void* _v80;
				long long _v88;
				char _v360;
				char _v376;
				void* _t121;
				long long _t151;
				intOrPtr _t152;
				intOrPtr* _t154;
				long long _t161;
				long long _t164;

				_t121 = __edx;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				r9d = 0x104;
				_t151 = _a8;
				E00007FF67FF600A7BBC0(_t151,  *((intOrPtr*)(_t151 + 0xd8)),  &_v376,  &_v360);
				if (_t151 == 0) goto 0xa95a6a;
				E00007FF67FF600A7BE00(_t151, _v376);
				_v88 = _t151;
				if (_v88 == 0) goto 0xa95a6a;
				_t152 = _v376;
				if (_a16 - _t152 < 0) goto 0xa95a6a;
				E00007FF67FF600A7A9D0(_v88);
				if (_a16 - _v376 + _t152 - 0x64 > 0) goto 0xa95a6a;
				if (_a24 == 0) goto 0xa95654;
				_t154 = _a16;
				if ( *_t154 - _v376 <= 0) goto 0xa95654;
				E00007FF67FF600A7A9D0(_v88);
				if ( *_a16 - _v376 + _t154 - 0x64 > 0) goto 0xa95654;
				_a16 =  *_a16;
				goto 0xa956b9;
				if (_a24 == 0) goto 0xa956b9;
				if ( *_a16 - _v376 <= 0) goto 0xa956b9;
				_t161 =  *_a16;
				_v32 = _t161;
				E00007FF67FF600A7A9D0(_v88);
				if (_v32 - _v376 + _t161 - 0x64 > 0) goto 0xa956b9;
				_t164 =  *_a16;
				_a16 = _t164;
				E00007FF67FF600A95190(__ecx, _t121, _t164, _a8, _a16, __r9);
				if (_t164 != 0) goto 0xa95a6a;
				_v72 = _a16;
				_v80 = 0;
				_v56 = 0;
				_v64 = 0;
				_v60 = 0;
				_v76 = 0;
				_v80 = 1;
				_v80 = _v80 + 1;
				if (_v80 - 0x64 > 0) goto 0xa958c8;
				if ( *_v72 == 0) goto 0xa95778;
				if ( *_v72 == 0xa) goto 0xa95778;
				if ( *_v72 != 0xc) goto 0xa9577d;
				goto 0xa958c8;
				if ( *_v72 - 0x41 < 0) goto 0xa9579d;
				if ( *_v72 - 0x5a <= 0) goto 0xa957ed;
				if ( *_v72 - 0x61 < 0) goto 0xa957bd;
				if ( *_v72 - 0x7a <= 0) goto 0xa957ed;
				if ( *_v72 - 0x30 < 0) goto 0xa957dd;
				if ( *_v72 - 0x39 <= 0) goto 0xa957ed;
				if ( *_v72 != 0x20) goto 0xa95803;
				_v56 = _v56 + 1;
				goto 0xa958af;
				if ( *_v72 == 0x3a) goto 0xa95843;
				if ( *_v72 == 0x5c) goto 0xa95843;
				if ( *_v72 == 0x2e) goto 0xa95843;
				if ( *_v72 != 0x2c) goto 0xa95856;
				_v64 = _v64 + 1;
				goto 0xa958af;
				if ( *_v72 - 0x21 < 0) goto 0xa95889;
				if ( *_v72 - 0x5d > 0) goto 0xa95889;
				_v60 = _v60 + 1;
				goto 0xa958af;
				if ( *_v72 - 0x20 >= 0) goto 0xa9589e;
				goto 0xa95a6a;
				_v76 = _v76 + 1;
				_v72 = _v72 + 1;
				goto L1;
				if (_v80 - 4 <= 0) goto 0xa95a6a;
				_v56 = _v56 << 1;
				_v64 = _v64 * 5;
				if (_v56 << 1 - _v64 * 5 <= 0) goto 0xa95a6a;
				__rax = _v64;
				asm("cdq");
				_v64 - __rdx = _v64 - __rdx >> 1;
				_v56 = _v56 + (_v64 - __rdx >> 1);
				__rax = _v56 + (_v64 - __rdx >> 1);
				_v60 = _v60 << 3;
				if (_v56 + (_v64 - __rdx >> 1) - _v60 << 3 <= 0) goto 0xa95a6a;
				__rax = _v64;
				asm("cdq");
				_v64 - __rdx = _v64 - __rdx >> 1;
				_v56 = _v56 + (_v64 - __rdx >> 1);
				__rax = _v56 + (_v64 - __rdx >> 1);
				_v24 = _v56 + (_v64 - __rdx >> 1);
				__rax = _v60;
				asm("cdq");
				__rdx = __rdx & 0x00000003;
				_v60 + __rdx = _v60 + __rdx >> 2;
				_v24 = _v24 + (_v60 + __rdx >> 2);
				__rax = _v24 + (_v60 + __rdx >> 2);
				_v76 = _v76 * 0xa;
				if (_v24 + (_v60 + __rdx >> 2) - _v76 * 0xa <= 0) goto 0xa95a6a;
				__rax = _v80;
				__rdx = __rax;
				__rcx = 0x40;
				asm("pop es");
				 *((intOrPtr*)(__rax - 0x77)) =  *((intOrPtr*)(__rax - 0x77)) + __cl;
				 *__rax =  *__rax + __rax;
				 *((intOrPtr*)(__rbx + 0x1482484)) =  *((intOrPtr*)(__rbx + 0x1482484)) + __cl;
				 *__rax =  *__rax + __al;
				__rax = __rax - 1;
				__r8 = __rax;
				__rdx = _a16;
				__rcx = _v48;
				E00007FF67FF600AA7840();
				_a8 = _a8 + 0x90;
				__rcx = _a8 + 0x90;
				E00007FF67FF600A7F2D0(_a8 + 0x90);
				_v40 = __rax;
				goto 0xa959d7;
				_v40 = _v40 + 1;
				_v40 = _v40 + 1;
				__rax = _v40;
				if (_v40 - 0x30 >= 0) goto 0xa95a04;
				_a8 = _a8 + 0x90;
				__rdx = " ";
				__rcx = _a8 + 0x90;
				E00007FF67FF600A7EE20(__edx, _a8 + 0x90, " ", __r8);
				goto 0xa959c6;
				_a8 = _a8 + 0x90;
				__rdx = L"  ; \"";
				__rcx = _a8 + 0x90;
				E00007FF67FF600A7EE20(__edx, _a8 + 0x90, L"  ; \"", __r8);
				_a8 = _a8 + 0x90;
				__rdx = _v48;
				__rcx = _a8 + 0x90;
				E00007FF67FF600A7F130(__ecx, __edx, _a8 + 0x90, _v48, __r8);
				_a8 = _a8 + 0x90;
				__rdx = "\"";
				__rcx = _a8 + 0x90;
				E00007FF67FF600A7EE20(__edx, _a8 + 0x90, "\"", __r8);
				__rcx = _v48;
				return LocalFree(??);
			}






















                                                0x7ff600a95560
                                                0x7ff600a95560
                                                0x7ff600a95565
                                                0x7ff600a9556a
                                                0x7ff600a95576
                                                0x7ff600a95586
                                                0x7ff600a95595
                                                0x7ff600a9559c
                                                0x7ff600a955a7
                                                0x7ff600a955ac
                                                0x7ff600a955bd
                                                0x7ff600a955c3
                                                0x7ff600a955d0
                                                0x7ff600a955de
                                                0x7ff600a955f7
                                                0x7ff600a95605
                                                0x7ff600a95607
                                                0x7ff600a95617
                                                0x7ff600a95621
                                                0x7ff600a9563d
                                                0x7ff600a9564a
                                                0x7ff600a95652
                                                0x7ff600a9565c
                                                0x7ff600a9566d
                                                0x7ff600a95677
                                                0x7ff600a95679
                                                0x7ff600a95689
                                                0x7ff600a956a5
                                                0x7ff600a956af
                                                0x7ff600a956b1
                                                0x7ff600a956c9
                                                0x7ff600a956d0
                                                0x7ff600a956de
                                                0x7ff600a956e6
                                                0x7ff600a956f1
                                                0x7ff600a956fc
                                                0x7ff600a95707
                                                0x7ff600a95712
                                                0x7ff600a9571d
                                                0x7ff600a95734
                                                0x7ff600a95743
                                                0x7ff600a95756
                                                0x7ff600a95766
                                                0x7ff600a95776
                                                0x7ff600a95778
                                                0x7ff600a9578b
                                                0x7ff600a9579b
                                                0x7ff600a957ab
                                                0x7ff600a957bb
                                                0x7ff600a957cb
                                                0x7ff600a957db
                                                0x7ff600a957eb
                                                0x7ff600a957f7
                                                0x7ff600a957fe
                                                0x7ff600a95811
                                                0x7ff600a95821
                                                0x7ff600a95831
                                                0x7ff600a95841
                                                0x7ff600a9584d
                                                0x7ff600a95854
                                                0x7ff600a95864
                                                0x7ff600a95874
                                                0x7ff600a95880
                                                0x7ff600a95887
                                                0x7ff600a95897
                                                0x7ff600a95899
                                                0x7ff600a958a8
                                                0x7ff600a958bb
                                                0x7ff600a958c3
                                                0x7ff600a958d0
                                                0x7ff600a958dd
                                                0x7ff600a958e6
                                                0x7ff600a958eb
                                                0x7ff600a958f1
                                                0x7ff600a958f8
                                                0x7ff600a958fb
                                                0x7ff600a95904
                                                0x7ff600a95906
                                                0x7ff600a9590f
                                                0x7ff600a95914
                                                0x7ff600a9591a
                                                0x7ff600a95921
                                                0x7ff600a95924
                                                0x7ff600a9592d
                                                0x7ff600a9592f
                                                0x7ff600a95931
                                                0x7ff600a95938
                                                0x7ff600a9593f
                                                0x7ff600a95940
                                                0x7ff600a95945
                                                0x7ff600a9594f
                                                0x7ff600a95951
                                                0x7ff600a9595a
                                                0x7ff600a9595f
                                                0x7ff600a95965
                                                0x7ff600a9596d
                                                0x7ff600a95970
                                                0x7ff600a95979
                                                0x7ff600a9597a
                                                0x7ff600a95980
                                                0x7ff600a95982
                                                0x7ff600a95988
                                                0x7ff600a9598a
                                                0x7ff600a9598f
                                                0x7ff600a95992
                                                0x7ff600a9599a
                                                0x7ff600a959a2
                                                0x7ff600a959af
                                                0x7ff600a959b5
                                                0x7ff600a959b8
                                                0x7ff600a959bd
                                                0x7ff600a959c4
                                                0x7ff600a959cd
                                                0x7ff600a959d0
                                                0x7ff600a959d7
                                                0x7ff600a959e3
                                                0x7ff600a959ed
                                                0x7ff600a959f3
                                                0x7ff600a959fa
                                                0x7ff600a959fd
                                                0x7ff600a95a02
                                                0x7ff600a95a0c
                                                0x7ff600a95a12
                                                0x7ff600a95a19
                                                0x7ff600a95a1c
                                                0x7ff600a95a29
                                                0x7ff600a95a2f
                                                0x7ff600a95a37
                                                0x7ff600a95a3a
                                                0x7ff600a95a47
                                                0x7ff600a95a4d
                                                0x7ff600a95a54
                                                0x7ff600a95a57
                                                0x7ff600a95a5c
                                                0x7ff600a95a71

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AllocFileLocalModuleNameQueryVirtual
                                                • String ID: ; "$d
                                                • API String ID: 1643479250-2738885396
                                                • Opcode ID: 9b3a81e9ff0606abf55bdbea0d82d4976b9a7e44d5ef37f228e1c8c30abc879f
                                                • Instruction ID: 970b6fad892b76176d37ca296bc88394a53cfad51c1b32e8398581a092b5b576
                                                • Opcode Fuzzy Hash: 9b3a81e9ff0606abf55bdbea0d82d4976b9a7e44d5ef37f228e1c8c30abc879f
                                                • Instruction Fuzzy Hash: 67D11933B0DAC1D9EA728B29E4953EE77A0EBC9741F544435CA8DCBB5ACE2DD5418B00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AFDE24 Relevance: 6.2, APIs: 4, Instructions: 202COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 40%
                                                			E00007FF67FF600AFDE24(signed long long __ecx, void* __edi, long long* __rax, long long __rbx, signed short* __rdx, void* __r9, void* __r11, long long _a32) {
				char _v72;
				void* _v84;
				unsigned int _v88;
				long long _v96;
				long long _v100;
				long long _v104;
				signed int _v120;
				void* __rsi;
				void* __rbp;
				void* _t81;
				void* _t87;
				long _t88;
				void* _t99;
				void* _t100;
				void* _t103;
				void* _t108;
				void* _t128;
				signed long long _t142;
				intOrPtr _t144;
				long long* _t152;
				signed long long* _t154;
				signed short* _t185;
				void* _t186;
				long long _t188;
				long long _t189;
				void* _t191;
				signed long long _t201;
				void* _t202;
				signed long long _t204;
				void* _t205;
				signed short* _t206;
				signed long long _t208;

				_t108 = __edi;
				_a32 = __rbx;
				r14d = r8d;
				_t201 = __ecx;
				_t185 = __rdx;
				if (r8d == 0) goto 0xafe0ed;
				if (__rdx != 0) goto 0xafde73;
				E00007FF67FF600AE8CE4(__rax);
				 *__rax = 0;
				E00007FF67FF600AE8D04(__rax);
				 *__rax = 0x16;
				_t81 = E00007FF67FF600ACE12C();
				goto 0xafe0ef;
				_t204 = _t201 >> 6;
				_t208 = (_t201 & 0x0000003f) + (_t201 & 0x0000003f) * 8;
				if (_t81 - 1 > 0) goto 0xafdea5;
				_t142 =  !(_t186 - 1);
				if ((r14d & 0x00000001) == 0) goto 0xafde54;
				if (( *( *((intOrPtr*)(0xb36360 + _t204 * 8)) + 0x38 + _t208 * 8) & 0x00000020) == 0) goto 0xafdebb;
				r8d = 2;
				0xb02044();
				_t103 = r12d;
				_v88 = 0;
				E00007FF67FF600AFCD74(_t103, _t142);
				if (_t142 == 0) goto 0xafdfda;
				_t144 =  *((intOrPtr*)(0xb36360 + _t204 * 8));
				if ( *(0xb36360 + 0x38 + _t208 * 8) - _t100 >= 0) goto 0xafdfda;
				E00007FF67FF600AEA310(_t144, 0,  *((intOrPtr*)(0xb36360 + _t204 * 8)), 0, _t186, __r9);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0x90)) + 0x138)) != 0) goto 0xafdf10;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xb36360 + _t204 * 8)) + 0x39 + _t208 * 8)) == _t100) goto 0xafdfda;
				GetConsoleMode(??, ??);
				if (0xb36360 == 0) goto 0xafdfda;
				if (sil == 0) goto 0xafdfbc;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0xafe076;
				_t202 = _t185 + _t205;
				_v104 = 0;
				_t206 = _t185;
				if (_t185 - _t202 >= 0) goto 0xafe06c;
				_v72 =  *_t206 & 0x0000ffff;
				_t87 = E00007FF67FF600B0260C(_t103);
				if (_t87 != _t103) goto 0xafdfae;
				_t188 = _v100 + 2;
				_v100 = _t188;
				if (_t103 != 0xa) goto 0xafdf9f;
				 *0x467EE80000001A =  *((intOrPtr*)(0x467ee80000001a)) + dil;
				if (_t87 != _t103) goto 0xafdfae;
				_t189 = _t188 + 1;
				_v100 = _t189;
				if ( &(_t206[1]) - _t202 >= 0) goto 0xafe06c;
				goto 0xafdf5f;
				_t88 = GetLastError();
				_v104 = 0xb36360;
				goto 0xafe06c;
				r9d = r14d;
				E00007FF67FF600AFD384(_t88, r12d, _t108,  &(_t206[1]) - _t202, 1,  &_v104,  &_v72, _t185, __r11);
				asm("movsd xmm0, [eax]");
				goto 0xafe071;
				if ( *( *((intOrPtr*)(0xb36360 + _t204 * 8)) + 0x38 + _t208 * 8) - _t100 >= 0) goto 0xafe039;
				_t128 = sil;
				if (_t128 == 0) goto 0xafe025;
				if (_t128 == 0) goto 0xafe011;
				if (_t189 - 1 != 1) goto 0xafe076;
				r9d = r14d;
				E00007FF67FF600AFDA9C(_t100, r12d, 0xb36360,  *0x7FF600B36368,  &_v104, _t191, _t185);
				goto 0xafdfce;
				r9d = r14d;
				E00007FF67FF600AFDBB8(r12d, _t108, 0xb36360,  *0x7FF600B36368,  &_v104, _t191, _t185);
				goto 0xafdfce;
				r9d = r14d;
				E00007FF67FF600AFD998(_t100, r12d, 0xb36360,  *0x7FF600B36368,  &_v104, _t191, _t185);
				goto 0xafdfce;
				r8d = r14d;
				_v120 = _v120 & 0;
				_v104 = 0;
				_v96 = 0;
				WriteFile(??, ??, ??, ??, ??);
				if (0 != 0) goto 0xafe069;
				GetLastError();
				_v104 = 0;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_v88 >> 0x20 != 0) goto 0xafe0e6;
				_t152 = _v88;
				if (_t152 == 0) goto 0xafe0b6;
				if (_t152 != 5) goto 0xafe0a9;
				E00007FF67FF600AE8D04(_t152);
				 *_t152 = 9;
				E00007FF67FF600AE8CE4(_t152);
				 *_t152 = 5;
				goto 0xafde6b;
				E00007FF67FF600AE8C94(_t103, _t152, _v96);
				goto 0xafde6b;
				_t154 =  *((intOrPtr*)(0xb36360 + _t204 * 8));
				if (( *(0xb36360 + 0x38 + _t208 * 8) & 0x00000040) == 0) goto 0xafe0ce;
				if ( *_t185 == 0x1a) goto 0xafe0ed;
				E00007FF67FF600AE8D04(_t154);
				 *0xb36360 = 0x1c;
				_t99 = E00007FF67FF600AE8CE4(_t154);
				 *_t154 =  *_t154 & 0x00000000;
				goto 0xafde6b;
				goto 0xafe0ef;
				return _t99;
			}



































                                                0x7ff600afde24
                                                0x7ff600afde24
                                                0x7ff600afde3d
                                                0x7ff600afde40
                                                0x7ff600afde43
                                                0x7ff600afde49
                                                0x7ff600afde52
                                                0x7ff600afde54
                                                0x7ff600afde59
                                                0x7ff600afde5b
                                                0x7ff600afde60
                                                0x7ff600afde66
                                                0x7ff600afde6e
                                                0x7ff600afde83
                                                0x7ff600afde87
                                                0x7ff600afde9a
                                                0x7ff600afde9f
                                                0x7ff600afdea3
                                                0x7ff600afdeab
                                                0x7ff600afdeb2
                                                0x7ff600afdeb6
                                                0x7ff600afdebb
                                                0x7ff600afdebe
                                                0x7ff600afdec2
                                                0x7ff600afdec9
                                                0x7ff600afded6
                                                0x7ff600afdedf
                                                0x7ff600afdee5
                                                0x7ff600afdef8
                                                0x7ff600afdf0a
                                                0x7ff600afdf24
                                                0x7ff600afdf2c
                                                0x7ff600afdf35
                                                0x7ff600afdf3b
                                                0x7ff600afdf42
                                                0x7ff600afdf48
                                                0x7ff600afdf4c
                                                0x7ff600afdf50
                                                0x7ff600afdf56
                                                0x7ff600afdf66
                                                0x7ff600afdf6a
                                                0x7ff600afdf76
                                                0x7ff600afdf78
                                                0x7ff600afdf7b
                                                0x7ff600afdf82
                                                0x7ff600afdf8d
                                                0x7ff600afdf96
                                                0x7ff600afdf98
                                                0x7ff600afdf9a
                                                0x7ff600afdfa6
                                                0x7ff600afdfac
                                                0x7ff600afdfae
                                                0x7ff600afdfb4
                                                0x7ff600afdfb7
                                                0x7ff600afdfbc
                                                0x7ff600afdfc9
                                                0x7ff600afdfce
                                                0x7ff600afdfd5
                                                0x7ff600afdfea
                                                0x7ff600afdfee
                                                0x7ff600afdff1
                                                0x7ff600afdff6
                                                0x7ff600afdffb
                                                0x7ff600afdffd
                                                0x7ff600afe00a
                                                0x7ff600afe00f
                                                0x7ff600afe011
                                                0x7ff600afe01e
                                                0x7ff600afe023
                                                0x7ff600afe025
                                                0x7ff600afe032
                                                0x7ff600afe037
                                                0x7ff600afe044
                                                0x7ff600afe047
                                                0x7ff600afe04f
                                                0x7ff600afe053
                                                0x7ff600afe056
                                                0x7ff600afe05e
                                                0x7ff600afe060
                                                0x7ff600afe066
                                                0x7ff600afe06c
                                                0x7ff600afe071
                                                0x7ff600afe080
                                                0x7ff600afe082
                                                0x7ff600afe087
                                                0x7ff600afe08c
                                                0x7ff600afe08e
                                                0x7ff600afe093
                                                0x7ff600afe099
                                                0x7ff600afe09e
                                                0x7ff600afe0a4
                                                0x7ff600afe0ac
                                                0x7ff600afe0b1
                                                0x7ff600afe0bd
                                                0x7ff600afe0c7
                                                0x7ff600afe0cc
                                                0x7ff600afe0ce
                                                0x7ff600afe0d3
                                                0x7ff600afe0d9
                                                0x7ff600afe0de
                                                0x7ff600afe0e1
                                                0x7ff600afe0eb
                                                0x7ff600afe106

                                                APIs
                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,00000000,?,?,?,00007FF600AFDDE3,?,00000000,?,00007FF600AFCB5E), ref: 00007FF600AFDF24
                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00000000,?,?,?,00007FF600AFDDE3,?,00000000,?,00007FF600AFCB5E), ref: 00007FF600AFDFAE
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ConsoleErrorLastMode
                                                • String ID:
                                                • API String ID: 953036326-0
                                                • Opcode ID: 704d9060f6f33352076092306b4f3383a3dd4cd4c7171d7834b501e6016695a8
                                                • Instruction ID: 82a11eaeecfd22d138fd142bbf347219a168e5707434ecb2f77342c62e0872f6
                                                • Opcode Fuzzy Hash: 704d9060f6f33352076092306b4f3383a3dd4cd4c7171d7834b501e6016695a8
                                                • Instruction Fuzzy Hash: 9481F123E58602A9FB11DBA0D9806BC676ABB55B84F604131EE0FD77ABDF3DA441C310
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A71BF0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 138memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 29%
                                                			E00007FF67FF600A71BF0(void* __edx, void* __rax, long long __rcx, long long _a8) {
				long long _v16;
				long long _v20;
				signed int _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				char _v120;
				char _v648;
				signed long long _v664;
				long long _v680;
				void* _t71;
				signed char _t72;
				signed long long _t84;
				signed int _t86;
				void* _t135;

				_t73 = __edx;
				_a8 = __rcx;
				_t84 =  *0xb34b68 & 0x000000ff;
				if (_t84 != 0) goto 0xa71f2d;
				E00007FF67FF600A717A0(__edx, _t84, _a8, L"kernel32.dll",  &_v648);
				_v664 = _t84;
				if (_v664 == 0) goto 0xa71ef3;
				_v24 = 0;
				goto 0xa71c53;
				_t86 = _v24 + 1;
				_v24 = _t86;
				if (_v24 - 0xc >= 0) goto 0xa71c7f;
				dil = dil + dil;
				asm("adc eax, 0x955cb");
				 *(_t135 + 0x250 + _v24 * 8) = _t86;
				goto 0xa71c42;
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08138, _v120);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08098, _v112);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08128, _v104);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb080e0, _v96);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08088, _v88);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb080f0, _v80);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08170, _v72);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb080a8, _v64);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb080c0, _v56);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb080d0, _v48);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08148, _v40);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08078, _v32);
				_v680 = 0xc;
				E00007FF67FF600A7B030(_t86,  &_v648, _v664,  &_v120, 0xb34af0);
				if (_t86 == 0) goto 0xa71ea8;
				E00007FF67FF600A717A0(_t73, _t86, _a8, L"ntdll.dll",  &_v648);
				_v664 = _t86;
				if (_v664 == 0) goto 0xa71e9b;
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08030, _v120);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08048, _v112);
				r8d = 0x19;
				E00007FF67FF600A7C440(0xb08018, _v104);
				_v680 = 3;
				E00007FF67FF600A7B030(0x7ff600b34b50,  &_v648, _v664,  &_v120, 0xb34af0);
				if (0x7ff600b34b50 != 0) goto 0xa71e99;
				 *0xb34af0 = 0;
				goto 0xa71ea6;
				 *0xb34af0 = 0;
				goto 0xa71eb3;
				 *0xb34af0 = 0;
				_v20 = 0;
				goto 0xa71ed1;
				_v20 = _v20 + 1;
				if (_v20 - 0xc >= 0) goto 0xa71ef3;
				_t71 = LocalFree(??);
				goto 0xa71ec0;
				if ( *0xb34af0 == 0) goto 0xa71f14;
				if ( *0xb34b50 == 0) goto 0xa71f14;
				_v16 = 1;
				goto 0xa71f1f;
				_v16 = 0;
				 *0xb34b68 = _t71;
				_t72 =  *0xb34b68; // 0x0
				return _t72;
			}


























                                                0x7ff600a71bf0
                                                0x7ff600a71bf0
                                                0x7ff600a71bfc
                                                0x7ff600a71c05
                                                0x7ff600a71c1f
                                                0x7ff600a71c24
                                                0x7ff600a71c2f
                                                0x7ff600a71c35
                                                0x7ff600a71c40
                                                0x7ff600a71c49
                                                0x7ff600a71c4c
                                                0x7ff600a71c5b
                                                0x7ff600a71c66
                                                0x7ff600a71c68
                                                0x7ff600a71c75
                                                0x7ff600a71c7d
                                                0x7ff600a71c7f
                                                0x7ff600a71c94
                                                0x7ff600a71c99
                                                0x7ff600a71cae
                                                0x7ff600a71cb3
                                                0x7ff600a71cc8
                                                0x7ff600a71ccd
                                                0x7ff600a71ce2
                                                0x7ff600a71ce7
                                                0x7ff600a71cfc
                                                0x7ff600a71d01
                                                0x7ff600a71d16
                                                0x7ff600a71d1b
                                                0x7ff600a71d30
                                                0x7ff600a71d35
                                                0x7ff600a71d4a
                                                0x7ff600a71d4f
                                                0x7ff600a71d64
                                                0x7ff600a71d69
                                                0x7ff600a71d7e
                                                0x7ff600a71d83
                                                0x7ff600a71d98
                                                0x7ff600a71d9d
                                                0x7ff600a71db2
                                                0x7ff600a71db7
                                                0x7ff600a71dd8
                                                0x7ff600a71ddf
                                                0x7ff600a71df9
                                                0x7ff600a71dfe
                                                0x7ff600a71e09
                                                0x7ff600a71e0f
                                                0x7ff600a71e24
                                                0x7ff600a71e29
                                                0x7ff600a71e3e
                                                0x7ff600a71e43
                                                0x7ff600a71e58
                                                0x7ff600a71e68
                                                0x7ff600a71e85
                                                0x7ff600a71e8c
                                                0x7ff600a71e8e
                                                0x7ff600a71e99
                                                0x7ff600a71e9b
                                                0x7ff600a71ea6
                                                0x7ff600a71ea8
                                                0x7ff600a71eb3
                                                0x7ff600a71ebe
                                                0x7ff600a71eca
                                                0x7ff600a71ed9
                                                0x7ff600a71eeb
                                                0x7ff600a71ef1
                                                0x7ff600a71efb
                                                0x7ff600a71f05
                                                0x7ff600a71f07
                                                0x7ff600a71f12
                                                0x7ff600a71f14
                                                0x7ff600a71f27
                                                0x7ff600a71f2d
                                                0x7ff600a71f3a

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead$Local$AllocFree
                                                • String ID: kernel32.dll$ntdll.dll
                                                • API String ID: 717885523-3159745453
                                                • Opcode ID: 17a953240a344545ca86c35fef7106a47b7c2365944ca2ae56c00e27b7b2a645
                                                • Instruction ID: 95c5a5d0dc8161f2b067201fbe8cefa58323a2236d6b3e68d56dd5a9c4eff63c
                                                • Opcode Fuzzy Hash: 17a953240a344545ca86c35fef7106a47b7c2365944ca2ae56c00e27b7b2a645
                                                • Instruction Fuzzy Hash: 47813272A1C987A1E7209B15E8987FA7360FB81748F204036D58E877AEDF3DE255DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A83820 Relevance: 6.1, APIs: 4, Instructions: 98libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 26%
                                                			E00007FF67FF600A83820(void* __edx, void* __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a8, long long _a16, long long _a24, long long _a32, long long _a40, long long _a48) {
				long long _v0;
				long long _v24;
				long long _v32;
				void* _v40;
				char _v312;
				signed int* _v324;
				void* _v328;
				long long _v336;
				long long _v344;
				long long _v352;
				long long _v360;
				long long _v368;
				signed int* _v376;
				long long _t66;
				signed char _t75;
				long long _t81;
				long long _t86;
				long long _t87;
				long long _t88;
				long long _t89;
				signed int* _t95;
				void* _t97;

				_t76 = __edx;
				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_v328 = 0;
				if (_a16 - 0x10000 >= 0) goto 0xa83868;
				_t86 = _a16;
				_v328 = _t86;
				_a16 = 0;
				_v324 = 0;
				if (_a8 == 0) goto 0xa83a4a;
				if (_v328 != 0) goto 0xa83895;
				if (_a16 == 0) goto 0xa83a4a;
				_v40 = 0;
				GetModuleHandleA(??);
				_v24 = _t86;
				_t81 = _v24;
				if (_t81 == 0) goto 0xa839c2;
				 *((long long*)(_t86 - 0x7b)) =  *((long long*)(_t86 - 0x7b)) - 1;
				asm("ror byte [edi], 0x84");
				_t66 = _t86;
				 *_t86 =  *_t86 + _t66;
				 *((intOrPtr*)(_t97 + 0x50247c)) =  *((intOrPtr*)(_t97 + 0x50247c)) + _t66;
				if (_t81 != 0) goto 0xa83956;
				r8d = 1;
				E00007FF67FF600A7AB10(__edx, _t86, _v24, _a16);
				_v40 = _t86;
				if (_v40 == 0) goto 0xa83954;
				E00007FF67FF600A88F70(_v40);
				_v40 = _t86;
				r9d = 0x104;
				E00007FF67FF600A7B680(_t86, _v24, _v40,  &_v312);
				if (_t86 == 0) goto 0xa83954;
				_t87 =  &_v312;
				_a16 = _t87;
				goto 0xa8396f;
				E00007FF67FF600A7AF30(_t76, _t87, _v24);
				_v40 = _t87;
				goto 0xa839c2;
				if (_v328 == 0) goto 0xa83997;
				_t88 = _v328;
				GetProcAddress(??, ??);
				_v40 = _t88;
				goto 0xa839b5;
				GetProcAddress(??, ??);
				_v40 = _t88;
				E00007FF67FF600A7C360( &_v40);
				_t89 = _v0;
				E00007FF67FF600A7B880(_t89, _t89);
				_v32 = _t89;
				_v336 = _a48;
				_v344 = _a40;
				_v352 = _a32;
				_v360 = _a24;
				_v368 = _v40;
				_t95 = _v328;
				_v376 = _t95;
				_t75 = E00007FF67FF600A83D70(_t95, _v32, _v24, _a8, _a16);
				_v324 = _t95;
				goto 0xa83a55;
				 *_t95 =  *_t95 | _t75;
				_v324 = 0;
				return _t75;
			}

























                                                0x7ff600a83820
                                                0x7ff600a83820
                                                0x7ff600a83825
                                                0x7ff600a8382a
                                                0x7ff600a8382f
                                                0x7ff600a8383b
                                                0x7ff600a8384f
                                                0x7ff600a83851
                                                0x7ff600a83858
                                                0x7ff600a8385c
                                                0x7ff600a83868
                                                0x7ff600a83879
                                                0x7ff600a83884
                                                0x7ff600a8388f
                                                0x7ff600a83895
                                                0x7ff600a838a9
                                                0x7ff600a838af
                                                0x7ff600a838b7
                                                0x7ff600a838c0
                                                0x7ff600a838cf
                                                0x7ff600a838d2
                                                0x7ff600a838d5
                                                0x7ff600a838d6
                                                0x7ff600a838d8
                                                0x7ff600a838de
                                                0x7ff600a838e0
                                                0x7ff600a838f6
                                                0x7ff600a838fb
                                                0x7ff600a8390c
                                                0x7ff600a83916
                                                0x7ff600a8391b
                                                0x7ff600a83923
                                                0x7ff600a8393e
                                                0x7ff600a83945
                                                0x7ff600a83947
                                                0x7ff600a8394c
                                                0x7ff600a83954
                                                0x7ff600a83962
                                                0x7ff600a83967
                                                0x7ff600a8396f
                                                0x7ff600a83976
                                                0x7ff600a83978
                                                0x7ff600a83987
                                                0x7ff600a8398d
                                                0x7ff600a83995
                                                0x7ff600a839a7
                                                0x7ff600a839ad
                                                0x7ff600a839bd
                                                0x7ff600a839c2
                                                0x7ff600a839cd
                                                0x7ff600a839d2
                                                0x7ff600a839e1
                                                0x7ff600a839ec
                                                0x7ff600a839f8
                                                0x7ff600a83a05
                                                0x7ff600a83a12
                                                0x7ff600a83a17
                                                0x7ff600a83a1b
                                                0x7ff600a83a3f
                                                0x7ff600a83a44
                                                0x7ff600a83a48
                                                0x7ff600a83a53
                                                0x7ff600a83a57
                                                0x7ff600a83a6a

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: AddressProc$ErrorHandleLastModule
                                                • String ID:
                                                • API String ID: 3392887714-0
                                                • Opcode ID: b3dc32d0bb34061db9487712f66ccfdeed19b21d22bc14aeb7bd3a01365d5fe3
                                                • Instruction ID: f759c5cc09aa4216ac293bbc1e73673999c246b3faa03740e13aebd8c842678d
                                                • Opcode Fuzzy Hash: b3dc32d0bb34061db9487712f66ccfdeed19b21d22bc14aeb7bd3a01365d5fe3
                                                • Instruction Fuzzy Hash: 4951A03360DBC5A6EAB19B15E4543EAB3A0FB89B80F504535DACD82B9DDFBCD5448B00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B01DC8 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 18%
                                                			E00007FF67FF600B01DC8(signed long long __ecx, void* __edx, void* __edi, void* __eflags, signed int __rax, long long __rbx, void* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, void* _a32) {
				void* _v24;
				void* _t30;
				long long* _t45;
				signed long long _t64;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t64 = __ecx;
				E00007FF67FF600AF5794(__ecx, __rax);
				if (__rax != 0xffffffff) goto 0xb01e08;
				E00007FF67FF600AE8D04(__rax);
				 *__rax = 9;
				goto 0xb01ea6;
				r9d = 1;
				SetFilePointerEx(??, ??, ??, ??);
				if ((__rax | 0xffffffff) != 0) goto 0xb01e2f;
				GetLastError();
				E00007FF67FF600AE8C94(__ecx, __rax | 0xffffffff, __rax);
				goto 0xb01e00;
				_a32 = 0;
				r9d = r8d;
				SetFilePointerEx(??, ??, ??, ??);
				if (0 == 0) goto 0xb01e20;
				_t45 = _a32;
				if (_t45 - 0x7fffffff <= 0) goto 0xb01e7c;
				r9d = 0;
				r8d = 0;
				SetFilePointerEx(??, ??, ??, ??);
				_t30 = E00007FF67FF600AE8D04(_t45);
				 *_t45 = 0x16;
				goto 0xb01e00;
				if (_t45 == 0xffffffff) goto 0xb01e00;
				 *( *((intOrPtr*)(0xb36360 + (_t64 >> 6) * 8)) + 0x38 + ((_t64 & 0x0000003f) + (_t64 & 0x0000003f) * 8) * 8) =  *( *((intOrPtr*)(0xb36360 + (_t64 >> 6) * 8)) + 0x38 + ((_t64 & 0x0000003f) + (_t64 & 0x0000003f) * 8) * 8) & 0x000000fd;
				return _t30;
			}







                                                0x7ff600b01dc8
                                                0x7ff600b01dcd
                                                0x7ff600b01dd2
                                                0x7ff600b01ddc
                                                0x7ff600b01de7
                                                0x7ff600b01df3
                                                0x7ff600b01df5
                                                0x7ff600b01dfa
                                                0x7ff600b01e03
                                                0x7ff600b01e12
                                                0x7ff600b01e16
                                                0x7ff600b01e1e
                                                0x7ff600b01e20
                                                0x7ff600b01e28
                                                0x7ff600b01e2d
                                                0x7ff600b01e39
                                                0x7ff600b01e3e
                                                0x7ff600b01e44
                                                0x7ff600b01e4c
                                                0x7ff600b01e4e
                                                0x7ff600b01e59
                                                0x7ff600b01e60
                                                0x7ff600b01e63
                                                0x7ff600b01e69
                                                0x7ff600b01e6f
                                                0x7ff600b01e74
                                                0x7ff600b01e7a
                                                0x7ff600b01e7f
                                                0x7ff600b01ea1
                                                0x7ff600b01eba

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FilePointer$ErrorLast
                                                • String ID:
                                                • API String ID: 142388799-0
                                                • Opcode ID: 9382cd31ec7fbdeb31d60eafd5c55178d868b4209cdac149010f747b49d28d27
                                                • Instruction ID: 7c7c60de0552d1c533e6faf621aaaf7f69298bc54389873d0f5526a71126db80
                                                • Opcode Fuzzy Hash: 9382cd31ec7fbdeb31d60eafd5c55178d868b4209cdac149010f747b49d28d27
                                                • Instruction Fuzzy Hash: DD21D831A0CA8191E7109B29FA4017DB752EB86BF0F644731E96E877D9DF3DE4408740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A71670 Relevance: 6.1, APIs: 4, Instructions: 61threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Process$CloseCurrentHandle$MemoryOpenReadThread
                                                • String ID:
                                                • API String ID: 1711309301-0
                                                • Opcode ID: a4f05f59a2ddbc54b950b996cc8e5b7a53ab523d6aa6a3271adaf00ca3b82434
                                                • Instruction ID: d14aa991c92a57a158d2abf12cb57aee145cd2cb1439df1ed9dbf2e9b6391f19
                                                • Opcode Fuzzy Hash: a4f05f59a2ddbc54b950b996cc8e5b7a53ab523d6aa6a3271adaf00ca3b82434
                                                • Instruction Fuzzy Hash: 9D311A36A2CA8196E754DB19E84436AB7E1FBC5790F604135E68E82BADDF3CE445CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7C250 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$FileModuleNameQueryVirtual
                                                • String ID:
                                                • API String ID: 2468901712-0
                                                • Opcode ID: 0a93abcb879f473a12902292795cf7e82dac22f52b2322ca232790eae43561d5
                                                • Instruction ID: 76ffa189fcb42bdc8dec7ef10e10d85d9fa0a61811e93b6c35df338d5e192351
                                                • Opcode Fuzzy Hash: 0a93abcb879f473a12902292795cf7e82dac22f52b2322ca232790eae43561d5
                                                • Instruction Fuzzy Hash: 1821BB36A1CB41D6E7608B19E44436EB7A0F785794F608135EA8D87B6DCF3DD584CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7BCD0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Process$MemoryRead$Current
                                                • String ID:
                                                • API String ID: 1577588077-0
                                                • Opcode ID: 23bc74d74983745300ee3a1c3b794b4cc796c29f3ea9bf5c2655e67aa8b50e17
                                                • Instruction ID: 3ecf3c967fca443be70fb7f84d268c00d2aadc99f3fd60166c43e88cead57cce
                                                • Opcode Fuzzy Hash: 23bc74d74983745300ee3a1c3b794b4cc796c29f3ea9bf5c2655e67aa8b50e17
                                                • Instruction Fuzzy Hash: 3F21EC7662CBC592D6B18B11F4407AAB3A8F788B80F504135EA8E83B5DDF3CD645CB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A84660 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$Protect$CacheCurrentFileFlushInstructionModuleNameProcessQuery
                                                • String ID:
                                                • API String ID: 1315298301-0
                                                • Opcode ID: 966a76d4bfe7401d313446cadbe0b13b10e3014851c0a1843423032a1bd12697
                                                • Instruction ID: 7a455a6a912e9c7eae19e6776f431ec533dc3f7dcfab5df9ae46905794a28acb
                                                • Opcode Fuzzy Hash: 966a76d4bfe7401d313446cadbe0b13b10e3014851c0a1843423032a1bd12697
                                                • Instruction Fuzzy Hash: 0E211B7261C6C2A1E6709B21E8447EE6360FB8A785F905035DA8D87B9DCF7DD509CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A98BFB Relevance: 6.1, APIs: 4, Instructions: 53memorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CountTick$CloseContextHandleProtectThreadVirtual
                                                • String ID:
                                                • API String ID: 3590109142-0
                                                • Opcode ID: a788ccecee569ded1b79694552d59c47bb78a514854ebc2f0b3677c515d564d6
                                                • Instruction ID: 7a77b1a5717a313b69b52fbbef41c55b2a169886f53bf27b51e225129acc8960
                                                • Opcode Fuzzy Hash: a788ccecee569ded1b79694552d59c47bb78a514854ebc2f0b3677c515d564d6
                                                • Instruction Fuzzy Hash: DA31EA36A0DAC19AEA748F14E0843AAB3A1FBC5740F600136C68D93B9DDF3EE4508B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A725F0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 41%
                                                			E00007FF67FF600A725F0(long long __rcx, void* _a8) {
				long long _v20;
				long long _v24;
				long long _v28;
				long long _v32;
				void* _v40;
				void* _t29;
				void* _t30;
				long long _t37;
				long long _t42;

				_a8 = __rcx;
				_v28 = 1;
				GetLastError();
				_v32 = _t37;
				_v40 = 0;
				E00007FF67FF600A75270(_a8,  &_v40);
				if (_t37 == 0) goto 0xa72672;
				if (_v40 == 0) goto 0xa72672;
				if ( *_v40 == 0) goto 0xa72655;
				if (( *( *_v40 + 1) & 0x000000ff) - 1 <= 0) goto 0xa72655;
				_v20 = 0;
				goto 0xa7265d;
				_v20 = 1;
				_t42 = _v20;
				_v28 = _t42;
				LocalFree(??);
				goto 0xa726a9;
				E00007FF67FF600A729D0(_t42, _a8);
				E00007FF67FF600A72360(_t30, _t42);
				_v24 = _t42;
				if (_v24 == 0) goto 0xa726a9;
				GetCurrentProcessId();
				_t29 = E00007FF67FF600A72360(_t30, _t42);
				if (_v24 == _t42) goto 0xa726a9;
				_v28 = 0;
				SetLastError(??);
				return _t29;
			}












                                                0x7ff600a725f0
                                                0x7ff600a725f9
                                                0x7ff600a72601
                                                0x7ff600a72607
                                                0x7ff600a7260b
                                                0x7ff600a7261e
                                                0x7ff600a72625
                                                0x7ff600a7262d
                                                0x7ff600a72638
                                                0x7ff600a72649
                                                0x7ff600a7264b
                                                0x7ff600a72653
                                                0x7ff600a72655
                                                0x7ff600a7265d
                                                0x7ff600a72661
                                                0x7ff600a7266a
                                                0x7ff600a72670
                                                0x7ff600a72677
                                                0x7ff600a7267e
                                                0x7ff600a72683
                                                0x7ff600a7268c
                                                0x7ff600a7268e
                                                0x7ff600a72696
                                                0x7ff600a7269f
                                                0x7ff600a726a1
                                                0x7ff600a726ad
                                                0x7ff600a726bb

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastToken$InformationLocalProcess$AllocChangeCloseCurrentFindFreeNotificationOpen
                                                • String ID:
                                                • API String ID: 4054106062-0
                                                • Opcode ID: d77c6b22a39d4f5c24559d47734fb3e313d3132ef5ce68d76ff9abdb0307e0d2
                                                • Instruction ID: 17467411bc9f8633c73d512022eaad32e4623c5127e7ed1acce35ad3dae76f55
                                                • Opcode Fuzzy Hash: d77c6b22a39d4f5c24559d47734fb3e313d3132ef5ce68d76ff9abdb0307e0d2
                                                • Instruction Fuzzy Hash: 4621E87291C6419AE7609B25E84432AB7A0FB88748F208136F68E8679ECF7CE544CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A98690 Relevance: 6.0, APIs: 4, Instructions: 46memorysynchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual$CloseHandleMutexRelease
                                                • String ID:
                                                • API String ID: 356749969-0
                                                • Opcode ID: faa676ff1df7a44b897fab1038fa93fa5c84db475926f68a3163acf6007b8b8c
                                                • Instruction ID: 7450ea25ced8cdc1c6d9fe35fd8229cb85fa48cbe0ec601fa6ce5f13732ce4a1
                                                • Opcode Fuzzy Hash: faa676ff1df7a44b897fab1038fa93fa5c84db475926f68a3163acf6007b8b8c
                                                • Instruction Fuzzy Hash: A421FC66B1CB45A2EB20DB55E85432967A0FB8AB94F704035DA8E83769CF3EE545CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A72360 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 35%
                                                			E00007FF67FF600A72360(void* __ecx, long long __rax, long long _a8) {
				long long _v20;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v56;
				void* _t23;
				void* _t25;
				long long _t32;
				long long _t34;
				void* _t43;

				_t32 = __rax;
				_a8 = _t34;
				_v40 = 0;
				GetLastError();
				_v24 = __rax;
				E00007FF67FF600A7C5E0(__ecx, _t25, __rax, 0xb08158, 0, _t43);
				_v32 = _t32;
				if (_v32 == 0) goto 0xa72424;
				_v32();
				if (_t32 != 0) goto 0xa72424;
				if ( *0xb34ae8 != 0) goto 0xa723c9;
				E00007FF67FF600A7C6A0(__ecx, _t25, _t32, 0xb07f78);
				 *0xb34ae8 = _t32;
				if ( *0xb34ae8 == 0) goto 0xa7241c;
				GetCurrentProcessId();
				if (_a8 != _t32) goto 0xa7241c;
				_t23 = GetCurrentProcess();
				_v56 = 0;
				r9d = 4;
				asm("adc eax, 0xc26e1");
				_v20 = _t32;
				if (_v20 == 0) goto 0xa7241a;
				_v40 = 0;
				goto 0xa72424;
				_v40 = 0;
				SetLastError(??);
				return _t23;
			}













                                                0x7ff600a72360
                                                0x7ff600a72360
                                                0x7ff600a72368
                                                0x7ff600a72370
                                                0x7ff600a72376
                                                0x7ff600a72383
                                                0x7ff600a72388
                                                0x7ff600a72393
                                                0x7ff600a723a2
                                                0x7ff600a723a8
                                                0x7ff600a723b2
                                                0x7ff600a723bd
                                                0x7ff600a723c2
                                                0x7ff600a723d1
                                                0x7ff600a723d3
                                                0x7ff600a723dd
                                                0x7ff600a723df
                                                0x7ff600a723e5
                                                0x7ff600a723ee
                                                0x7ff600a72402
                                                0x7ff600a72407
                                                0x7ff600a72410
                                                0x7ff600a72412
                                                0x7ff600a7241a
                                                0x7ff600a7241c
                                                0x7ff600a72428
                                                0x7ff600a72436

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentErrorLastProcess
                                                • String ID:
                                                • API String ID: 335030130-0
                                                • Opcode ID: f61af99ad101d2a2cc1c688cb443f5f68a88804f7a07844461c6a1f82b576542
                                                • Instruction ID: d9c2b9b74e34f6d07a77617e90af9f80c9d2a92e2551b8ec4780912c4eba2145
                                                • Opcode Fuzzy Hash: f61af99ad101d2a2cc1c688cb443f5f68a88804f7a07844461c6a1f82b576542
                                                • Instruction Fuzzy Hash: 22213B3695CA42A3E754DF10E94836A73A1FB85704F205039E24F82BADDF3DE484CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9898E Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 18%
                                                			E00007FF67FF600A9898E(void* __edi, void* __esi, void* __esp, void* __r9, void* _a32, void* _a40, void* _a44, void* _a48, intOrPtr _a56, intOrPtr _a64, intOrPtr _a72, intOrPtr _a88, intOrPtr _a376, char _a384, void* _a400, signed int _a424, long long _a428, long long _a432, void* _a448, long long _a496, intOrPtr _a696, void* _a1656, void* _a1664, void* _a1672, void* _a1680, void* _a1684, long long _a1688, signed int _a1696, char _a1704, void* _a1708, long long _a1712, char _a1720, void* _a1724, char _a1728, long long _a1736, void* _a1784, void* _a1984, void* _a2992, long long _a3000, void* _a3028, void* _a3040, void* _a3064) {
				long _t117;
				signed char _t124;
				signed char _t125;
				long _t130;
				void* _t134;
				void* _t135;
				void* _t137;
				intOrPtr* _t162;
				intOrPtr* _t171;
				void* _t173;
				long long _t175;
				intOrPtr* _t183;
				signed long long _t225;
				void* _t232;

				_a424 = _a424 + 1;
				_a2992 = _a384;
				_t162 = _a2992;
				if (_a424 - _t162 >= 0) goto 0xa98aa2;
				_t117 = GetTickCount();
				_a428 = _t162;
				 *0xFE1E58E801B02499 =  *((long long*)(0xfe1e58e801b02499)) - 1;
				 *_t162 =  *_t162 + _t117;
				if (_a432 == 0) goto 0xa98a03;
				GetTickCount();
				if (_t162 - _a428 - _a432 >= 0) goto 0xa98a83;
				_a496 = 0x100001;
				_a3000 = _a376 + _a424 * 8;
				GetThreadContext(??, ??);
				if (_a3000 == 0) goto 0xa98a71;
				if (_a696 -  *((intOrPtr*)(_a56 + 0x10)) <= 0) goto 0xa98a71;
				_t171 =  *((intOrPtr*)(_a56 + 0x10)) + 5;
				if (_a696 - _t171 < 0) goto 0xa98a73;
				goto 0xa98a83;
				asm("push es");
				_t135 = _t134 + bpl;
				_pop(_t232);
				asm("invalid");
				 *((long long*)(_t171 + 0x63)) =  *((long long*)(_t171 + 0x63)) - 1;
				 *_t171 =  *_t171 + _t171;
				 *((intOrPtr*)(_t171 - 0x75)) =  *((intOrPtr*)(_t171 - 0x75)) + _t135;
				 *((intOrPtr*)(_t171 + _t225 * 2)) = fs;
				 *_t171 =  *_t171 + _t171;
				 *((intOrPtr*)(_t171 - 0x75)) =  *((intOrPtr*)(_t171 - 0x75)) + _t135;
				CloseHandle(??);
				goto E00007FF67FF600A9898E;
				E00007FF67FF600A758C0( &_a384);
				E00007FF67FF600A75730(_t232 + 0x190);
				_t173 = _a64 + 0x1e;
				r8d = 6;
				_t124 = E00007FF67FF600A99C70(_t173,  *((intOrPtr*)(_a64 + 0x10)));
				if (_t173 != 0) goto 0xa98b19;
				_t125 = _t124 & 0x00000038;
				_t175 =  *((intOrPtr*)(_t232 + 0xbf0));
				asm("invalid");
				asm("push es");
				 *0x15FFA4F2FFFFFFBE =  *((intOrPtr*)(0x15ffa4f2ffffffbe)) + _t125;
				asm("push es");
				 *_t175 =  *_t175 + _t125;
				 *((intOrPtr*)(_t175 - 0x75)) =  *((intOrPtr*)(_t175 - 0x75)) + _t135;
				FlushInstructionCache(??, ??, ??);
				if ( *((long long*)(_t232 + 0x60)) == 0) goto 0xa98d5c;
				E00007FF67FF600A7C6A0(_t135, _t137, _t175, 0xb0d060);
				_a1688 = _t175;
				_a1696 = _a1688 +  *((intOrPtr*)(_a1688 + 0xa)) + 0xe;
				_a1728 = 0;
				_a1736 = 0;
				 *((long long*)(_t232 + 0x6c4)) = 0;
				 *((char*)(_t232 + 0x6c8)) = 0;
				_a1704 = 0;
				_a1712 = 0;
				 *((long long*)(_t232 + 0x6ac)) = 0;
				_a1720 = 0;
				if ((E00007FF67FF600A74CE0(1, __edi, __esi, __esp, _a1688 +  *((intOrPtr*)(_a1688 + 0xa)) + 0xe,  &_a1728,  &_a1704) & 0x000000ff) == 0) goto 0xa98d42;
				 *(_t232 + 0x6d0) = 0;
				 *(_t232 + 0x6d0) =  *(_t232 + 0x6d0) + 1;
				 *((long long*)(_t232 + 0xbc8)) = _a1712;
				_t183 =  *((intOrPtr*)(_t232 + 0xbc8));
				if ( *(_t232 + 0x6d0) - _t183 >= 0) goto 0xa98d42;
				_t130 = GetTickCount();
				 *((long long*)(_t232 + 0x6d4)) = _t183;
				 *0xFE1BEBE806D82499 =  *((long long*)(0xfe1bebe806d82499)) - 1;
				 *_t183 =  *_t183 + _t130;
				if ( *((long long*)(_t232 + 0x6d8)) == 0) goto 0xa98c70;
				GetTickCount();
				if (_t183 -  *((intOrPtr*)(_t232 + 0x6d4)) -  *((intOrPtr*)(_t232 + 0x6d8)) >= 0) goto 0xa98d23;
				 *((long long*)(_t232 + 0x710)) = 0x100001;
				 *((long long*)(_t232 + 0xbd0)) = _a1704 +  *(_t232 + 0x6d0) * 8;
				GetThreadContext(??, ??);
				if ( *((intOrPtr*)(_t232 + 0xbd0)) == 0) goto 0xa98d11;
				if ( *(_t232 + 0x7d8) ==  *((intOrPtr*)(_a64 + 0x10))) goto 0xa98d13;
				if ( *(_t232 + 0x7d8) - _a1688 < 0) goto 0xa98cef;
				if ( *(_t232 + 0x7d8) - _a1688 + 0xa <= 0) goto 0xa98d13;
				if (( *(_t232 + 0x7d8) & 0xffff0000) == (_a1696 & 0xffff0000)) goto 0xa98d13;
				goto 0xa98d23;
				asm("push es");
				asm("invalid");
				CloseHandle(??);
				goto L1;
				__rcx =  &_a1704;
				__eax = E00007FF67FF600A758C0( &_a1704);
				__rcx =  &_a1728;
				__eax = E00007FF67FF600A75730( &_a1728);
				r8d = _a88;
				__rdx = 0x8;
				asm("dec eax");
				asm("adc eax, 0x6e546");
				if ( *((long long*)(__rsp + 0x60)) == 0) goto 0xa98d98;
				__r8 =  *((intOrPtr*)(__rsp + 0x58));
				__rdx = __rsp + 0x48;
				__rcx =  *((intOrPtr*)(__rsp + 0xc10));
				__eax = E00007FF67FF600A98690(__rax,  *((intOrPtr*)(__rsp + 0xc10)), __rsp + 0x48,  *((intOrPtr*)(__rsp + 0x58)));
				__rcx = __rsp + 0x70;
				__eax = E00007FF67FF600A90A60(__rsp + 0x70);
				__rax = _a72;
				__rsp = __rsp + 0xbf8;
				return __eax;
			}

















                                                0x7ff600a98998
                                                0x7ff600a989a6
                                                0x7ff600a989ad
                                                0x7ff600a989bb
                                                0x7ff600a989c1
                                                0x7ff600a989c7
                                                0x7ff600a989d7
                                                0x7ff600a989dd
                                                0x7ff600a989e7
                                                0x7ff600a989e9
                                                0x7ff600a989fd
                                                0x7ff600a98a03
                                                0x7ff600a98a22
                                                0x7ff600a98a3d
                                                0x7ff600a98a45
                                                0x7ff600a98a58
                                                0x7ff600a98a63
                                                0x7ff600a98a6f
                                                0x7ff600a98a71
                                                0x7ff600a98a7c
                                                0x7ff600a98a7d
                                                0x7ff600a98a7f
                                                0x7ff600a98a80
                                                0x7ff600a98a82
                                                0x7ff600a98a88
                                                0x7ff600a98a8a
                                                0x7ff600a98a8d
                                                0x7ff600a98a90
                                                0x7ff600a98a92
                                                0x7ff600a98a97
                                                0x7ff600a98a9d
                                                0x7ff600a98aaa
                                                0x7ff600a98ab7
                                                0x7ff600a98ac1
                                                0x7ff600a98ac5
                                                0x7ff600a98ad7
                                                0x7ff600a98ade
                                                0x7ff600a98afd
                                                0x7ff600a98b00
                                                0x7ff600a98b1b
                                                0x7ff600a98b1d
                                                0x7ff600a98b1e
                                                0x7ff600a98b21
                                                0x7ff600a98b22
                                                0x7ff600a98b24
                                                0x7ff600a98b31
                                                0x7ff600a98b3c
                                                0x7ff600a98b4b
                                                0x7ff600a98b50
                                                0x7ff600a98b70
                                                0x7ff600a98b78
                                                0x7ff600a98b84
                                                0x7ff600a98b8f
                                                0x7ff600a98b9a
                                                0x7ff600a98ba2
                                                0x7ff600a98bae
                                                0x7ff600a98bb9
                                                0x7ff600a98bc4
                                                0x7ff600a98be8
                                                0x7ff600a98bee
                                                0x7ff600a98c05
                                                0x7ff600a98c13
                                                0x7ff600a98c1a
                                                0x7ff600a98c28
                                                0x7ff600a98c2e
                                                0x7ff600a98c34
                                                0x7ff600a98c44
                                                0x7ff600a98c4a
                                                0x7ff600a98c54
                                                0x7ff600a98c56
                                                0x7ff600a98c6a
                                                0x7ff600a98c70
                                                0x7ff600a98c8f
                                                0x7ff600a98caa
                                                0x7ff600a98cb2
                                                0x7ff600a98cc5
                                                0x7ff600a98cd7
                                                0x7ff600a98ced
                                                0x7ff600a98d0f
                                                0x7ff600a98d11
                                                0x7ff600a98d1c
                                                0x7ff600a98d21
                                                0x7ff600a98d37
                                                0x7ff600a98d3d
                                                0x7ff600a98d42
                                                0x7ff600a98d4a
                                                0x7ff600a98d4f
                                                0x7ff600a98d57
                                                0x7ff600a98d61
                                                0x7ff600a98d66
                                                0x7ff600a98d72
                                                0x7ff600a98d75
                                                0x7ff600a98d7f
                                                0x7ff600a98d81
                                                0x7ff600a98d86
                                                0x7ff600a98d8b
                                                0x7ff600a98d93
                                                0x7ff600a98d98
                                                0x7ff600a98d9d
                                                0x7ff600a98da2
                                                0x7ff600a98da7
                                                0x7ff600a98db0

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CountTick$ContextThread$CacheCloseCurrentFlushHandleInstructionProcess
                                                • String ID:
                                                • API String ID: 451644539-0
                                                • Opcode ID: 5bbac3458c54ee63c2153197ceb855a8b9351110048b681560ed79f325673dfe
                                                • Instruction ID: 416ff760eb782445666aead55a76694c56ebdca621ca6789189b97229247a1a3
                                                • Opcode Fuzzy Hash: 5bbac3458c54ee63c2153197ceb855a8b9351110048b681560ed79f325673dfe
                                                • Instruction Fuzzy Hash: 5021AB36A0DAC1DAE7B08B15E0842EAB3A4FB89744F510136DA8E87B69DF3DD445CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A74330 Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 82%
                                                			E00007FF67FF600A74330() {
				intOrPtr _v24;
				void* _v32;
				void* _v40;
				void* _t13;
				long long _t19;
				long long _t20;
				long long* _t21;
				long long _t23;
				long long _t24;

				_t19 =  *0xb34b80; // 0x0
				_v32 = _t19;
				_t20 =  *0xb34b90; // 0x0
				_v40 = _t20;
				 *0xb34b80 = 0;
				 *0xb34b90 = 0;
				if (_v32 == 0) goto 0xa743b0;
				r8d = 0x40;
				dil = 0;
				asm("adc eax, 0x92f3b");
				if (_t20 == 0) goto 0xa743b0;
				_t21 = _v32;
				_t23 =  *0xb34b88; // 0x0
				 *_t21 = _t23;
				r8d = _v24;
				dil = 0;
				asm("adc eax, 0x92f10");
				if (_v40 == 0) goto 0xa74400;
				r8d = 0x40;
				dil = dil;
				asm("adc eax, 0x92eed");
				if (_t21 == 0) goto 0xa74400;
				_t24 =  *0xb34b98; // 0x0
				 *_v40 = _t24;
				r8d = _v24;
				dil = dil;
				asm("adc eax, 0x92ec0");
				 *0xb34b69 = 0;
				return _t13;
			}












                                                0x7ff600a74334
                                                0x7ff600a7433b
                                                0x7ff600a74340
                                                0x7ff600a74347
                                                0x7ff600a7434c
                                                0x7ff600a74357
                                                0x7ff600a74368
                                                0x7ff600a7436f
                                                0x7ff600a7437e
                                                0x7ff600a74380
                                                0x7ff600a74387
                                                0x7ff600a74389
                                                0x7ff600a7438e
                                                0x7ff600a74394
                                                0x7ff600a7439b
                                                0x7ff600a743a9
                                                0x7ff600a743ab
                                                0x7ff600a743b6
                                                0x7ff600a743bd
                                                0x7ff600a743cc
                                                0x7ff600a743ce
                                                0x7ff600a743d5
                                                0x7ff600a743dc
                                                0x7ff600a743e3
                                                0x7ff600a743eb
                                                0x7ff600a743f9
                                                0x7ff600a743fb
                                                0x7ff600a74400
                                                0x7ff600a7440b

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: ebb8fa8c142ede0beda1edeed03f02fb23536f3e8e1720e1eed11c259481d811
                                                • Instruction ID: 5a46f4823d2bbfa88dbec50987b8822b4ebda12462f5eb08379fc639d237f9a8
                                                • Opcode Fuzzy Hash: ebb8fa8c142ede0beda1edeed03f02fb23536f3e8e1720e1eed11c259481d811
                                                • Instruction Fuzzy Hash: 0621BB76A2CA41D2E7608B11F85476AB760F78E794F604135EA8E87B6CDF3EE544CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600B01F58 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FilePointer$ErrorLast
                                                • String ID:
                                                • API String ID: 142388799-0
                                                • Opcode ID: 4f22a78596493c375ac64dbd226f716ee8cfba15f6bfa68456defce1f2f41180
                                                • Instruction ID: 17dbf5df6dfadd4b06a0183ff5e19bbe716db244e86459a47ec99bfa63d34f7b
                                                • Opcode Fuzzy Hash: 4f22a78596493c375ac64dbd226f716ee8cfba15f6bfa68456defce1f2f41180
                                                • Instruction Fuzzy Hash: E0116931A0C68291E7209B65F94056EF7A4FF86B94F644531EA5EC3B9CDF3DE4458700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A97C30 Relevance: 6.0, APIs: 4, Instructions: 40fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseFileHandleView$Unmap
                                                • String ID:
                                                • API String ID: 1018311036-0
                                                • Opcode ID: 9ef4bf6374f4c31456e8259204d064d221cce2c1d96be7147cea1eef587ad2bd
                                                • Instruction ID: 5d46df380b248a238acd6429113be93b5e1e9a67c055a5ab1f4e4f6f293b8771
                                                • Opcode Fuzzy Hash: 9ef4bf6374f4c31456e8259204d064d221cce2c1d96be7147cea1eef587ad2bd
                                                • Instruction Fuzzy Hash: 3C11B636A2CB8591E7519F15E49432EB7A0F7C4BA0F505031EA8E87BA9CF7DD884CB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA65A4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00007FF67FF600AA65A4(long long __rbx, long long _a32) {

				_a32 = __rbx;
			}



                                                0x7ff600aa65a4

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                • String ID:
                                                • API String ID: 2933794660-0
                                                • Opcode ID: ae40f690e766a2c28d15294a54ca169cd7f77e3229143e6c7068e34f2b2d326d
                                                • Instruction ID: c5c4f5bbae8afeb992c24d4674e87cb623cedefd88766554b05395bcc351688c
                                                • Opcode Fuzzy Hash: ae40f690e766a2c28d15294a54ca169cd7f77e3229143e6c7068e34f2b2d326d
                                                • Instruction Fuzzy Hash: D8115232A48F469AEB10CF60EC542B433A4FB5E758F541A31EA5E87798DF3CE5958340
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A7C360 Relevance: 6.0, APIs: 4, Instructions: 38fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 27%
                                                			E00007FF67FF600A7C360(long long __rcx, void* _a8) {
				void* _v16;
				long long _v24;
				char _v296;
				long long _v312;
				long long _v328;
				void* _t21;
				long long _t24;

				_a8 = __rcx;
				_v24 = 0;
				_t24 = _a8;
				E00007FF67FF600A87240(_t24, 0xb09448, 0xb0935c,  *_t24,  &_v296);
				E00007FF67FF600A86F70(_t21, 0xb09448);
				_v312 = _t24;
				if (_v312 == 0) goto 0xa7c42a;
				_v328 = 0;
				r9d = 0;
				r8d = 0;
				dil = 0;
				asm("adc eax, 0x8af43");
				_v16 = _t24;
				if (_v16 == 0) goto 0xa7c419;
				 *_a8 =  *_v16;
				UnmapViewOfFile(??);
				_v24 = 1;
				goto 0xa7c41f;
				GetLastError();
				return CloseHandle(??);
			}










                                                0x7ff600a7c360
                                                0x7ff600a7c36c
                                                0x7ff600a7c37c
                                                0x7ff600a7c395
                                                0x7ff600a7c3a3
                                                0x7ff600a7c3a9
                                                0x7ff600a7c3b4
                                                0x7ff600a7c3b6
                                                0x7ff600a7c3bf
                                                0x7ff600a7c3c2
                                                0x7ff600a7c3ce
                                                0x7ff600a7c3d0
                                                0x7ff600a7c3d5
                                                0x7ff600a7c3e6
                                                0x7ff600a7c3fb
                                                0x7ff600a7c406
                                                0x7ff600a7c40c
                                                0x7ff600a7c417
                                                0x7ff600a7c419
                                                0x7ff600a7c438

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: lstrcat$FileView$CloseCurrentErrorHandleLastProcessUnmaplstrcpy
                                                • String ID:
                                                • API String ID: 899413528-0
                                                • Opcode ID: b0b88f4e764286c83ea669967bb50a5dee283f0dec7d7e58a0732711c18a9369
                                                • Instruction ID: 871b40a9e971b27b37a1a4c59572deb4ea398b9533861bb20e0666d04095ccbd
                                                • Opcode Fuzzy Hash: b0b88f4e764286c83ea669967bb50a5dee283f0dec7d7e58a0732711c18a9369
                                                • Instruction Fuzzy Hash: 1F11B23692CAC1D2E7609B50F8587EAA360FBC5B45F605035EA8E87BA9CF3DD445CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A86114 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$AllocLocal$CountCriticalEnterFileModuleNameQuerySectionTickVirtual
                                                • String ID:
                                                • API String ID: 3655856437-0
                                                • Opcode ID: cef2490d322354ea56c7498409087a5f640087dcb7a36bc388dd6351e84b8678
                                                • Instruction ID: 6f06eeae5d87ce4b7bf4c0fceb4932da77791f2bd32dffb3b91a6f926b1ca461
                                                • Opcode Fuzzy Hash: cef2490d322354ea56c7498409087a5f640087dcb7a36bc388dd6351e84b8678
                                                • Instruction Fuzzy Hash: F711AA3692CBC196E7609B15E45436AB7A0F785794F205535EA8E83BAECF7CE484CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A89690 Relevance: 6.0, APIs: 4, Instructions: 34registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CloseDeleteEnumOpen
                                                • String ID:
                                                • API String ID: 4142876296-0
                                                • Opcode ID: 44bb88319744a54de13fd9b3a6dc00659dff7b4820cdc7e1d31fbeca58583e61
                                                • Instruction ID: cc0133f7f62eba6c45a75000ce697b1d12b3d6ce0cc7a98d62f6ee085df7a08e
                                                • Opcode Fuzzy Hash: 44bb88319744a54de13fd9b3a6dc00659dff7b4820cdc7e1d31fbeca58583e61
                                                • Instruction Fuzzy Hash: E811BA7662CAC1D2DB609F11F88876AA364FBC4B84F505231DA8E83B59EF7DD504CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8EAB0 Relevance: 6.0, APIs: 4, Instructions: 28synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterEventLeaveObjectSingleWait
                                                • String ID:
                                                • API String ID: 4060455350-0
                                                • Opcode ID: 653e18f0ae6e1cecdacacbc4aa4614aed32c726b8a84162cb693fe1f6600e20f
                                                • Instruction ID: 340224f0523ede337e6522c8140e1eb59b047576e12f16932dedb1a2a22f14cb
                                                • Opcode Fuzzy Hash: 653e18f0ae6e1cecdacacbc4aa4614aed32c726b8a84162cb693fe1f6600e20f
                                                • Instruction Fuzzy Hash: AD011E31D1C941E7E320CB15E95422977A0FB8AB49FA00171E58FD2769CF6EEA45CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A726E0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CriticalSection$DeleteEnterInitializeLeave
                                                • String ID:
                                                • API String ID: 1090962914-0
                                                • Opcode ID: ae7e5becdc07f9fd81a523dee454183bd319a18438be0cc6660b81d59160b736
                                                • Instruction ID: 9e52c3bfd1dd014a0d7be567dffb9d2b7cf991b740181d3a1655c9ac8e40fdb6
                                                • Opcode Fuzzy Hash: ae7e5becdc07f9fd81a523dee454183bd319a18438be0cc6660b81d59160b736
                                                • Instruction Fuzzy Hash: 4701CC3281C542A6E6249B10EA54369B770FB86318F704135E29E827BDDF7EE949CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA1860 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00007FF67FF600AA1860() {
				long long _t11;

				E00007FF67FF600A75F40("FileOpenManagerListenPipe");
				if (_t11 != 0) goto 0xaa1886;
				GetLastError();
				 *0xb34a84 = _t11;
				E00007FF67FF600A75F40("FileOpenManagerListenScreenHooksPipe");
				if (_t11 != 0) goto 0xaa18aa;
				GetLastError();
				 *0xb34a84 = _t11;
				return 0;
			}




                                                0x7ff600aa186f
                                                0x7ff600aa1876
                                                0x7ff600aa187a
                                                0x7ff600aa1880
                                                0x7ff600aa188d
                                                0x7ff600aa1894
                                                0x7ff600aa1896
                                                0x7ff600aa189c
                                                0x7ff600aa18a9

                                                APIs
                                                • GetLastError.KERNEL32(?,?,?,00007FF600AA18C9,?,?,?,?,00007FF600AA1142), ref: 00007FF600AA187A
                                                • GetLastError.KERNEL32(?,?,?,00007FF600AA18C9,?,?,?,?,00007FF600AA1142), ref: 00007FF600AA1896
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLast
                                                • String ID: FileOpenManagerListenPipe$FileOpenManagerListenScreenHooksPipe
                                                • API String ID: 1452528299-1563720609
                                                • Opcode ID: 2b3596a42b67f67f80cc207c213c2b06f81fb9ab99abc85b84a9f26fc65876fe
                                                • Instruction ID: aeb1be4c3cfee6155f15de1fa3795e500fed96779b950bd61b866ffa55bf62dc
                                                • Opcode Fuzzy Hash: 2b3596a42b67f67f80cc207c213c2b06f81fb9ab99abc85b84a9f26fc65876fe
                                                • Instruction Fuzzy Hash: A2F06D22E8E503B3FB009B31AD0007523A8AF1A301F744071C81EC53EEEF2DB0889620
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB49C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 191COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 61%
                                                			E00007FF67FF600AB49C8(void* __edx, long long* __rcx, void* __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t94;
				intOrPtr _t101;
				void* _t103;
				void* _t117;
				long long _t118;
				signed long long _t124;
				long long _t126;
				signed long long _t127;
				signed long long _t169;
				long long _t172;
				signed char* _t183;
				signed char* _t184;
				signed char* _t185;
				void* _t186;
				long long* _t187;
				long long* _t188;
				void* _t189;
				signed long long _t190;
				intOrPtr _t198;
				void* _t205;
				long long _t206;

				_t188 = _t189 - 0x38;
				_t190 = _t189 - 0x138;
				_t124 =  *0xb2fde8; // 0xc4f55cf73642
				 *(_t188 + 0x28) = _t124 ^ _t190;
				_t186 = __r9;
				_t126 =  *((intOrPtr*)(_t188 + 0xb8));
				_t205 = __rdx;
				_t206 =  *((intOrPtr*)(_t188 + 0xa0));
				_t187 = __rcx;
				 *((long long*)(_t190 + 0x70)) = _t126;
				 *((long long*)(_t190 + 0x78)) = __r8;
				if ( *__rcx == 0x80000003) goto 0xab4c91;
				E00007FF67FF600AA8F38(_t126);
				r12d =  *((intOrPtr*)(_t188 + 0xb0));
				r15d =  *((intOrPtr*)(_t188 + 0xa8));
				if ( *((long long*)(_t126 + 0x10)) == 0) goto 0xab4a90;
				__imp__EncodePointer();
				E00007FF67FF600AA8F38(_t126);
				if ( *((intOrPtr*)(_t126 + 0x10)) == _t126) goto 0xab4a90;
				if ( *__rcx == 0xe0434f4d) goto 0xab4a90;
				if ( *__rcx == 0xe0434352) goto 0xab4a90;
				_t127 =  *((intOrPtr*)(_t190 + 0x70));
				 *((intOrPtr*)(_t190 + 0x38)) = r15d;
				 *(_t190 + 0x30) = _t127;
				 *((intOrPtr*)(_t190 + 0x28)) = r12d;
				 *((long long*)(_t190 + 0x20)) = _t206;
				E00007FF67FF600AB2644(__rcx, __rdx,  *((intOrPtr*)(_t190 + 0x78)), __r9);
				if (_t127 != 0) goto 0xab4c91;
				E00007FF67FF600AB54B0(_t188, _t206,  *((intOrPtr*)(__r9 + 8)));
				if ( *_t188 <= 0) goto 0xab4cb1;
				 *((intOrPtr*)(_t190 + 0x28)) = r12d;
				 *((long long*)(_t190 + 0x20)) = _t206;
				r8d = r15d;
				_t94 = E00007FF67FF600AB2CB4(_t126, _t188 - 0x70, _t188, _t186, __rcx, _t188);
				asm("movups xmm0, [ebp-0x70]");
				asm("movdqu [ebp-0x80], xmm0");
				asm("psrldq xmm0, 0x8");
				asm("movd eax, xmm0");
				if (_t127 -  *((intOrPtr*)(_t188 - 0x58)) >= 0) goto 0xab4c91;
				 *((long long*)(_t190 + 0x68)) =  *((intOrPtr*)(_t188 - 0x70));
				 *((long long*)(_t190 + 0x60)) =  *((intOrPtr*)(_t188 - 0x78));
				asm("inc ecx");
				asm("dec ax");
				asm("movups [ebp-0x80], xmm0");
				if (_t94 - r15d > 0) goto 0xab4bf7;
				_t117 = r15d - _t94;
				if (_t117 > 0) goto 0xab4bf7;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x10))));
				E00007FF67FF600AB5408( *((intOrPtr*)(_t186 + 0x10)), _t188 - 0x50, _t188 - 0x80,  *((intOrPtr*)(_t186 + 8)));
				 *((long long*)(_t188 - 0x48)) =  *((intOrPtr*)(_t188 - 0x40));
				E00007FF67FF600AB5CCC( *((intOrPtr*)(_t188 - 0x40)), _t188 - 0x50);
				_t132 =  *((intOrPtr*)(_t188 - 0x40));
				 *((long long*)(_t188 - 0x48)) =  *((intOrPtr*)(_t188 - 0x40));
				E00007FF67FF600AB5CCC( *((intOrPtr*)(_t188 - 0x40)), _t188 - 0x50);
				if (_t117 == 0) goto 0xab4b6e;
				E00007FF67FF600AB5CCC( *((intOrPtr*)(_t188 - 0x40)), _t188 - 0x50);
				if (_t117 != 0) goto 0xab4b5f;
				_t118 =  *((long long*)(_t188 - 0x30));
				if (_t118 == 0) goto 0xab4b9c;
				E00007FF67FF600AB32F4(_t132);
				if (_t118 == 0) goto 0xab4b9c;
				if ( *((intOrPtr*)(_t188 - 0x30)) == 0) goto 0xab4b94;
				E00007FF67FF600AB32F4(_t132 +  *((intOrPtr*)(_t188 - 0x30)));
				goto 0xab4b96;
				if ( *0x00000010 != 0) goto 0xab4beb;
				if (( *(_t188 - 0x34) & 0x00000040) != 0) goto 0xab4beb;
				 *((char*)(_t190 + 0x58)) = 0;
				 *((char*)(_t190 + 0x50)) = 1;
				 *((long long*)(_t190 + 0x48)) =  *((intOrPtr*)(_t190 + 0x70));
				 *((intOrPtr*)(_t190 + 0x40)) = r12d;
				 *((long long*)(_t190 + 0x38)) = _t188 - 0x80;
				 *(_t190 + 0x30) =  *(_t190 + 0x30) & 0x00000000;
				 *((long long*)(_t190 + 0x28)) = _t188 - 0x38;
				 *((long long*)(_t190 + 0x20)) = _t206;
				_t101 = E00007FF67FF600AB3D18(_t103,  *((intOrPtr*)(_t188 - 0x50)), _t187, _t205,  *((intOrPtr*)(_t190 + 0x78)), _t186);
				_t198 =  *((intOrPtr*)(_t190 + 0x68));
				_t183 =  *(_t198 + 8) -  *((char*)(( *( *(_t198 + 8)) & 0xf) + 0x7ff600b11920));
				 *(_t198 + 8) = _t183;
				 *((intOrPtr*)(_t198 + 0x18)) = _t101;
				_t184 = _t183 -  *((char*)(( *_t183 & 0xf) + 0x7ff600b11920));
				 *(_t198 + 8) = _t184;
				 *((intOrPtr*)(_t198 + 0x1c)) = _t101;
				_t169 =  *_t184 & 0xf;
				_t185 = _t184 -  *((char*)(_t169 + 0x7ff600b11920));
				 *((intOrPtr*)(_t198 + 0x20)) = _t101;
				 *(_t198 + 8) = _t185;
				 *((intOrPtr*)(_t198 + 0x24)) =  *((intOrPtr*)(_t169 + 0x7ff600b11930));
				_t172 =  *((intOrPtr*)(_t190 + 0x60)) + 1;
				 *(_t198 + 8) =  &(_t185[4]);
				 *((long long*)(_t190 + 0x60)) = _t172;
				if (_t172 -  *((intOrPtr*)(_t188 - 0x58)) < 0) goto 0xab4af9;
				return E00007FF67FF600AA5980(_t101,  *((intOrPtr*)(_t169 + 0x7ff600b11930)),  *(_t188 + 0x28) ^ _t190);
			}




























                                                0x7ff600ab49d5
                                                0x7ff600ab49da
                                                0x7ff600ab49e1
                                                0x7ff600ab49eb
                                                0x7ff600ab49f5
                                                0x7ff600ab49f8
                                                0x7ff600ab49ff
                                                0x7ff600ab4a02
                                                0x7ff600ab4a09
                                                0x7ff600ab4a0c
                                                0x7ff600ab4a11
                                                0x7ff600ab4a16
                                                0x7ff600ab4a1c
                                                0x7ff600ab4a21
                                                0x7ff600ab4a28
                                                0x7ff600ab4a34
                                                0x7ff600ab4a38
                                                0x7ff600ab4a41
                                                0x7ff600ab4a4a
                                                0x7ff600ab4a52
                                                0x7ff600ab4a5a
                                                0x7ff600ab4a5c
                                                0x7ff600ab4a6c
                                                0x7ff600ab4a74
                                                0x7ff600ab4a79
                                                0x7ff600ab4a7e
                                                0x7ff600ab4a83
                                                0x7ff600ab4a8a
                                                0x7ff600ab4a9b
                                                0x7ff600ab4aa4
                                                0x7ff600ab4aaa
                                                0x7ff600ab4ab6
                                                0x7ff600ab4abb
                                                0x7ff600ab4ac2
                                                0x7ff600ab4ac7
                                                0x7ff600ab4acb
                                                0x7ff600ab4ad0
                                                0x7ff600ab4ad5
                                                0x7ff600ab4adc
                                                0x7ff600ab4af0
                                                0x7ff600ab4af5
                                                0x7ff600ab4af9
                                                0x7ff600ab4afe
                                                0x7ff600ab4b03
                                                0x7ff600ab4b0a
                                                0x7ff600ab4b14
                                                0x7ff600ab4b17
                                                0x7ff600ab4b2d
                                                0x7ff600ab4b30
                                                0x7ff600ab4b3d
                                                0x7ff600ab4b41
                                                0x7ff600ab4b46
                                                0x7ff600ab4b51
                                                0x7ff600ab4b55
                                                0x7ff600ab4b5d
                                                0x7ff600ab4b63
                                                0x7ff600ab4b6c
                                                0x7ff600ab4b6e
                                                0x7ff600ab4b72
                                                0x7ff600ab4b74
                                                0x7ff600ab4b80
                                                0x7ff600ab4b84
                                                0x7ff600ab4b86
                                                0x7ff600ab4b92
                                                0x7ff600ab4b9a
                                                0x7ff600ab4ba0
                                                0x7ff600ab4bb2
                                                0x7ff600ab4bba
                                                0x7ff600ab4bbf
                                                0x7ff600ab4bc8
                                                0x7ff600ab4bcd
                                                0x7ff600ab4bd6
                                                0x7ff600ab4bdc
                                                0x7ff600ab4be1
                                                0x7ff600ab4be6
                                                0x7ff600ab4beb
                                                0x7ff600ab4c12
                                                0x7ff600ab4c1a
                                                0x7ff600ab4c1e
                                                0x7ff600ab4c39
                                                0x7ff600ab4c41
                                                0x7ff600ab4c45
                                                0x7ff600ab4c4c
                                                0x7ff600ab4c60
                                                0x7ff600ab4c68
                                                0x7ff600ab4c70
                                                0x7ff600ab4c76
                                                0x7ff600ab4c7e
                                                0x7ff600ab4c80
                                                0x7ff600ab4c84
                                                0x7ff600ab4c8b
                                                0x7ff600ab4cb0

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: EncodePointer
                                                • String ID: MOC$RCC
                                                • API String ID: 2118026453-2084237596
                                                • Opcode ID: e42c6aee3592dc691a82daeba1c98c977f03e06c7175bbe836308008a39c9067
                                                • Instruction ID: 186bfdb2dba013dcaa160156a4b7200e2ba2d48ef5db4a2b7c5d49922644bc25
                                                • Opcode Fuzzy Hash: e42c6aee3592dc691a82daeba1c98c977f03e06c7175bbe836308008a39c9067
                                                • Instruction Fuzzy Hash: C0917073A08B859AE710CB65E8903AD7BA0F749788F244139EB8D9775BDF38D195C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA8080 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 24%
                                                			E00007FF67FF600AA8080(void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __r8, intOrPtr* __r9) {
				void* _t75;
				void* _t78;
				void* _t79;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t87;
				long long* _t94;
				void* _t100;
				long long* _t116;
				intOrPtr _t126;
				intOrPtr* _t130;
				signed long long _t139;
				signed long long _t147;
				void* _t149;
				signed long long _t152;
				void* _t154;
				void* _t157;
				long long _t160;
				intOrPtr* _t161;
				void* _t163;
				void* _t164;
				void* _t171;
				intOrPtr _t172;
				void* _t174;
				void* _t175;
				void* _t177;
				void* _t179;
				void* _t181;
				intOrPtr* _t182;

				 *((long long*)(_t163 + 8)) = __rbx;
				 *((long long*)(_t163 + 0x10)) = _t160;
				 *((long long*)(_t163 + 0x18)) = __rsi;
				_t164 = _t163 - 0x40;
				_t161 = __rcx;
				_t182 = __r9;
				_t175 = __rdx;
				E00007FF67FF600AA8D3C(_t75, __r8);
				_t172 =  *((intOrPtr*)(__r9 + 8));
				_t130 =  *((intOrPtr*)(__r9 + 0x38));
				_t179 =  *__r9 - _t172;
				_t87 =  *((intOrPtr*)(__r9 + 0x48));
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0xaa81a8;
				 *((long long*)(_t164 + 0x30)) = __rcx;
				 *((long long*)(_t164 + 0x38)) = __r8;
				if (__rsi -  *_t130 >= 0) goto 0xaa8268;
				_t152 = __rsi + __rsi;
				if (_t179 -  *((intOrPtr*)(_t130 + 4 + _t152 * 8)) < 0) goto 0xaa819a;
				if (_t179 -  *((intOrPtr*)(_t130 + 8 + _t152 * 8)) >= 0) goto 0xaa819a;
				if ( *((long long*)(_t130 + 0x10 + _t152 * 8)) == 0) goto 0xaa819a;
				if ( *((long long*)(_t130 + 0xc + _t152 * 8)) == 1) goto 0xaa8126;
				_t116 =  *((intOrPtr*)(_t130 + 0xc + _t152 * 8)) + _t172;
				 *_t116(_t181, _t177, _t174, _t171, _t149);
				_t94 = _t116;
				if (_t94 < 0) goto 0xaa81a1;
				if (_t94 <= 0) goto 0xaa819a;
				if ( *((long long*)(__rcx)) != 0xe06d7363) goto 0xaa8157;
				if ( *0xb10338 == 0) goto 0xaa8157;
				_t78 = E00007FF67FF600B05A10(_t116, _t130, 0xb10338);
				if (_t116 == 0) goto 0xaa8157;
				asm("adc eax, 0x681e1");
				r8d = 1;
				_t79 = E00007FF67FF600AA8D00(_t78,  *((intOrPtr*)(_t130 + 0x10 + _t152 * 8)) + _t172, _t175);
				r9d =  *_t161;
				 *((long long*)(_t164 + 0x28)) =  *((intOrPtr*)(_t182 + 0x40));
				 *((long long*)(_t164 + 0x20)) =  *((intOrPtr*)(_t182 + 0x28));
				__imp__RtlUnwindEx();
				_t80 = E00007FF67FF600AA8D30(_t79);
				_t157 = __rsi + 1;
				goto 0xaa80d6;
				goto 0xaa826d;
				r9d =  *_t130;
				_t154 =  *((intOrPtr*)(_t182 + 0x20)) - _t172;
				if (_t87 - r9d >= 0) goto 0xaa8268;
				r8d = r9d;
				_t147 = _t157 + _t157;
				if (_t179 -  *((intOrPtr*)(_t130 + 4 + _t147 * 8)) < 0) goto 0xaa825b;
				_t100 = _t179 -  *((intOrPtr*)(_t130 + 8 + _t147 * 8));
				if (_t100 >= 0) goto 0xaa825b;
				r11d =  *(_t161 + 4);
				r11d = r11d & 0x00000020;
				if (_t100 == 0) goto 0xaa822a;
				r10d = 0;
				if (r8d == 0) goto 0xaa8222;
				_t139 = _t175 + _t175;
				if (_t154 -  *((intOrPtr*)(_t130 + 4 + _t139 * 8)) < 0) goto 0xaa821a;
				if (_t154 -  *((intOrPtr*)(_t130 + 8 + _t139 * 8)) >= 0) goto 0xaa821a;
				if ( *((intOrPtr*)(_t130 + 0x10 + _t139 * 8)) !=  *((intOrPtr*)(_t130 + 0x10 + _t147 * 8))) goto 0xaa821a;
				if ( *((intOrPtr*)(_t130 + 0xc + _t139 * 8)) ==  *((intOrPtr*)(_t130 + 0xc + _t147 * 8))) goto 0xaa8222;
				r10d = r10d + 1;
				if (r10d - r8d < 0) goto 0xaa81ee;
				if (r10d != r9d) goto 0xaa8268;
				_t126 =  *((intOrPtr*)(_t130 + 0x10 + _t147 * 8));
				if (_t126 == 0) goto 0xaa823e;
				if (_t154 != _t126) goto 0xaa825b;
				if (r11d != 0) goto 0xaa8268;
				goto 0xaa825b;
				 *((intOrPtr*)(_t182 + 0x48)) = _t80;
				r8d =  *((intOrPtr*)(_t130 + 0xc + _t147 * 8));
				_t81 =  *((long long*)(_t161 + _t172))();
				r9d =  *_t130;
				r8d = r9d;
				if (_t157 + 1 - _t139 < 0) goto 0xaa81be;
				return _t81;
			}
































                                                0x7ff600aa8080
                                                0x7ff600aa8085
                                                0x7ff600aa808a
                                                0x7ff600aa8098
                                                0x7ff600aa809c
                                                0x7ff600aa809f
                                                0x7ff600aa80a8
                                                0x7ff600aa80ab
                                                0x7ff600aa80b0
                                                0x7ff600aa80b7
                                                0x7ff600aa80bb
                                                0x7ff600aa80c2
                                                0x7ff600aa80c6
                                                0x7ff600aa80cc
                                                0x7ff600aa80d1
                                                0x7ff600aa80d8
                                                0x7ff600aa80e0
                                                0x7ff600aa80ea
                                                0x7ff600aa80f7
                                                0x7ff600aa8102
                                                0x7ff600aa810d
                                                0x7ff600aa8118
                                                0x7ff600aa811e
                                                0x7ff600aa8120
                                                0x7ff600aa8122
                                                0x7ff600aa8124
                                                0x7ff600aa812d
                                                0x7ff600aa8137
                                                0x7ff600aa8140
                                                0x7ff600aa8147
                                                0x7ff600aa8152
                                                0x7ff600aa815b
                                                0x7ff600aa8167
                                                0x7ff600aa817a
                                                0x7ff600aa8181
                                                0x7ff600aa818a
                                                0x7ff600aa818f
                                                0x7ff600aa8195
                                                0x7ff600aa819a
                                                0x7ff600aa819c
                                                0x7ff600aa81a3
                                                0x7ff600aa81ac
                                                0x7ff600aa81af
                                                0x7ff600aa81b5
                                                0x7ff600aa81bb
                                                0x7ff600aa81c3
                                                0x7ff600aa81cd
                                                0x7ff600aa81d7
                                                0x7ff600aa81da
                                                0x7ff600aa81dc
                                                0x7ff600aa81e0
                                                0x7ff600aa81e4
                                                0x7ff600aa81e6
                                                0x7ff600aa81ec
                                                0x7ff600aa81f1
                                                0x7ff600aa81fb
                                                0x7ff600aa8204
                                                0x7ff600aa820e
                                                0x7ff600aa8218
                                                0x7ff600aa821a
                                                0x7ff600aa8220
                                                0x7ff600aa8228
                                                0x7ff600aa822a
                                                0x7ff600aa8230
                                                0x7ff600aa8235
                                                0x7ff600aa823a
                                                0x7ff600aa823c
                                                0x7ff600aa8243
                                                0x7ff600aa8247
                                                0x7ff600aa8252
                                                0x7ff600aa8255
                                                0x7ff600aa825d
                                                0x7ff600aa8262
                                                0x7ff600aa828a

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Unwind
                                                • String ID: csm$f
                                                • API String ID: 3419175465-629598281
                                                • Opcode ID: 6fb9f6dc0cf051f768ee5c3d5bffdf57b1227d081edb4a6b9b61f303fedb2315
                                                • Instruction ID: 474e1c29b3b4aa2968de56bbe235ab893ea37327e7fedc93a56a6ede90fe51f2
                                                • Opcode Fuzzy Hash: 6fb9f6dc0cf051f768ee5c3d5bffdf57b1227d081edb4a6b9b61f303fedb2315
                                                • Instruction Fuzzy Hash: C951CD32A19A52A6EB18DF11E544B787391FB06B88F708534DE6A877CEDF3DE8418700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB47B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00007FF67FF600AB47B0(long long __rbx, intOrPtr* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t19;
				void* _t26;
				long long _t27;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;

				_t26 = _t45;
				 *((long long*)(_t26 + 0x20)) = __rbx;
				 *((long long*)(_t26 + 0x18)) = __r8;
				 *((long long*)(_t26 + 0x10)) = __rdx;
				_t43 = _t26 - 0x3f;
				_t46 = _t45 - 0xc0;
				if ( *((long long*)(__rcx)) == 0x80000003) goto 0xab4854;
				E00007FF67FF600AA8F38(_t26);
				r12d =  *((intOrPtr*)(_t43 + 0x6f));
				if ( *((long long*)(_t26 + 0x10)) == 0) goto 0xab486f;
				__imp__EncodePointer(_t59, _t56, _t54, _t52, _t36, _t39, _t42);
				E00007FF67FF600AA8F38(_t26);
				if ( *((intOrPtr*)(_t26 + 0x10)) == _t26) goto 0xab486f;
				if ( *__rcx == 0xe0434f4d) goto 0xab486f;
				r13d =  *((intOrPtr*)(_t43 + 0x77));
				if ( *__rcx == 0xe0434352) goto 0xab4873;
				_t27 =  *((intOrPtr*)(_t43 + 0x7f));
				 *((intOrPtr*)(_t46 + 0x38)) = r12d;
				 *((long long*)(_t46 + 0x30)) = _t27;
				 *((intOrPtr*)(_t46 + 0x28)) = r13d;
				 *((long long*)(_t46 + 0x20)) =  *((intOrPtr*)(_t43 + 0x67));
				_t19 = E00007FF67FF600AB25F0(__rcx,  *((intOrPtr*)(_t43 + 0x4f)), __r8, __r9);
				if (_t27 == 0) goto 0xab4873;
				return _t19;
			}
















                                                0x7ff600ab47b0
                                                0x7ff600ab47b3
                                                0x7ff600ab47b7
                                                0x7ff600ab47bb
                                                0x7ff600ab47ca
                                                0x7ff600ab47ce
                                                0x7ff600ab47e4
                                                0x7ff600ab47e6
                                                0x7ff600ab47eb
                                                0x7ff600ab47f8
                                                0x7ff600ab47fc
                                                0x7ff600ab4805
                                                0x7ff600ab480e
                                                0x7ff600ab4817
                                                0x7ff600ab4820
                                                0x7ff600ab4824
                                                0x7ff600ab4826
                                                0x7ff600ab4834
                                                0x7ff600ab483c
                                                0x7ff600ab4841
                                                0x7ff600ab4846
                                                0x7ff600ab484b
                                                0x7ff600ab4852
                                                0x7ff600ab486e

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: EncodePointer
                                                • String ID: MOC$RCC
                                                • API String ID: 2118026453-2084237596
                                                • Opcode ID: ef8b51036dee6ff033aff1f1169ebba970b252d9cd474ffb6454171223dd0ae2
                                                • Instruction ID: 500ad524b465ac4f4bda032135587708e3fe6075ba4d0f2a84026c6f76e628e4
                                                • Opcode Fuzzy Hash: ef8b51036dee6ff033aff1f1169ebba970b252d9cd474ffb6454171223dd0ae2
                                                • Instruction Fuzzy Hash: B7512833A08B899AEB148FA5D0803AD77A0FB49B88F244135EF4D57B5ADF78E155C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AFDBB8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 15%
                                                			E00007FF67FF600AFDBB8(void* __edx, void* __edi, void* __rax, signed long long __rbx, long long* __rcx, long long __rbp, void* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				long long _v0;
				signed long long _v8;
				void* _t35;
				long _t38;
				short _t40;
				void* _t43;
				void* _t44;
				short* _t64;
				void* _t65;
				signed long long _t67;
				long long _t68;
				signed long long _t95;
				void* _t103;
				void* _t104;

				_a8 = __rbx;
				_a24 = __rbp;
				 *0x7F5CE80000149B =  *((intOrPtr*)(0x7f5ce80000149b)) + _t40;
				asm("loopne 0x4a");
				_a5176 =  *0xb2fde8 ^ _t95;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t104 = _t103 + __r8;
				 *__rcx = 0;
				 *((long long*)(__rcx + 8)) = 0;
				if (__r8 - _t104 >= 0) goto 0xafdcf9;
				if (__r8 - _t104 >= 0) goto 0xafdc62;
				if (_t40 != 0xa) goto 0xafdc4e;
				_t64 =  &_a40 + 2;
				 *_t64 = _t40;
				_t65 = _t64 + 2;
				if (_t65 -  &_a1744 < 0) goto 0xafdc30;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_t67 = _t65 -  &_a40 >> 1;
				_v8 =  &_a1752;
				r9d = _t35;
				asm("invalid");
				if (_t67 == 0) goto 0xafdcf1;
				if (_t67 == 0) goto 0xafdce1;
				_v8 = _v8 & 0x00000000;
				r8d = _t44;
				r8d = r8d - _t43;
				WriteFile(??, ??, ??, ??, ??);
				if (_t67 == 0) goto 0xafdcf1;
				if (0 + _a24 - _t67 < 0) goto 0xafdcae;
				_t68 = __r8 + 2;
				 *((long long*)(__rcx + 4)) = _t68;
				goto 0xafdc25;
				_t38 = GetLastError();
				 *__rcx = _t68;
				return E00007FF67FF600AA5980(_t38, _t40, _a5176 ^ _t95);
			}

















                                                0x7ff600afdbb8
                                                0x7ff600afdbbd
                                                0x7ff600afdbd3
                                                0x7ff600afdbd6
                                                0x7ff600afdbe1
                                                0x7ff600afdbf2
                                                0x7ff600afdc00
                                                0x7ff600afdc04
                                                0x7ff600afdc1c
                                                0x7ff600afdc22
                                                0x7ff600afdc25
                                                0x7ff600afdc33
                                                0x7ff600afdc40
                                                0x7ff600afdc4b
                                                0x7ff600afdc4e
                                                0x7ff600afdc51
                                                0x7ff600afdc60
                                                0x7ff600afdc62
                                                0x7ff600afdc6d
                                                0x7ff600afdc7b
                                                0x7ff600afdc8b
                                                0x7ff600afdc8e
                                                0x7ff600afdc93
                                                0x7ff600afdc9f
                                                0x7ff600afdca6
                                                0x7ff600afdcac
                                                0x7ff600afdcae
                                                0x7ff600afdcc3
                                                0x7ff600afdccc
                                                0x7ff600afdccf
                                                0x7ff600afdcd7
                                                0x7ff600afdcdf
                                                0x7ff600afdce1
                                                0x7ff600afdce6
                                                0x7ff600afdcec
                                                0x7ff600afdcf1
                                                0x7ff600afdcf7
                                                0x7ff600afdd27

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorFileLastWrite
                                                • String ID: U
                                                • API String ID: 442123175-4171548499
                                                • Opcode ID: 91c9553722128d4f6b89960c74b60fe522471925c5c98b3d935d3e1d0e947f3f
                                                • Instruction ID: b8269926fa65cff67b17567db343a71482a5bebb0e4ae4ec0752c11f2353a18a
                                                • Opcode Fuzzy Hash: 91c9553722128d4f6b89960c74b60fe522471925c5c98b3d935d3e1d0e947f3f
                                                • Instruction Fuzzy Hash: 9041D223B18A4192DB218F65E4443BAA765FB98B94FA04031EE4EC7788DF7CD442C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A9FCB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF600A9F9FE), ref: 00007FF600A9FD53
                                                • VirtualFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF600A9F9FE), ref: 00007FF600A9FDA7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeProtect
                                                • String ID: (
                                                • API String ID: 2581862158-3887548279
                                                • Opcode ID: 9617623db4bcb7263d047312105ee119235de8a7dfcca626ddc89258575e1298
                                                • Instruction ID: 105a13d2c910a1b7e525a7557c4d64511f0d32677df624657778b1259b30a0ab
                                                • Opcode Fuzzy Hash: 9617623db4bcb7263d047312105ee119235de8a7dfcca626ddc89258575e1298
                                                • Instruction Fuzzy Hash: 13419476719B448ADB94CF5AE49021EB7A0F7C8B94F115026FE8E93B68DFB8D445CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A77196 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59synchronizationCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00007FF67FF600A77196(long long _a60, signed int _a80, void* _a152, void* _a160, void* _a168, void* _a176, long long _a184, intOrPtr _a208) {
				long _t45;
				void* _t48;
				void* _t49;
				long long _t65;
				void* _t92;
				void* _t96;
				void* _t97;

				_a80 = _a80 - 1;
				if (_a80 < 0) goto 0xa772df;
				if (_a80 > 0) goto 0xa771be;
				if (_a60 - 1 <= 0) goto 0xa772da;
				_a152 =  *((intOrPtr*)(_a208 + 0x80));
				if ( *((long long*)( *((intOrPtr*)( *_a152 + _a80 * 8)) + 0x18)) != 0) goto 0xa772da;
				_a160 =  *((intOrPtr*)(_a208 + 0x80));
				_t65 =  *_a160 + _a80 * 8;
				_a168 = _t65;
				_t45 = GetTickCount();
				if (_t65 -  *((intOrPtr*)( *_a168 + 0x20)) - 0x64 <= 0) goto 0xa772da;
				E00007FF67FF600A76710(_t45, L"Dispatch thread: Removing idle thread from worker pool\n", _t92, _t96, _t97);
				_a176 =  *((intOrPtr*)(_a208 + 0x80));
				 *((long long*)( *((intOrPtr*)( *_a176 + _a80 * 8)) + 0x24)) = 1;
				_a184 =  *((intOrPtr*)(_a208 + 0x80));
				SetEvent(??);
				_a60 = _a60 - 1;
				_t48 = E00007FF67FF600A79F10(_t49,  *((intOrPtr*)(_a208 + 0x80)));
				goto E00007FF67FF600A77196;
				goto 0xa76e8d;
				return _t48;
			}










                                                0x7ff600a7719d
                                                0x7ff600a771a6
                                                0x7ff600a771b1
                                                0x7ff600a771b8
                                                0x7ff600a771cd
                                                0x7ff600a771ee
                                                0x7ff600a77203
                                                0x7ff600a7721b
                                                0x7ff600a7721f
                                                0x7ff600a77227
                                                0x7ff600a7723e
                                                0x7ff600a7724b
                                                0x7ff600a7725f
                                                0x7ff600a7727b
                                                0x7ff600a77291
                                                0x7ff600a772b1
                                                0x7ff600a772be
                                                0x7ff600a772d5
                                                0x7ff600a772da
                                                0x7ff600a772df
                                                0x7ff600a772ed

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: CountEventObjectSingleTickWait
                                                • String ID: Dispatch thread: Removing idle thread from worker pool
                                                • API String ID: 3443438707-3158692423
                                                • Opcode ID: c26d2e5b7878b92e1acbe401f75320e963f97627217b909a811cc94ef5e12b1d
                                                • Instruction ID: e874eac0980c66f1385c07967240faaf89e553905c58655987b54f3d71467408
                                                • Opcode Fuzzy Hash: c26d2e5b7878b92e1acbe401f75320e963f97627217b909a811cc94ef5e12b1d
                                                • Instruction Fuzzy Hash: 0531933B608B85D9DA60CB59E4943AEB7B0F7C8B54F208136DA8D83B69DF79D445CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A862B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: QueryVirtual
                                                • String ID: tsht4hcm$tsht4hcm
                                                • API String ID: 1804819252-3558135234
                                                • Opcode ID: 40ba760d42b93e6c2bd5b8442d120c6eaf862f0567224e29d32e325361f10f84
                                                • Instruction ID: b452e86c35d2ebd5b42af36faa3949b967bdaffd70dd9c03f67fd40f323c291b
                                                • Opcode Fuzzy Hash: 40ba760d42b93e6c2bd5b8442d120c6eaf862f0567224e29d32e325361f10f84
                                                • Instruction Fuzzy Hash: 81112132619B8592EE708B55E45022D63B4F789B84FA00131EA8D87759DF7CD5518B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA776C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF600AA618B), ref: 00007FF600AA77B0
                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF600AA618B), ref: 00007FF600AA77F6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ExceptionFileHeaderRaise
                                                • String ID: csm
                                                • API String ID: 2573137834-1018135373
                                                • Opcode ID: 4f3f7345df6f96bff431966ebe2ea5f19f9e6cbb0fb33d4497012f866a581803
                                                • Instruction ID: c83b0a03115f72db83965a9327ee47c97a9ccc773adea1bfb159b6d6d3821d1e
                                                • Opcode Fuzzy Hash: 4f3f7345df6f96bff431966ebe2ea5f19f9e6cbb0fb33d4497012f866a581803
                                                • Instruction Fuzzy Hash: 40113A32A1CB4192EB218F25E94026AB7A5FB89B88F384230DF8D47799DF3DD5518B00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA05B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 75%
                                                			E00007FF67FF600AA05B0(void* __edx, long long __rbx, long long __rcx, long long _a8, long long _a16) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t19;
				long long _t23;
				void* _t41;

				_a16 = __rbx;
				_a8 = __rcx;
				_t23 =  &_a8;
				_v24 = 0;
				r8d = __edx;
				_v32 = 0;
				r9d = 0x400;
				_v40 = _t23;
				_a8 = 0;
				asm("push es");
				 *((intOrPtr*)(_t23 - 0x75)) =  *((intOrPtr*)(_t23 - 0x75)) + _t19;
				 *((long long*)(__rcx)) = 0;
				 *((long long*)(__rcx + 0x10)) = 0;
				 *((long long*)(__rcx + 0x18)) = 0xf;
				_t34 =  !=  ? _t23 : "No error text available";
				 *((intOrPtr*)(__rcx)) = dil;
				if ( *((intOrPtr*)(( !=  ? _t23 : "No error text available") + 0xffffffff)) != dil) goto 0xaa0620;
				E00007FF67FF600AA0790(_t23, __rcx, __rcx,  !=  ? _t23 : "No error text available", 0, _t41);
				return LocalFree(??);
			}









                                                0x7ff600aa05b0
                                                0x7ff600aa05b5
                                                0x7ff600aa05c1
                                                0x7ff600aa05c6
                                                0x7ff600aa05ce
                                                0x7ff600aa05d1
                                                0x7ff600aa05d5
                                                0x7ff600aa05db
                                                0x7ff600aa05e2
                                                0x7ff600aa05f0
                                                0x7ff600aa05f1
                                                0x7ff600aa0601
                                                0x7ff600aa0604
                                                0x7ff600aa060f
                                                0x7ff600aa0617
                                                0x7ff600aa061b
                                                0x7ff600aa0627
                                                0x7ff600aa062c
                                                0x7ff600aa0649

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FormatFreeLocalMessage
                                                • String ID: No error text available
                                                • API String ID: 1427518018-2999911446
                                                • Opcode ID: ff3ef9cfbabb0a592b9151d94ff4083e154102718c48f506f7f190edf2eee086
                                                • Instruction ID: 4a1e5441935db884e76226d49a60ad4802ec3b3712a188a7c7a3aa9a9f71670e
                                                • Opcode Fuzzy Hash: ff3ef9cfbabb0a592b9151d94ff4083e154102718c48f506f7f190edf2eee086
                                                • Instruction Fuzzy Hash: 35016D32A0CB8096E7108F55F80021AF7A4FB89BE4F145235EAAD43BE9DFBCD1508740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AA0650 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 45%
                                                			E00007FF67FF600AA0650(void* __edx, long long __rbx, long long __rcx, long long _a8, long long _a16) {
				long long _v24;
				long long _v32;
				long long _v40;
				void* __rdi;
				void* _t20;
				short _t22;
				long long _t25;
				void* _t38;
				void* _t39;

				_a16 = __rbx;
				_a8 = __rcx;
				_t25 =  &_a8;
				_v24 = 0;
				r8d = __edx;
				_v32 = 0;
				r9d = 0x400;
				_v40 = _t25;
				_a8 = 0;
				asm("push es");
				 *((intOrPtr*)(_t25 - 0x75)) =  *((intOrPtr*)(_t25 - 0x75)) + _t20;
				 *((long long*)(__rcx)) = 0;
				 *((long long*)(__rcx + 0x10)) = 0;
				 *((long long*)(__rcx + 0x18)) = 7;
				_t36 =  !=  ? _t25 : L"No error text available";
				 *((short*)(__rcx)) = _t22;
				if ( *((intOrPtr*)(( !=  ? _t25 : L"No error text available") + 0xfffffffffffffffe)) != _t22) goto 0xaa06c0;
				E00007FF67FF600AA08F0(_t25, __rcx, __rcx,  !=  ? _t25 : L"No error text available", 0, _t38, _t39, 0);
				return LocalFree(??);
			}












                                                0x7ff600aa0650
                                                0x7ff600aa0655
                                                0x7ff600aa0661
                                                0x7ff600aa0666
                                                0x7ff600aa066e
                                                0x7ff600aa0671
                                                0x7ff600aa0675
                                                0x7ff600aa067b
                                                0x7ff600aa0682
                                                0x7ff600aa0690
                                                0x7ff600aa0691
                                                0x7ff600aa06a1
                                                0x7ff600aa06a4
                                                0x7ff600aa06af
                                                0x7ff600aa06b7
                                                0x7ff600aa06bb
                                                0x7ff600aa06c8
                                                0x7ff600aa06cd
                                                0x7ff600aa06ea

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FormatFreeLocalMessage
                                                • String ID: No error text available
                                                • API String ID: 1427518018-2999911446
                                                • Opcode ID: 6ca003cd39ea40fb34ce324bc10fc530a6a0e857d9e839f1d65fe165cf96dd32
                                                • Instruction ID: b4ed9cb3c27d50a07cfe571ca1483edf714b7f55a913d10fe567347a761db6d0
                                                • Opcode Fuzzy Hash: 6ca003cd39ea40fb34ce324bc10fc530a6a0e857d9e839f1d65fe165cf96dd32
                                                • Instruction Fuzzy Hash: 1C012D32A08B4092D7009F55F94021AF3A4FB89BE4F144235EAAD43BECDFBCD5548740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A79830 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 29%
                                                			E00007FF67FF600A79830(long long __rcx, long long __rdx, long long _a8, long long _a16, intOrPtr _a24) {
				char _v20;
				char _v24;
				long long _v40;
				int _t16;
				void* _t17;
				void* _t22;
				void* _t31;

				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				_v20 = 0;
				_v40 = 0;
				r8d = _a24;
				_t16 = ReadFile(??, ??, ??, ??, ??);
				if (_t22 == 0) goto 0xa79897;
				if (_v24 != _a24) goto 0xa79880;
				_v20 = 1;
				goto 0xa79895;
				r8d = _a24;
				_t17 = E00007FF67FF600A76710(_t16, L"ReadFromPipe: Error reading from pipe: Number read was %d, requested was %d\n", _v24, _t31,  &_v24);
				goto 0xa798a3;
				E00007FF67FF600A76710(_t17, L"ReadFromPipe: Error reading from pipe: ReadFile returned False\n", _v24, _t31,  &_v24);
				return _v20;
			}










                                                0x7ff600a79830
                                                0x7ff600a79835
                                                0x7ff600a7983a
                                                0x7ff600a79843
                                                0x7ff600a79848
                                                0x7ff600a79856
                                                0x7ff600a79865
                                                0x7ff600a7986d
                                                0x7ff600a79877
                                                0x7ff600a79879
                                                0x7ff600a7987e
                                                0x7ff600a79880
                                                0x7ff600a79890
                                                0x7ff600a79895
                                                0x7ff600a7989e
                                                0x7ff600a798ab

                                                APIs
                                                Strings
                                                • ReadFromPipe: Error reading from pipe: Number read was %d, requested was %d, xrefs: 00007FF600A79889
                                                • ReadFromPipe: Error reading from pipe: ReadFile returned False, xrefs: 00007FF600A79897
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: ReadFromPipe: Error reading from pipe: Number read was %d, requested was %d$ReadFromPipe: Error reading from pipe: ReadFile returned False
                                                • API String ID: 2738559852-1158638750
                                                • Opcode ID: 70f129d4f83fd65e00c83257ae528ca63c73aaea1483a7119805e65318db3e95
                                                • Instruction ID: adea67aab9656e0e1cff628b0caf7c9f4fe82e5b2ce8df6b2346bb6da9512fd3
                                                • Opcode Fuzzy Hash: 70f129d4f83fd65e00c83257ae528ca63c73aaea1483a7119805e65318db3e95
                                                • Instruction Fuzzy Hash: 35011A32A2C682A6E750CB11E84076BB760FB86784F605036F68E82B5ECF7CE404CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600AB225C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastLibraryLoad
                                                • String ID: api-ms-
                                                • API String ID: 3568775529-2084034818
                                                • Opcode ID: 2bd56ead6a1fef1d124e2bbe0de0befe0ed98dced4cd4e91b6eb78d32299d5d2
                                                • Instruction ID: 2fb1ac55990e9a4be8e725b4f08fa40cd0cc29436317e0276a57b5b3440a8973
                                                • Opcode Fuzzy Hash: 2bd56ead6a1fef1d124e2bbe0de0befe0ed98dced4cd4e91b6eb78d32299d5d2
                                                • Instruction Fuzzy Hash: B7F0E511F2C506A1FB645B6658402B412819F8BB40F684430CE0DC1B5AEF2DB5C78700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF600A8EBD0 Relevance: 5.2, APIs: 4, Instructions: 151memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 80%
                                                			E00007FF67FF600A8EBD0(long long __rax, long long __rcx, long long __rdx, long long __r9, long long _a8, long long _a16, signed int _a24, long long _a32, long long _a40, long long _a48, long long _a56, long long _a64) {
				signed int _v20;
				void* _v24;
				long long _v28;
				long long _v32;
				long long _v40;
				void* _v48;
				signed int _v56;
				signed int _v60;
				long long _v64;
				void* _v72;
				long long _v88;
				void* _t115;
				void* _t116;
				void* _t117;
				long long _t122;
				long long _t124;
				signed int _t125;
				intOrPtr _t141;
				signed long long _t144;
				signed long long _t146;
				long long _t158;
				void* _t200;

				_t124 = __rax;
				_a32 = __r9;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a56 == 0) goto 0xa8ec06;
				E00007FF67FF600ACF020(_t116, __rax, _a56, __r9);
				_v24 = _t124;
				goto 0xa8ec0e;
				_v24 = 0;
				_t125 = _v24;
				_v60 = _t125;
				if (_a64 == 0) goto 0xa8ec34;
				E00007FF67FF600ACF020(_t116, _t125, _a64, __r9);
				_v20 = _t125;
				goto 0xa8ec3c;
				_v20 = 0;
				_v56 = _v20;
				_v64 = (_v60 << 1) + 0x2b6 + _a24 * 4 + (_v56 << 1) + 4;
				asm("pop es");
				 *((intOrPtr*)(_v64 - 0x77)) =  *((intOrPtr*)(_v64 - 0x77)) + _t117;
				if (_v48 == 0) goto 0xa8ee8e;
				_v28 = 0;
				 *_v48 = _v64;
				 *((long long*)(_v48 + 0x18)) = _a24;
				E00007FF67FF600AA7840();
				_t42 = _a24 * 4; // 0x1c
				_v72 = _v48 + _t42 + 0x1c;
				 *_v72 = (_v60 << 1) + (_v56 << 1) + 0x29e;
				 *((long long*)(_v72 + 0x2c)) = _a40;
				_t141 = _v72;
				 *((long long*)(_t141 + 0x30)) = _a48;
				 *((long long*)(_t141 - 0x7b)) =  *((long long*)(_t141 - 0x7b)) - 1;
				 *(_t200 + 0x15) =  *(_t200 + 0x15) << 0x48;
				_t144 =  *(_v72 + 0x30) | 0x10000000;
				 *(_v72 + 0x30) = _t144;
				 *((long long*)(_t144 - 0x7b)) =  *((long long*)(_t144 - 0x7b)) - 1;
				 *(_t200 + _a16 + 0x48) =  *(_t200 + _a16 + 0x48) << 0x8b;
				_t146 =  *(_t144 + 0x30) | 0x20000000;
				 *(_v72 + 0x30) = _t146;
				 *0xa9ed7f =  *0xa9ed7f + 1;
				 *(_v72 + 0x34) = _t146;
				E00007FF67FF600ACF4C4(_v72 + 0x88, _a32);
				 *(_v72 + 0x290) = _v60;
				 *((long long*)(_v72 + 0x294)) = _v56;
				_v40 = _v72 + 0x298;
				if (_a56 == 0) goto 0xa8edef;
				E00007FF67FF600ACF4C4(_v40, _a56);
				goto 0xa8edf9;
				 *_v40 = 0;
				_v40 = _v72 + ( *(_v72 + 0x290) << 1) + 0x29a;
				_t122 = _a64;
				if (_t122 == 0) goto 0xa8ee39;
				E00007FF67FF600ACF4C4(_v40, _a64);
				goto 0xa8ee43;
				_t158 = _v40;
				 *_t158 = 0;
				_v88 = 0;
				r9d = 0;
				 *_t158 =  *_t158;
				if (_t122 != 0) goto 0xa8ee4c;
				asm("invalid");
				_v28 = _t158;
				GetLastError();
				_v32 = _t158;
				_t115 = LocalFree(??);
				SetLastError(??);
				goto 0xa8ee90;
				return _t115;
			}

























                                                0x7ff600a8ebd0
                                                0x7ff600a8ebd0
                                                0x7ff600a8ebd5
                                                0x7ff600a8ebda
                                                0x7ff600a8ebdf
                                                0x7ff600a8ebf1
                                                0x7ff600a8ebfb
                                                0x7ff600a8ec00
                                                0x7ff600a8ec04
                                                0x7ff600a8ec06
                                                0x7ff600a8ec0e
                                                0x7ff600a8ec12
                                                0x7ff600a8ec1f
                                                0x7ff600a8ec29
                                                0x7ff600a8ec2e
                                                0x7ff600a8ec32
                                                0x7ff600a8ec34
                                                0x7ff600a8ec40
                                                0x7ff600a8ec68
                                                0x7ff600a8ec7c
                                                0x7ff600a8ec7d
                                                0x7ff600a8ec89
                                                0x7ff600a8ec8f
                                                0x7ff600a8eca0
                                                0x7ff600a8ecae
                                                0x7ff600a8ecd0
                                                0x7ff600a8ece1
                                                0x7ff600a8ece6
                                                0x7ff600a8ed08
                                                0x7ff600a8ed16
                                                0x7ff600a8ed19
                                                0x7ff600a8ed25
                                                0x7ff600a8ed31
                                                0x7ff600a8ed34
                                                0x7ff600a8ed3f
                                                0x7ff600a8ed49
                                                0x7ff600a8ed55
                                                0x7ff600a8ed58
                                                0x7ff600a8ed63
                                                0x7ff600a8ed6d
                                                0x7ff600a8ed79
                                                0x7ff600a8ed84
                                                0x7ff600a8ed9d
                                                0x7ff600a8edab
                                                0x7ff600a8edba
                                                0x7ff600a8edcb
                                                0x7ff600a8edd9
                                                0x7ff600a8ede8
                                                0x7ff600a8eded
                                                0x7ff600a8edf4
                                                0x7ff600a8ee15
                                                0x7ff600a8ee1a
                                                0x7ff600a8ee23
                                                0x7ff600a8ee32
                                                0x7ff600a8ee37
                                                0x7ff600a8ee39
                                                0x7ff600a8ee3e
                                                0x7ff600a8ee43
                                                0x7ff600a8ee4b
                                                0x7ff600a8ee5c
                                                0x7ff600a8ee61
                                                0x7ff600a8ee63
                                                0x7ff600a8ee65
                                                0x7ff600a8ee69
                                                0x7ff600a8ee6f
                                                0x7ff600a8ee78
                                                0x7ff600a8ee82
                                                0x7ff600a8ee8c
                                                0x7ff600a8ee94

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000C.00000002.3719058179.00007FF600A71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF600A70000, based on PE: true
                                                • Associated: 0000000C.00000002.3719023909.00007FF600A70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3719999030.00007FF600B07000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720213392.00007FF600B27000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720244737.00007FF600B28000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B2F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720317708.00007FF600B34000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                • Associated: 0000000C.00000002.3720416871.00007FF600B37000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_12_2_7ff600a70000_FileOpenManager64.jbxd
                                                Similarity
                                                • API ID: ErrorLastLocal$AllocFree
                                                • String ID:
                                                • API String ID: 1353762364-0
                                                • Opcode ID: 507d80ed6cb5e3f66523d4b72691ed8448727e02ecf0d7ff8797c2975a1c1c6c
                                                • Instruction ID: 6b1bab4567aa4f13a807a8ad9e5185459306010c6e91ccd0ec6d4611f8834c9d
                                                • Opcode Fuzzy Hash: 507d80ed6cb5e3f66523d4b72691ed8448727e02ecf0d7ff8797c2975a1c1c6c
                                                • Instruction Fuzzy Hash: 7181E476618B819AD764CF19E09476EB7A1F7C8780F105039EA8E83BA9CF7DD445CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Execution Graph

                                                Execution Coverage:3%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:1.4%
                                                Total number of Nodes:874
                                                Total number of Limit Nodes:33
                                                execution_graph 46513 7ff668e106a9 46514 7ff668e106b5 46513->46514 46519 7ff668e11bd0 46514->46519 46520 7ff668e11c10 46519->46520 46534 7ff668e11cf0 46520->46534 46522 7ff668e11cb5 46523 7ff668e9d970 8 API calls 46522->46523 46524 7ff668e10620 46523->46524 46525 7ff668e9d970 46524->46525 46526 7ff668e9d979 46525->46526 46527 7ff668e1071c 46526->46527 46528 7ff668e9d9c4 IsProcessorFeaturePresent 46526->46528 46529 7ff668e9d9dc 46528->46529 46649 7ff668e9dcc8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 46529->46649 46531 7ff668e9d9ef 46650 7ff668e9d990 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 46531->46650 46535 7ff668e11d2c 46534->46535 46536 7ff668e11d35 46534->46536 46539 7ff668e9d970 8 API calls 46535->46539 46551 7ff668e11180 46536->46551 46540 7ff668e11eab 46539->46540 46540->46522 46541 7ff668e11d7b 46543 7ff668e11df0 46541->46543 46544 7ff668e11d80 46541->46544 46542 7ff668e11e25 46542->46535 46545 7ff668e11e30 7 API calls 46542->46545 46543->46535 46549 7ff668e11e00 htonl htonl 46543->46549 46546 7ff668e11dbd 46544->46546 46547 7ff668e11d85 46544->46547 46545->46535 46545->46545 46546->46535 46548 7ff668e11dc8 htonl htonl 46546->46548 46547->46535 46550 7ff668e11da0 htonl 46547->46550 46548->46535 46548->46548 46549->46535 46549->46549 46550->46535 46550->46550 46552 7ff668e111d3 46551->46552 46553 7ff668e111db 46552->46553 46583 7ff668f17144 46552->46583 46556 7ff668e9d970 8 API calls 46553->46556 46558 7ff668e11590 46556->46558 46558->46535 46558->46541 46558->46542 46561 7ff668e11217 46598 7ff668f0f674 46561->46598 46562 7ff668e1126d 46562->46561 46564 7ff668f17144 36 API calls 46562->46564 46565 7ff668e112d1 46564->46565 46566 7ff668f0f728 17 API calls 46565->46566 46567 7ff668e112dc 46566->46567 46567->46561 46594 7ff668e110c0 46567->46594 46569 7ff668e11330 46569->46561 46570 7ff668e11372 8 API calls 46569->46570 46571 7ff668e113e6 46570->46571 46571->46561 46572 7ff668f17144 36 API calls 46571->46572 46573 7ff668e1140b 46572->46573 46574 7ff668f0f728 17 API calls 46573->46574 46575 7ff668e11416 46574->46575 46575->46561 46576 7ff668e110c0 8 API calls 46575->46576 46577 7ff668e1145f 46576->46577 46577->46561 46578 7ff668f17144 36 API calls 46577->46578 46579 7ff668e114bb 46578->46579 46580 7ff668f0f728 17 API calls 46579->46580 46581 7ff668e114c6 46580->46581 46581->46561 46582 7ff668e110c0 8 API calls 46581->46582 46582->46561 46608 7ff668f17164 46583->46608 46586 7ff668f0f728 46587 7ff668f0f731 46586->46587 46588 7ff668e11213 46586->46588 46621 7ff668f14258 17 API calls 46587->46621 46588->46561 46590 7ff668e00f40 46588->46590 46591 7ff668e00f66 46590->46591 46622 7ff668f0d950 46591->46622 46595 7ff668e110f0 46594->46595 46596 7ff668e1111b 46595->46596 46646 7ff668e10f10 8 API calls 46595->46646 46596->46569 46599 7ff668f0f6a9 46598->46599 46600 7ff668f0f68b 46598->46600 46605 7ff668f0f69b 46599->46605 46647 7ff668f1ac38 EnterCriticalSection 46599->46647 46648 7ff668f14258 17 API calls 46600->46648 46602 7ff668f0f6bf 46604 7ff668f0f5f0 58 API calls 46602->46604 46606 7ff668f0f6c8 46604->46606 46605->46553 46607 7ff668f1ac44 LeaveCriticalSection 46606->46607 46607->46605 46609 7ff668e11208 46608->46609 46610 7ff668f1718e 46608->46610 46609->46586 46610->46609 46611 7ff668f171da 46610->46611 46615 7ff668f1719d 46610->46615 46619 7ff668f1ac38 EnterCriticalSection 46611->46619 46613 7ff668f171e2 46614 7ff668f16ee4 34 API calls 46613->46614 46616 7ff668f171f9 46614->46616 46620 7ff668f14258 17 API calls 46615->46620 46618 7ff668f1ac44 LeaveCriticalSection 46616->46618 46618->46609 46620->46609 46621->46588 46623 7ff668f0d99e 46622->46623 46625 7ff668f0d986 46622->46625 46624 7ff668f0d9a3 46623->46624 46623->46625 46634 7ff668ee6c10 46624->46634 46633 7ff668f14258 17 API calls 46625->46633 46627 7ff668f0d996 46631 7ff668e9d970 8 API calls 46627->46631 46632 7ff668e00f89 46631->46632 46632->46562 46633->46627 46635 7ff668ee6c34 46634->46635 46636 7ff668ee6c2f 46634->46636 46635->46636 46643 7ff668f299b4 31 API calls 46635->46643 46642 7ff668f0a7e8 33 API calls 46636->46642 46638 7ff668ee6c4f 46644 7ff668f29c70 31 API calls 46638->46644 46640 7ff668ee6c72 46645 7ff668f29ca4 31 API calls 46640->46645 46642->46627 46643->46638 46644->46640 46645->46636 46646->46596 46648->46605 46649->46531 46651 7ff668e001a0 46654 7ff668e091d0 GetSystemInfo 46651->46654 46653 7ff668e001ad 46654->46653 46655 7ff668dd6de0 46668 7ff668ddd050 VirtualQuery 46655->46668 46658 7ff668dd6e1a 46675 7ff668dd6f50 GetVersion 46658->46675 46659 7ff668dd6e0b GetModuleHandleW 46659->46658 46661 7ff668dd6e3e 46662 7ff668dd6e1f 46662->46661 46677 7ff668de7c70 46662->46677 46669 7ff668ddd08f 46668->46669 46670 7ff668ddd0c2 GetModuleFileNameA 46669->46670 46671 7ff668dd6e07 46669->46671 46672 7ff668ddd0e1 46670->46672 46671->46658 46671->46659 46673 7ff668ddd102 46672->46673 46674 7ff668ddd114 GetLastError 46672->46674 46673->46671 46674->46671 46676 7ff668dd6f63 46675->46676 46676->46662 46678 7ff668de7c7e 46677->46678 46679 7ff668dd6e34 46677->46679 46691 7ff668e9dda0 46678->46691 46683 7ff668de34b0 InitializeCriticalSection 46679->46683 46681 7ff668de7c88 46682 7ff668de7caf InitializeCriticalSection 46681->46682 46682->46679 46684 7ff668e9dda0 4 API calls 46683->46684 46685 7ff668dd6e39 46684->46685 46686 7ff668de7b30 46685->46686 46703 7ff668de7640 46686->46703 46689 7ff668de7640 35 API calls 46690 7ff668de7b66 46689->46690 46690->46661 46693 7ff668e9ddab 46691->46693 46692 7ff668e9ddc4 46692->46681 46693->46692 46695 7ff668e9ddca 46693->46695 46700 7ff668f1acd8 EnterCriticalSection LeaveCriticalSection 46693->46700 46696 7ff668e9ddd5 46695->46696 46701 7ff668e9e644 RtlPcToFileHeader RaiseException 46695->46701 46702 7ff668e9e664 RtlPcToFileHeader RaiseException 46696->46702 46699 7ff668e9dddb 46700->46693 46702->46699 46704 7ff668de7670 46703->46704 46705 7ff668de7aa1 46704->46705 46710 7ff668de7695 46704->46710 46706 7ff668de6620 GetVersionExW 46705->46706 46707 7ff668de7aa6 46706->46707 46708 7ff668de7aad 46707->46708 46709 7ff668de7abc InitializeSecurityDescriptor SetSecurityDescriptorDacl 46707->46709 46751 7ff668de73c0 8 API calls 46708->46751 46726 7ff668de7a9f 46709->46726 46712 7ff668de7707 GetModuleHandleA GetProcAddress 46710->46712 46714 7ff668de7735 AllocateAndInitializeSid 46712->46714 46715 7ff668de7a10 InitializeSecurityDescriptor SetSecurityDescriptorDacl 46712->46715 46713 7ff668de7aba 46713->46726 46714->46715 46716 7ff668de778f AllocateAndInitializeSid 46714->46716 46717 7ff668de7a5a 46715->46717 46718 7ff668de7a4c FreeSid 46715->46718 46716->46715 46719 7ff668de77ec GetCurrentProcess 46716->46719 46720 7ff668de7a73 46717->46720 46721 7ff668de7a65 FreeSid 46717->46721 46718->46717 46734 7ff668dd5270 OpenProcessToken 46719->46734 46723 7ff668de7a7e FreeSid 46720->46723 46724 7ff668de7a8c 46720->46724 46721->46720 46723->46724 46725 7ff668de7a94 LocalFree 46724->46725 46724->46726 46725->46726 46726->46689 46727 7ff668de77ff 46727->46715 46746 7ff668de6620 46727->46746 46730 7ff668de7953 46732 7ff668de79ce 46730->46732 46733 7ff668de79ac SetEntriesInAclA 46730->46733 46731 7ff668de78f7 AllocateAndInitializeSid 46731->46730 46732->46715 46733->46732 46735 7ff668dd52a3 GetTokenInformation 46734->46735 46736 7ff668dd536b GetLastError 46734->46736 46737 7ff668dd52d5 LocalAlloc 46735->46737 46738 7ff668dd52cf GetLastError 46735->46738 46739 7ff668dd5371 46736->46739 46740 7ff668dd52fe GetTokenInformation 46737->46740 46741 7ff668dd5358 GetLastError 46737->46741 46738->46737 46739->46727 46742 7ff668dd532d 46740->46742 46743 7ff668dd5337 GetLastError LocalFree 46740->46743 46744 7ff668dd535e CloseHandle 46741->46744 46742->46744 46743->46742 46745 7ff668dd5350 GetLastError 46743->46745 46744->46739 46745->46742 46747 7ff668de668f 46746->46747 46748 7ff668de6630 46746->46748 46747->46730 46747->46731 46749 7ff668de6642 GetVersionExW 46748->46749 46750 7ff668de665c 46749->46750 46750->46747 46751->46713 46752 7ff668dd7760 46761 7ff668dd6f80 46752->46761 46754 7ff668dd7785 46755 7ff668dd77dc 46754->46755 46756 7ff668dd77a8 46754->46756 46759 7ff668dd77d3 46754->46759 46808 7ff668dda8a0 65 API calls 46755->46808 46775 7ff668dd8180 GetCurrentProcess GetCurrentProcess GetCurrentProcess DuplicateHandle 46756->46775 46760 7ff668dd77fd 46760->46759 46762 7ff668dd6f94 GetCurrentProcess OpenProcessToken 46761->46762 46763 7ff668dd6f8f 46761->46763 46762->46763 46764 7ff668dd6fb5 GetTokenInformation 46762->46764 46763->46754 46765 7ff668dd6fe0 LocalAlloc GetTokenInformation 46764->46765 46766 7ff668dd71c1 FindCloseChangeNotification 46764->46766 46767 7ff668dd71b5 LocalFree 46765->46767 46768 7ff668dd702b LookupPrivilegeValueW 46765->46768 46766->46763 46767->46766 46769 7ff668dd7053 LookupPrivilegeValueW 46768->46769 46770 7ff668dd7043 46768->46770 46771 7ff668dd707b LookupPrivilegeValueW 46769->46771 46772 7ff668dd706b 46769->46772 46770->46769 46773 7ff668dd7093 AdjustTokenPrivileges 46771->46773 46772->46771 46773->46767 46776 7ff668dd8202 46775->46776 46777 7ff668dd8224 46775->46777 46809 7ff668dd72d0 46776->46809 46779 7ff668dd8246 EnterCriticalSection 46777->46779 46781 7ff668dd823f 46777->46781 46858 7ff668dd7200 InitializeCriticalSection 46777->46858 46786 7ff668dd8263 46779->46786 46780 7ff668dd8211 SetLastError FindCloseChangeNotification 46780->46777 46781->46779 46783 7ff668dd82c8 LeaveCriticalSection 46784 7ff668dd82e2 46783->46784 46800 7ff668dd8450 46783->46800 46830 7ff668dd80e0 46784->46830 46786->46783 46787 7ff668dd82bf 46786->46787 46859 7ff668f0dc28 31 API calls 46786->46859 46787->46783 46791 7ff668dd830b 46797 7ff668de7640 35 API calls 46791->46797 46799 7ff668dd835b LocalAlloc 46791->46799 46793 7ff668dd83a2 NtCreatePort 46854 7ff668dd8720 46793->46854 46797->46799 46798 7ff668dd8439 LocalFree 46801 7ff668dd8447 46798->46801 46799->46793 46800->46759 46801->46800 46802 7ff668dd8485 LocalAlloc lstrlenA LocalAlloc lstrcpyA 46801->46802 46803 7ff668e9dda0 4 API calls 46802->46803 46804 7ff668dd84ec 7 API calls 46803->46804 46856 7ff668ddb450 46804->46856 46807 7ff668dd86c2 LeaveCriticalSection 46807->46800 46808->46760 46860 7ff668ddd8d0 46809->46860 46812 7ff668ddd8d0 46813 7ff668dd7363 GetProcAddress 46812->46813 46814 7ff668ddd8d0 46813->46814 46815 7ff668dd7396 GetProcAddress 46814->46815 46816 7ff668ddd8d0 46815->46816 46817 7ff668dd73c9 GetProcAddress 46816->46817 46818 7ff668dd770d FreeLibrary 46817->46818 46822 7ff668dd73ee 46817->46822 46818->46780 46819 7ff668dd7702 LocalFree 46819->46818 46820 7ff668dd74ca AllocateAndInitializeSid 46820->46819 46821 7ff668dd752f 46820->46821 46823 7ff668de6620 GetVersionExW 46821->46823 46822->46818 46822->46819 46822->46820 46824 7ff668dd7593 46823->46824 46825 7ff668dd759e AllocateAndInitializeSid 46824->46825 46828 7ff668dd75fa 46824->46828 46825->46828 46826 7ff668dd76db FreeSid 46826->46819 46827 7ff668dd76f4 FreeSid 46826->46827 46827->46819 46828->46826 46829 7ff668dd76c2 LocalFree 46828->46829 46829->46826 46831 7ff668dd80ee 46830->46831 46832 7ff668dd8165 46830->46832 46862 7ff668dddb30 VirtualQuery GetModuleHandleW 46831->46862 46844 7ff668dd8000 46832->46844 46834 7ff668dd80fc 46863 7ff668dddb30 VirtualQuery GetModuleHandleW 46834->46863 46836 7ff668dd8111 46864 7ff668dddb30 VirtualQuery GetModuleHandleW 46836->46864 46838 7ff668dd8126 46865 7ff668dddb30 VirtualQuery GetModuleHandleW 46838->46865 46840 7ff668dd813b 46866 7ff668dddb30 VirtualQuery GetModuleHandleW 46840->46866 46842 7ff668dd8150 46867 7ff668dddb30 VirtualQuery GetModuleHandleW 46842->46867 46845 7ff668dd8025 46844->46845 46868 7ff668dde210 46845->46868 46849 7ff668dd8047 46850 7ff668dd8051 LocalAlloc 46849->46850 46851 7ff668dd8073 46850->46851 46887 7ff668dde460 46851->46887 46855 7ff668dd8411 LocalFree LocalFree 46854->46855 46855->46798 46855->46801 46857 7ff668ddb474 46856->46857 46857->46807 46858->46781 46859->46786 46861 7ff668dd7305 LoadLibraryA 46860->46861 46861->46812 46862->46834 46863->46836 46864->46838 46865->46840 46866->46842 46867->46832 46870 7ff668dde241 46868->46870 46893 7ff668dde1d0 GetProcessHeap HeapAlloc 46870->46893 46871 7ff668dde288 46872 7ff668dd8035 46871->46872 46894 7ff668ddde00 SetLastError SetLastError SetLastError 46871->46894 46874 7ff668ddf130 46872->46874 46875 7ff668ddf150 46874->46875 46886 7ff668ddf146 46874->46886 46876 7ff668ddf15b 46875->46876 46878 7ff668ddf174 46875->46878 46895 7ff668dde8c0 7 API calls 46876->46895 46879 7ff668ddf210 46878->46879 46896 7ff668dde1d0 GetProcessHeap HeapAlloc 46878->46896 46898 7ff668ddde00 SetLastError SetLastError SetLastError 46879->46898 46882 7ff668ddf259 46882->46886 46899 7ff668dddd70 GetProcessHeap HeapFree 46882->46899 46883 7ff668ddf1ec 46897 7ff668dddd70 GetProcessHeap HeapFree 46883->46897 46886->46849 46888 7ff668dde476 46887->46888 46889 7ff668dde483 46887->46889 46900 7ff668dddd70 GetProcessHeap HeapFree 46888->46900 46891 7ff668dd80d2 46889->46891 46901 7ff668dddd70 GetProcessHeap HeapFree 46889->46901 46891->46791 46893->46871 46894->46872 46895->46886 46896->46883 46897->46879 46898->46882 46899->46886 46900->46889 46901->46891 46902 7ff668dd8de0 46917 7ff668dd8e21 46902->46917 46903 7ff668dd8e2c LocalAlloc 46904 7ff668dd8eb0 NtReplyWaitReceivePort 46903->46904 46903->46917 46904->46917 46905 7ff668dd8ee1 CloseHandle 46905->46917 46906 7ff668dd8e63 NtReplyWaitReceivePortEx 46906->46917 46907 7ff668dd9325 LocalFree 46907->46917 46908 7ff668dd934d 46909 7ff668dd8f80 46911 7ff668dd8f8c NtAcceptConnectPort 46909->46911 46910 7ff668dd8ff6 GetCurrentProcessId LocalAlloc 46910->46917 46912 7ff668dd8720 46911->46912 46914 7ff668dd8fca LocalFree 46912->46914 46913 7ff668dd903b NtAcceptConnectPort 46913->46917 46914->46908 46915 7ff668dd9097 LocalAlloc 46918 7ff668dd90ec 46915->46918 46916 7ff668dd92c4 NtAcceptConnectPort 46916->46917 46917->46903 46917->46904 46917->46905 46917->46906 46917->46907 46917->46908 46917->46909 46917->46910 46917->46913 46917->46915 46917->46916 46919 7ff668dd914a NtCompleteConnectPort 46917->46919 46920 7ff668dd930d LocalFree 46917->46920 46923 7ff668dd9318 LocalFree 46917->46923 46924 7ff668dd92ab LocalFree 46917->46924 46925 7ff668dd91ce SetEvent 46917->46925 46926 7ff668dd91fc EnterCriticalSection 46917->46926 46927 7ff668dd926d LeaveCriticalSection ReleaseSemaphore 46917->46927 46922 7ff668dd9129 LocalFree 46918->46922 46928 7ff668dd9b50 46919->46928 46920->46923 46922->46917 46923->46917 46924->46917 46925->46917 46926->46917 46927->46917 46929 7ff668dd9b89 46928->46929 46930 7ff668dd9b7a 46928->46930 46929->46917 46930->46929 46931 7ff668dd9c03 46930->46931 46932 7ff668dd9bc3 46930->46932 46934 7ff668e9cb24 17 API calls 46931->46934 46933 7ff668e9cb24 17 API calls 46932->46933 46935 7ff668dd9c01 46933->46935 46936 7ff668dd9c36 lstrlenA 46934->46936 46935->46936 46937 7ff668dd9d57 46936->46937 46938 7ff668dd9c58 46936->46938 47017 7ff668e9cb24 46937->47017 47000 7ff668de6950 46938->47000 46941 7ff668dd9dae 47021 7ff668de6f70 46941->47021 46942 7ff668dd9ca9 46943 7ff668dd9cd6 lstrcatA 46942->46943 47038 7ff668de6fd0 10 API calls 46943->47038 46947 7ff668dd9cf7 46951 7ff668dd9d25 lstrcatA 46947->46951 46948 7ff668dda083 46953 7ff668dda0a5 lstrcatA 46948->46953 46949 7ff668dd9e53 46955 7ff668e9cb24 17 API calls 46949->46955 46950 7ff668dd9e06 46952 7ff668e9cb24 17 API calls 46950->46952 47039 7ff668de6fd0 10 API calls 46951->47039 46956 7ff668dd9e51 46952->46956 47040 7ff668de7130 10 API calls 46953->47040 46959 7ff668dd9e93 lstrlenA 46955->46959 46956->46959 46958 7ff668dd9d46 46962 7ff668dda275 MapViewOfFile 46958->46962 46970 7ff668dda2a6 46958->46970 46961 7ff668dd9ec7 46959->46961 46960 7ff668dda0c1 46963 7ff668dda0ef lstrcatA 46960->46963 46964 7ff668de6f70 56 API calls 46961->46964 46962->46970 47041 7ff668de7130 10 API calls 46963->47041 46966 7ff668dd9ed6 46964->46966 46969 7ff668dd9fe9 46966->46969 46974 7ff668de6620 GetVersionExW 46966->46974 46967 7ff668dda32f 47044 7ff668dda390 8 API calls 46967->47044 46968 7ff668dda10b 46968->46958 46976 7ff668dda134 46968->46976 46977 7ff668dda181 46968->46977 46972 7ff668dda03e 46969->46972 46973 7ff668dd9ffe 46969->46973 46970->46929 46970->46967 46975 7ff668e9cb24 17 API calls 46972->46975 46978 7ff668e9cb24 17 API calls 46973->46978 46979 7ff668dd9ef8 46974->46979 46981 7ff668dda071 lstrlenA 46975->46981 46982 7ff668e9cb24 17 API calls 46976->46982 46980 7ff668e9cb24 17 API calls 46977->46980 46983 7ff668dda03c 46978->46983 46979->46969 47024 7ff668dd9990 GetModuleHandleA GetProcAddress 46979->47024 46985 7ff668dda1c1 lstrlenA 46980->46985 46981->46948 46986 7ff668dda17f 46982->46986 46983->46981 46988 7ff668ddd8d0 46985->46988 46986->46985 46989 7ff668dda1f5 lstrcatA 46988->46989 47042 7ff668de7130 10 API calls 46989->47042 46990 7ff668e9cb24 17 API calls 46992 7ff668dd9f5b 46990->46992 46994 7ff668e9cb24 17 API calls 46992->46994 46993 7ff668dda211 46996 7ff668dda23f lstrcatA 46993->46996 46995 7ff668dd9fa6 lstrlenA 46994->46995 46997 7ff668dd9fda 46995->46997 47043 7ff668de7130 10 API calls 46996->47043 46999 7ff668de6f70 56 API calls 46997->46999 46999->46969 47001 7ff668de6981 47000->47001 47002 7ff668de6a29 47000->47002 47006 7ff668dde210 5 API calls 47001->47006 47003 7ff668de6ac7 47002->47003 47004 7ff668de6a45 47002->47004 47005 7ff668de6a3f GetLastError 47002->47005 47003->46942 47007 7ff668dde210 5 API calls 47004->47007 47005->47004 47008 7ff668de69aa 47006->47008 47009 7ff668de6a5a 47007->47009 47010 7ff668ddf130 7 API calls 47008->47010 47012 7ff668de6a64 47009->47012 47011 7ff668de69bc 47010->47011 47015 7ff668de69ec CreateFileMappingW 47011->47015 47013 7ff668de6a8a CreateFileMappingW 47012->47013 47014 7ff668dde460 2 API calls 47013->47014 47014->47003 47016 7ff668dde460 2 API calls 47015->47016 47016->47002 47018 7ff668e9cb49 47017->47018 47045 7ff668ef76cc 47018->47045 47050 7ff668de6d90 47021->47050 47025 7ff668dd9b43 47024->47025 47026 7ff668dd99d3 OpenProcess 47024->47026 47025->46969 47025->46990 47026->47025 47027 7ff668dd99f9 OpenProcessToken 47026->47027 47028 7ff668dd9a16 GetAppContainerNamedObjectPath 47027->47028 47029 7ff668dd9b38 CloseHandle 47027->47029 47030 7ff668dd9a3d 47028->47030 47032 7ff668dd9a59 47028->47032 47029->47025 47031 7ff668dd9b2d FindCloseChangeNotification 47030->47031 47031->47029 47032->47031 47035 7ff668dd9a8f 47032->47035 47075 7ff668dddb30 VirtualQuery GetModuleHandleW 47032->47075 47034 7ff668dd9aa4 LocalAlloc 47036 7ff668dd9aee 47034->47036 47035->47031 47035->47034 47037 7ff668dd9b1f LocalFree 47036->47037 47037->47031 47038->46947 47039->46958 47040->46960 47041->46968 47042->46993 47043->46958 47044->46929 47047 7ff668ef76da 47045->47047 47048 7ff668e9cb65 47047->47048 47049 7ff668f14258 17 API calls 47047->47049 47048->46941 47049->47048 47052 7ff668de6dc0 47050->47052 47051 7ff668de6e3f 47053 7ff668de6e94 47051->47053 47054 7ff668de6e51 GetLastError 47051->47054 47055 7ff668de6e57 47051->47055 47052->47051 47059 7ff668dde210 5 API calls 47052->47059 47056 7ff668dd9ddf 47053->47056 47057 7ff668de6e9c GetLastError 47053->47057 47054->47055 47058 7ff668dde210 5 API calls 47055->47058 47056->46948 47056->46949 47056->46950 47060 7ff668de6eb2 GetLastError 47057->47060 47061 7ff668de6ea7 GetLastError 47057->47061 47062 7ff668de6e6c 47058->47062 47063 7ff668de6e05 47059->47063 47074 7ff668de6ae0 41 API calls 47060->47074 47061->47056 47061->47060 47067 7ff668de6e76 OpenFileMappingW 47062->47067 47065 7ff668ddf130 7 API calls 47063->47065 47068 7ff668de6e17 47065->47068 47066 7ff668de6ecc 47069 7ff668de6ee3 SetLastError 47066->47069 47070 7ff668de6ed9 SetLastError 47066->47070 47071 7ff668dde460 2 API calls 47067->47071 47072 7ff668de6e21 OpenFileMappingW 47068->47072 47069->47056 47070->47056 47071->47053 47073 7ff668dde460 2 API calls 47072->47073 47073->47051 47074->47066 47075->47035 47076 7ff668e00110 47081 7ff668e957c0 47076->47081 47080 7ff668e9e2e1 47089 7ff668e96730 GetVersionExA 47081->47089 47085 7ff668e9589b 47119 7ff668e959c0 GetVolumeInformationA 47085->47119 47088 7ff668e9e27c 24 API calls 47088->47080 47090 7ff668e967e9 GetModuleHandleA GetProcAddress 47089->47090 47091 7ff668e967ca GetVersionExA 47089->47091 47092 7ff668e96810 GetNativeSystemInfo 47090->47092 47093 7ff668e96814 GetSystemInfo 47090->47093 47091->47090 47094 7ff668e967df 47091->47094 47103 7ff668e9681a 47092->47103 47093->47103 47095 7ff668e976e3 47094->47095 47096 7ff668e9d970 8 API calls 47095->47096 47097 7ff668e95828 47096->47097 47107 7ff668e963d0 LoadLibraryA 47097->47107 47098 7ff668e96fbd 47099 7ff668e96fd1 GetSystemMetrics 47098->47099 47105 7ff668e96848 47098->47105 47099->47105 47100 7ff668e96be6 GetModuleHandleA GetProcAddress 47102 7ff668e96c1b 47100->47102 47101 7ff668e9694a 47101->47100 47102->47098 47103->47095 47103->47098 47103->47100 47103->47101 47103->47105 47104 7ff668e976cb GetNativeSystemInfo 47104->47095 47105->47104 47106 7ff668e9765e 47105->47106 47106->47104 47108 7ff668e96400 GetProcAddress 47107->47108 47109 7ff668e96555 FreeLibrary 47107->47109 47108->47109 47110 7ff668e9641c GetAdaptersInfo 47108->47110 47109->47085 47111 7ff668e9644f 47110->47111 47112 7ff668e96545 FreeLibrary 47110->47112 47111->47112 47114 7ff668e96464 GetAdaptersInfo 47111->47114 47113 7ff668e9650e 47112->47113 47113->47085 47114->47112 47115 7ff668e96476 47114->47115 47116 7ff668e964d4 47115->47116 47118 7ff668e9653d 47115->47118 47117 7ff668e96503 FreeLibrary 47116->47117 47117->47113 47118->47112 47120 7ff668e95a24 GetSystemInfo 47119->47120 47121 7ff668e95a1d 47119->47121 47120->47121 47122 7ff668e9d970 8 API calls 47121->47122 47123 7ff668e00120 47122->47123 47123->47088 47124 7ff668e000f0 47125 7ff668e957c0 27 API calls 47124->47125 47126 7ff668e00100 47125->47126 47129 7ff668e9e27c 24 API calls 47126->47129 47128 7ff668e9e2e1 47129->47128 47130 7ff668dd7850 GetLastError 47131 7ff668dd78b1 47130->47131 47132 7ff668dd78bc 47131->47132 47134 7ff668dd7c62 47131->47134 47189 7ff668dda5d0 47132->47189 47137 7ff668dd9b50 95 API calls 47134->47137 47145 7ff668dd7c51 47134->47145 47135 7ff668dd78d6 GetCurrentProcessId GetCurrentProcessId 47139 7ff668dd9b50 95 API calls 47135->47139 47136 7ff668dd7f98 47146 7ff668dd7fab 47136->47146 47147 7ff668dd7fb8 SetLastError 47136->47147 47138 7ff668dd7cc7 47137->47138 47141 7ff668dd7eb7 ReleaseMutex CloseHandle 47138->47141 47142 7ff668dd7cd9 OpenProcess 47138->47142 47143 7ff668dd792d 47139->47143 47140 7ff668dd7f8b CloseHandle 47140->47136 47141->47145 47142->47141 47144 7ff668dd7cfc GetCurrentProcess DuplicateHandle 47142->47144 47143->47145 47149 7ff668dd80e0 2 API calls 47143->47149 47144->47141 47148 7ff668dd7d3a GetCurrentProcessId 47144->47148 47145->47136 47145->47140 47214 7ff668dda490 MsgWaitForMultipleObjects PeekMessageW TranslateMessage DispatchMessageW WaitForMultipleObjects 47145->47214 47216 7ff668dda390 8 API calls 47146->47216 47213 7ff668dd2360 6 API calls 47148->47213 47152 7ff668dd7973 47149->47152 47155 7ff668dd8000 8 API calls 47152->47155 47154 7ff668dd7d47 WriteFile 47157 7ff668dd7e76 CloseHandle 47154->47157 47158 7ff668dd7d80 47154->47158 47166 7ff668dd7988 47155->47166 47156 7ff668dd7f22 47159 7ff668dd7f52 47156->47159 47215 7ff668dda490 MsgWaitForMultipleObjects PeekMessageW TranslateMessage DispatchMessageW WaitForMultipleObjects 47156->47215 47157->47141 47158->47157 47161 7ff668dd7d8e WriteFile 47158->47161 47159->47140 47161->47157 47163 7ff668dd7dc0 47161->47163 47163->47157 47165 7ff668dd7dce WriteFile 47163->47165 47164 7ff668dd7f4b 47164->47159 47165->47157 47167 7ff668dd7e00 47165->47167 47168 7ff668dd79b2 GetCurrentProcessId 47166->47168 47167->47157 47169 7ff668dd7e0e WriteFile 47167->47169 47212 7ff668dd2360 6 API calls 47168->47212 47169->47157 47172 7ff668dd7e3c 47169->47172 47171 7ff668dd79cd 47173 7ff668dd79f5 47171->47173 47174 7ff668dd7b00 47171->47174 47172->47157 47175 7ff668dd7e46 WriteFile 47172->47175 47176 7ff668dd7a0a CreateFileMappingW MapViewOfFile 47173->47176 47179 7ff668dd7b37 NtConnectPort 47174->47179 47175->47157 47177 7ff668dd7ac5 47176->47177 47178 7ff668dd7a8c 47176->47178 47177->47179 47182 7ff668dd7aab UnmapViewOfFile 47178->47182 47180 7ff668dd7baa 47179->47180 47181 7ff668dd7b9c CloseHandle 47179->47181 47183 7ff668dd7bb6 LocalFree 47180->47183 47181->47180 47182->47177 47184 7ff668dd7bcf CloseHandle 47183->47184 47185 7ff668dd7bdd 47183->47185 47184->47185 47186 7ff668dd7be7 GetCurrentProcessId 47185->47186 47187 7ff668dd7bf6 47185->47187 47186->47187 47187->47145 47188 7ff668dd7c30 OpenProcess 47187->47188 47188->47145 47190 7ff668dda5e5 47189->47190 47191 7ff668dda84d 47189->47191 47192 7ff668dda613 GetCurrentProcessId 47190->47192 47191->47135 47193 7ff668dda63f 47192->47193 47217 7ff668ddf490 47193->47217 47195 7ff668dda695 47196 7ff668dda69f CreateMutexW 47195->47196 47197 7ff668dda6c3 WaitForSingleObject GetCurrentProcessId 47196->47197 47198 7ff668dda836 47196->47198 47202 7ff668dda6fa 47197->47202 47199 7ff668dde460 2 API calls 47198->47199 47200 7ff668dda843 47199->47200 47201 7ff668dde460 2 API calls 47200->47201 47201->47191 47203 7ff668ddf490 63 API calls 47202->47203 47204 7ff668dda746 47203->47204 47205 7ff668dda753 CreateFileMappingW 47204->47205 47206 7ff668dda78f GetLastError 47205->47206 47207 7ff668dda81a ReleaseMutex CloseHandle 47205->47207 47208 7ff668dda79c MapViewOfFile 47206->47208 47207->47198 47210 7ff668dda7f5 47208->47210 47211 7ff668dda80c FindCloseChangeNotification 47208->47211 47210->47211 47211->47207 47212->47171 47213->47154 47214->47156 47215->47164 47216->47147 47218 7ff668ddf4b7 47217->47218 47219 7ff668ddf4de 47217->47219 47229 7ff668dde1d0 GetProcessHeap HeapAlloc 47218->47229 47225 7ff668e9ab40 47219->47225 47222 7ff668ddf522 47222->47195 47223 7ff668ddf4c1 47223->47219 47230 7ff668dddd70 GetProcessHeap HeapFree 47223->47230 47226 7ff668e9ab65 47225->47226 47231 7ff668ef7740 47226->47231 47229->47223 47230->47219 47232 7ff668ef7754 47231->47232 47236 7ff668ef7777 47231->47236 47232->47236 47237 7ff668ee1638 59 API calls 47232->47237 47235 7ff668e9ab81 47235->47222 47236->47235 47238 7ff668f14258 17 API calls 47236->47238 47237->47236 47238->47235 47239 7ff668dd8bf0 47245 7ff668dd8bf9 47239->47245 47240 7ff668dd8d70 EnterCriticalSection 47241 7ff668dd8d89 47240->47241 47242 7ff668dd8d98 CloseHandle CloseHandle LocalFree LeaveCriticalSection 47240->47242 47241->47242 47243 7ff668dd8c0f WaitForSingleObject 47244 7ff668dd8c3e 47243->47244 47243->47245 47244->47240 47245->47240 47245->47243 47245->47244 47246 7ff668dd8ce1 47245->47246 47247 7ff668dd8cf3 SetEvent 47246->47247 47248 7ff668dd8d20 GetTickCount LocalFree ReleaseSemaphore 47246->47248 47250 7ff668dda390 8 API calls 47247->47250 47248->47245 47250->47248 47251 7ff668f2d270 47252 7ff668f2d281 47251->47252 47253 7ff668f2d2b6 RtlAllocateHeap 47252->47253 47254 7ff668f2d2d0 47252->47254 47256 7ff668f1acd8 EnterCriticalSection LeaveCriticalSection 47252->47256 47253->47252 47253->47254 47256->47252 47257 7ff668ef9d3c 47262 7ff668f0e554 EnterCriticalSection LeaveCriticalSection HeapAlloc HeapFree GetLastError 47257->47262 47259 7ff668ef9d53 47260 7ff668ef9d68 47259->47260 47263 7ff668ef9974 47259->47263 47262->47259 47264 7ff668ef99a5 47263->47264 47265 7ff668ef998a 47263->47265 47264->47265 47266 7ff668ef99be 47264->47266 47292 7ff668f14258 17 API calls 47265->47292 47269 7ff668ef999b 47266->47269 47285 7ff668f0f33c 47266->47285 47269->47260 47273 7ff668ef9c59 47307 7ff668f142a8 IsProcessorFeaturePresent 47273->47307 47280 7ff668ef9a25 47281 7ff668ef9a3e 47280->47281 47282 7ff668ef9a9e 47280->47282 47281->47269 47305 7ff668f0f37c 19 API calls 47281->47305 47282->47269 47306 7ff668f0f37c 19 API calls 47282->47306 47286 7ff668ef99e6 47285->47286 47287 7ff668f0f34a 47285->47287 47293 7ff668f0de28 47286->47293 47311 7ff668f1fe78 EnterCriticalSection 47287->47311 47289 7ff668f0f352 47290 7ff668f0f362 47289->47290 47291 7ff668f0f1b4 35 API calls 47289->47291 47291->47290 47292->47269 47294 7ff668ef99fb 47293->47294 47295 7ff668f0de31 47293->47295 47294->47273 47297 7ff668f0de58 47294->47297 47312 7ff668f14258 17 API calls 47295->47312 47298 7ff668ef9a0c 47297->47298 47299 7ff668f0de61 47297->47299 47298->47273 47301 7ff668f0de88 47298->47301 47313 7ff668f14258 17 API calls 47299->47313 47302 7ff668ef9a1d 47301->47302 47303 7ff668f0de91 47301->47303 47302->47273 47302->47280 47314 7ff668f14258 17 API calls 47303->47314 47305->47269 47306->47269 47308 7ff668f142bb 47307->47308 47315 7ff668f14010 14 API calls 47308->47315 47310 7ff668f142d6 GetCurrentProcess TerminateProcess 47312->47294 47313->47298 47314->47302 47315->47310 47316 7ff668e0f2e0 47317 7ff668e0f2f2 47316->47317 47320 7ff668e10530 47317->47320 47321 7ff668e10562 47320->47321 47322 7ff668e1055d 47320->47322 47329 7ff668e105e3 47321->47329 47347 7ff668e107e0 47321->47347 47330 7ff668e0f6a0 47322->47330 47325 7ff668e9d970 8 API calls 47326 7ff668e0f3a0 47325->47326 47327 7ff668e105a2 47328 7ff668e11bd0 90 API calls 47327->47328 47327->47329 47328->47329 47329->47325 47350 7ff668e0f580 47330->47350 47334 7ff668e0f846 47387 7ff668e103d0 47334->47387 47335 7ff668e9d970 8 API calls 47337 7ff668e0f9d2 47335->47337 47336 7ff668e0f6ff 47336->47334 47339 7ff668e107e0 9 API calls 47336->47339 47337->47321 47343 7ff668e0f739 47339->47343 47340 7ff668e0f6cd 47340->47335 47341 7ff668e0f85c 47341->47340 47395 7ff668e10750 47341->47395 47343->47334 47343->47343 47374 7ff668e0fef0 47343->47374 47344 7ff668e0f890 47344->47340 47346 7ff668e0fef0 51 API calls 47344->47346 47346->47344 47348 7ff668e10870 9 API calls 47347->47348 47349 7ff668e107f5 47348->47349 47349->47327 47349->47349 47351 7ff668e0f5bb 47350->47351 47398 7ff668e10870 47351->47398 47353 7ff668e0f5ce 47401 7ff668e0f9e0 47353->47401 47355 7ff668e9d970 8 API calls 47357 7ff668e0f67f 47355->47357 47356 7ff668e0f5db 47358 7ff668e107e0 9 API calls 47356->47358 47365 7ff668e0f65c 47356->47365 47357->47340 47366 7ff668e10480 47357->47366 47359 7ff668e0f613 47358->47359 47360 7ff668e0f9e0 53 API calls 47359->47360 47361 7ff668e0f620 47360->47361 47362 7ff668e10750 9 API calls 47361->47362 47361->47365 47363 7ff668e0f64f 47362->47363 47364 7ff668e0f9e0 53 API calls 47363->47364 47364->47365 47365->47355 47368 7ff668e104ac 47366->47368 47371 7ff668e104fd 47366->47371 47367 7ff668e9d970 8 API calls 47369 7ff668e1051e 47367->47369 47370 7ff668e107e0 9 API calls 47368->47370 47369->47336 47372 7ff668e104d1 47370->47372 47371->47367 47372->47371 47373 7ff668e11bd0 90 API calls 47372->47373 47373->47371 47469 7ff668f13e2c 47374->47469 47377 7ff668e0ff2b 47380 7ff668e0ff37 47377->47380 47381 7ff668e0ff4e 47377->47381 47378 7ff668e0ff14 47379 7ff668e9d970 8 API calls 47378->47379 47382 7ff668e0ff26 47379->47382 47383 7ff668e9d970 8 API calls 47380->47383 47384 7ff668e9d970 8 API calls 47381->47384 47382->47343 47385 7ff668e0ff49 47383->47385 47386 7ff668e0ff6d 47384->47386 47385->47343 47386->47343 47388 7ff668e1044d 47387->47388 47389 7ff668e103fc 47387->47389 47390 7ff668e9d970 8 API calls 47388->47390 47392 7ff668e107e0 9 API calls 47389->47392 47391 7ff668e1046e 47390->47391 47391->47341 47393 7ff668e10421 47392->47393 47393->47388 47394 7ff668e11bd0 90 API calls 47393->47394 47394->47388 47396 7ff668e10870 9 API calls 47395->47396 47397 7ff668e10765 47396->47397 47397->47344 47397->47397 47407 7ff668e06ab0 47398->47407 47400 7ff668e1088b 47400->47353 47400->47400 47402 7ff668e0fef0 51 API calls 47401->47402 47403 7ff668e0f9ee 47402->47403 47404 7ff668e0f9f3 47403->47404 47424 7ff668f16da0 47403->47424 47404->47356 47408 7ff668e06b20 LoadLibraryA 47407->47408 47409 7ff668e06d03 47408->47409 47410 7ff668e06b4f GetProcAddress 47408->47410 47409->47400 47411 7ff668e06ba5 GetProcAddress 47410->47411 47412 7ff668e06b6b 47410->47412 47416 7ff668e06c9a 47411->47416 47418 7ff668e06c86 47411->47418 47412->47411 47414 7ff668e06b83 47412->47414 47423 7ff668e06d80 WideCharToMultiByte WideCharToMultiByte 47414->47423 47421 7ff668e06cc5 SHGetMalloc 47416->47421 47422 7ff668e06caa SHGetPathFromIDListA 47416->47422 47417 7ff668e06b93 CoTaskMemFree 47420 7ff668e06ce4 FreeLibrary 47417->47420 47418->47420 47420->47400 47421->47418 47421->47420 47422->47421 47423->47417 47425 7ff668f16dbf 47424->47425 47426 7ff668f16db5 47424->47426 47428 7ff668ee6c10 31 API calls 47425->47428 47427 7ff668f32034 2 API calls 47426->47427 47434 7ff668e0fa01 47427->47434 47429 7ff668f16de7 47428->47429 47436 7ff668f10e4c 47429->47436 47431 7ff668f16e4b 47432 7ff668f16e4f 47431->47432 47459 7ff668f32034 CreateDirectoryW 47431->47459 47432->47434 47462 7ff668f284e8 47432->47462 47434->47356 47437 7ff668f10e97 47436->47437 47438 7ff668f10e75 47436->47438 47440 7ff668f10e9b 47437->47440 47441 7ff668f10ef0 47437->47441 47439 7ff668f10e83 47438->47439 47442 7ff668f284e8 2 API calls 47438->47442 47439->47431 47440->47439 47445 7ff668f10ea6 47440->47445 47446 7ff668f10eaf 47440->47446 47468 7ff668f30180 MultiByteToWideChar 47441->47468 47442->47439 47447 7ff668f284e8 2 API calls 47445->47447 47467 7ff668f28480 EnterCriticalSection LeaveCriticalSection HeapAlloc 47446->47467 47447->47446 47451 7ff668f10ebc 47451->47439 47460 7ff668f32044 GetLastError 47459->47460 47461 7ff668f32051 47459->47461 47460->47461 47461->47432 47463 7ff668f284ed HeapFree 47462->47463 47466 7ff668f2851d 47462->47466 47464 7ff668f28508 47463->47464 47463->47466 47465 7ff668f2850d GetLastError 47464->47465 47465->47466 47466->47434 47467->47451 47470 7ff668f13e49 47469->47470 47471 7ff668f13e55 47469->47471 47472 7ff668f12238 49 API calls 47470->47472 47473 7ff668ee6c10 31 API calls 47471->47473 47480 7ff668e0ff10 47472->47480 47474 7ff668f13e7d 47473->47474 47475 7ff668f10e4c 7 API calls 47474->47475 47476 7ff668f13ee1 47475->47476 47477 7ff668f13ef9 47476->47477 47478 7ff668f13ee5 47476->47478 47484 7ff668f12238 47477->47484 47478->47480 47482 7ff668f284e8 2 API calls 47478->47482 47480->47377 47480->47378 47482->47480 47483 7ff668f284e8 2 API calls 47483->47480 47485 7ff668f12273 47484->47485 47493 7ff668f12257 47484->47493 47486 7ff668f12286 CreateFileW 47485->47486 47485->47493 47487 7ff668f122b9 47486->47487 47488 7ff668f12300 47486->47488 47501 7ff668f12b0c GetFileType 47487->47501 47523 7ff668f1367c 31 API calls 47488->47523 47491 7ff668f122c7 47496 7ff668f1226e 47491->47496 47497 7ff668f122e2 FindCloseChangeNotification 47491->47497 47492 7ff668f12305 47500 7ff668f12309 47492->47500 47524 7ff668f13344 47492->47524 47522 7ff668f14258 17 API calls 47493->47522 47496->47480 47496->47483 47497->47496 47500->47491 47502 7ff668f12c17 47501->47502 47503 7ff668f12b5a 47501->47503 47505 7ff668f12c1f 47502->47505 47506 7ff668f12c41 47502->47506 47504 7ff668f12b86 GetFileInformationByHandle 47503->47504 47542 7ff668f13488 15 API calls 47503->47542 47508 7ff668f12baf 47504->47508 47509 7ff668f12c32 GetLastError 47504->47509 47505->47509 47511 7ff668f12bea 47505->47511 47510 7ff668f12c64 PeekNamedPipe 47506->47510 47506->47511 47513 7ff668f13344 32 API calls 47508->47513 47509->47511 47510->47511 47514 7ff668e9d970 8 API calls 47511->47514 47512 7ff668f12b74 47512->47504 47512->47511 47515 7ff668f12bba 47513->47515 47516 7ff668f12c9d 47514->47516 47535 7ff668f12d4c 47515->47535 47516->47491 47519 7ff668f12d4c 10 API calls 47520 7ff668f12bd9 47519->47520 47521 7ff668f12d4c 10 API calls 47520->47521 47521->47511 47522->47496 47523->47492 47526 7ff668f1336c 47524->47526 47525 7ff668f12322 47534 7ff668f13488 15 API calls 47525->47534 47526->47525 47543 7ff668f19068 32 API calls 47526->47543 47528 7ff668f13400 47528->47525 47544 7ff668f19068 32 API calls 47528->47544 47530 7ff668f13413 47530->47525 47545 7ff668f19068 32 API calls 47530->47545 47532 7ff668f13426 47532->47525 47546 7ff668f19068 32 API calls 47532->47546 47534->47500 47536 7ff668f12d78 FileTimeToSystemTime 47535->47536 47537 7ff668f12d6b 47535->47537 47538 7ff668f12d8a SystemTimeToTzSpecificLocalTime 47536->47538 47539 7ff668f12d73 47536->47539 47537->47536 47537->47539 47538->47539 47540 7ff668e9d970 8 API calls 47539->47540 47541 7ff668f12bc9 47540->47541 47541->47519 47542->47512 47543->47528 47544->47530 47545->47532 47546->47525 47547 7ff668dd8a66 47561 7ff668dd875d 47547->47561 47548 7ff668dd8a7c 47549 7ff668dd8baa 47548->47549 47550 7ff668dd8ac4 GetTickCount 47548->47550 47550->47549 47554 7ff668dd8b14 47550->47554 47551 7ff668dd878d 47552 7ff668dd8768 WaitForSingleObject 47552->47551 47553 7ff668dd8792 EnterCriticalSection 47552->47553 47555 7ff668dd87dc LeaveCriticalSection 47553->47555 47553->47561 47556 7ff668dd8b20 SetEvent 47554->47556 47555->47561 47567 7ff668ddb7e0 47556->47567 47558 7ff668dd8862 SetEvent 47558->47561 47559 7ff668dd8906 LocalAlloc 47559->47561 47560 7ff668dd8a04 WaitForSingleObject 47560->47561 47561->47548 47561->47551 47561->47552 47561->47555 47561->47558 47561->47559 47561->47560 47562 7ff668dd8934 CreateEventW CreateThread 47561->47562 47563 7ff668dd89ae SetThreadPriority 47562->47563 47564 7ff668dd89c9 CloseHandle LocalFree 47562->47564 47563->47561 47566 7ff668ddb740 47564->47566 47566->47561 47567->47549 47568 7ff668f16974 47569 7ff668f169be 47568->47569 47571 7ff668f1699e 47568->47571 47591 7ff668f31f64 47569->47591 47600 7ff668f14258 17 API calls 47571->47600 47573 7ff668f169d6 47601 7ff668f16088 36 API calls 47573->47601 47574 7ff668f169c7 GetLastError 47580 7ff668f169b6 47574->47580 47576 7ff668f16a0e 47578 7ff668f16a12 47576->47578 47579 7ff668f16a25 47576->47579 47578->47580 47581 7ff668f284e8 2 API calls 47578->47581 47590 7ff668f16a3a 47579->47590 47602 7ff668f10b58 34 API calls 47579->47602 47582 7ff668e9d970 8 API calls 47580->47582 47581->47580 47583 7ff668f16a93 47582->47583 47585 7ff668f16a45 47603 7ff668f31c28 34 API calls 47585->47603 47586 7ff668f284e8 2 API calls 47586->47580 47588 7ff668f16a62 47589 7ff668f16a66 GetLastError 47588->47589 47588->47590 47589->47590 47590->47580 47590->47586 47592 7ff668ee6c10 31 API calls 47591->47592 47594 7ff668f31f9c 47592->47594 47593 7ff668f10e4c 7 API calls 47595 7ff668f32000 47593->47595 47594->47593 47596 7ff668f32008 SetCurrentDirectoryW 47595->47596 47597 7ff668f32004 47595->47597 47596->47597 47598 7ff668f169c3 47597->47598 47599 7ff668f284e8 2 API calls 47597->47599 47598->47573 47598->47574 47599->47598 47600->47580 47601->47576 47602->47585 47603->47588

                                                Executed Functions

                                                Function 00007FF668DD7850 Relevance: 54.6, APIs: 27, Strings: 4, Instructions: 323filenativesynchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 194 7ff668dd7850-7ff668dd78b6 GetLastError call 7ff668dd7730 197 7ff668dd7c62-7ff668dd7c84 call 7ff668ddb180 194->197 198 7ff668dd78bc-7ff668dd7928 call 7ff668ed1330 call 7ff668dda5d0 GetCurrentProcessId * 2 call 7ff668dd9b50 194->198 204 7ff668dd7ed3-7ff668dd7ed9 197->204 205 7ff668dd7c8a-7ff668dd7cd3 call 7ff668dd9b50 197->205 217 7ff668dd792d-7ff668dd7939 198->217 207 7ff668dd7edf-7ff668dd7ee7 204->207 208 7ff668dd7f98-7ff668dd7f9f call 7ff668dd7fe0 204->208 215 7ff668dd7eb7-7ff668dd7ecd ReleaseMutex CloseHandle 205->215 216 7ff668dd7cd9-7ff668dd7cf6 OpenProcess 205->216 212 7ff668dd7f8b-7ff668dd7f96 CloseHandle 207->212 213 7ff668dd7eed-7ff668dd7ef5 207->213 218 7ff668dd7fa4-7ff668dd7fa9 208->218 212->218 213->212 219 7ff668dd7efb-7ff668dd7f27 call 7ff668ddbcc0 call 7ff668dda490 213->219 215->204 216->215 220 7ff668dd7cfc-7ff668dd7d34 GetCurrentProcess DuplicateHandle 216->220 221 7ff668dd793f-7ff668dd79ef call 7ff668dd80e0 call 7ff668dd8000 call 7ff668ed1330 * 2 GetCurrentProcessId call 7ff668dd2360 217->221 222 7ff668dd7c5d 217->222 224 7ff668dd7fab-7ff668dd7fb3 call 7ff668dda390 218->224 225 7ff668dd7fb8-7ff668dd7fd1 SetLastError 218->225 239 7ff668dd7f80 219->239 240 7ff668dd7f29-7ff668dd7f50 call 7ff668dda490 219->240 220->215 226 7ff668dd7d3a-7ff668dd7d7a GetCurrentProcessId call 7ff668dd2360 WriteFile 220->226 261 7ff668dd79f5-7ff668dd7a8a call 7ff668ed1330 CreateFileMappingW MapViewOfFile 221->261 262 7ff668dd7b00-7ff668dd7b2b call 7ff668ed0c80 221->262 222->204 224->225 236 7ff668dd7e93 226->236 237 7ff668dd7d80-7ff668dd7d88 226->237 241 7ff668dd7e9e-7ff668dd7eb1 CloseHandle 236->241 237->236 242 7ff668dd7d8e-7ff668dd7dba WriteFile 237->242 239->212 250 7ff668dd7f52-7ff668dd7f71 call 7ff668ed0c80 240->250 251 7ff668dd7f73 240->251 241->215 242->236 245 7ff668dd7dc0-7ff668dd7dc8 242->245 245->236 248 7ff668dd7dce-7ff668dd7dfa WriteFile 245->248 248->236 253 7ff668dd7e00-7ff668dd7e08 248->253 252 7ff668dd7f7e 250->252 251->252 252->212 253->236 257 7ff668dd7e0e-7ff668dd7e3a WriteFile 253->257 257->236 260 7ff668dd7e3c-7ff668dd7e44 257->260 260->236 263 7ff668dd7e46-7ff668dd7e74 WriteFile 260->263 270 7ff668dd7ac5-7ff668dd7afe 261->270 271 7ff668dd7a8c-7ff668dd7ab9 call 7ff668ed0c80 UnmapViewOfFile 261->271 272 7ff668dd7b37-7ff668dd7b9a NtConnectPort 262->272 263->236 266 7ff668dd7e76-7ff668dd7e84 263->266 266->236 269 7ff668dd7e86-7ff668dd7e91 266->269 269->241 270->272 271->270 274 7ff668dd7baa-7ff668dd7bcd call 7ff668dd7fe0 LocalFree 272->274 275 7ff668dd7b9c-7ff668dd7ba4 CloseHandle 272->275 279 7ff668dd7bcf-7ff668dd7bd7 CloseHandle 274->279 280 7ff668dd7bdd-7ff668dd7be5 274->280 275->274 279->280 281 7ff668dd7c03 280->281 282 7ff668dd7be7-7ff668dd7bf4 GetCurrentProcessId 280->282 284 7ff668dd7c0e-7ff668dd7c24 281->284 282->281 283 7ff668dd7bf6-7ff668dd7c01 282->283 283->284 285 7ff668dd7c51-7ff668dd7c58 call 7ff668dd7fe0 284->285 286 7ff668dd7c26-7ff668dd7c2e 284->286 285->222 286->285 287 7ff668dd7c30-7ff668dd7c4f OpenProcess 286->287 287->222
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Process$CurrentFile$CloseHandle$ErrorLastWrite$CreateMutexView$LocalMappingOpenRelease$AllocChangeConnectDuplicateFindFreeNotificationObjectPortSingleUnmapWait
                                                • String ID: *** SendIpcMessage: ProcessID was not filled in by server$0$SendIpcMessage: *** LpcPortThread did not fill in the process ID$SendIpcMessage: NtConnectPort complete
                                                • API String ID: 1468937249-267596419
                                                • Opcode ID: 00218cc43da3fe3cd19d743074dbaeda4428c91b71f4fb89d7f8a802a7ff2764
                                                • Instruction ID: 50b100ac94d69aac8b9dabe620bd8cb6d51202b35707cac77b8953aafc228bfa
                                                • Opcode Fuzzy Hash: 00218cc43da3fe3cd19d743074dbaeda4428c91b71f4fb89d7f8a802a7ff2764
                                                • Instruction Fuzzy Hash: 5902D3326086C2D6E7719B35E4443AAB3B4FBC4784F400136E6898BA99DF7DD648CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD8180 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 249threadmemorystringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 289 7ff668dd8180-7ff668dd8200 GetCurrentProcess * 3 DuplicateHandle 290 7ff668dd8202-7ff668dd821e call 7ff668dd72d0 SetLastError FindCloseChangeNotification 289->290 291 7ff668dd8224-7ff668dd822d 289->291 290->291 293 7ff668dd822f-7ff668dd8238 291->293 294 7ff668dd8246-7ff668dd8261 EnterCriticalSection 291->294 296 7ff668dd823f 293->296 297 7ff668dd823a call 7ff668dd7200 293->297 298 7ff668dd826e-7ff668dd8286 294->298 296->294 297->296 300 7ff668dd82c8-7ff668dd82dc LeaveCriticalSection 298->300 301 7ff668dd8288-7ff668dd82bd call 7ff668f0dc74 298->301 302 7ff668dd82e2-7ff668dd8314 call 7ff668ed1330 call 7ff668dd80e0 call 7ff668dd8000 300->302 303 7ff668dd86d0 300->303 309 7ff668dd82bf-7ff668dd82c4 301->309 310 7ff668dd82c6 301->310 316 7ff668dd835d 302->316 317 7ff668dd8316-7ff668dd8323 call 7ff668ddbcc0 302->317 306 7ff668dd86d4-7ff668dd86db 303->306 309->300 310->298 318 7ff668dd8369-7ff668dd83a0 LocalAlloc 316->318 324 7ff668dd8332 317->324 325 7ff668dd8325-7ff668dd8330 317->325 320 7ff668dd83a2-7ff668dd83b2 318->320 321 7ff668dd83b4-7ff668dd83bc 318->321 323 7ff668dd83c4-7ff668dd8437 NtCreatePort call 7ff668dd8720 LocalFree * 2 320->323 321->323 330 7ff668dd8447-7ff668dd844e 323->330 331 7ff668dd8439-7ff668dd8441 LocalFree 323->331 327 7ff668dd833d-7ff668dd835b call 7ff668de7640 324->327 325->327 327->318 333 7ff668dd8450-7ff668dd8452 330->333 334 7ff668dd8457-7ff668dd845e 330->334 331->330 333->306 334->303 335 7ff668dd8464-7ff668dd8478 call 7ff668dd7fe0 334->335 338 7ff668dd8485-7ff668dd84fd LocalAlloc lstrlenA LocalAlloc lstrcpyA call 7ff668e9dda0 335->338 339 7ff668dd847a 335->339 342 7ff668dd84ff-7ff668dd8548 338->342 343 7ff668dd854a 338->343 339->338 344 7ff668dd8556-7ff668dd86bd CreateSemaphoreW InitializeCriticalSection CreateThread * 2 SetThreadPriority * 2 EnterCriticalSection call 7ff668ddb450 342->344 343->344 346 7ff668dd86c2-7ff668dd86ca LeaveCriticalSection 344->346 346->303
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$CriticalSection$CreateThread$AddressAllocCurrentFreeProcProcess$EnterInitializeLeavePriority$AllocateChangeCloseDuplicateErrorFindHandleLastLibraryLoadNotificationPortSemaphorelstrcpylstrlen
                                                • String ID: @$NtCreatePort succeeded
                                                • API String ID: 1730203066-1743496559
                                                • Opcode ID: 5c254da5c4c752348010c21964da783c85bd6a69d4f8ef9fdd6a73e94079e984
                                                • Instruction ID: 80aee4a90e3ba5bf804575e9cd033c78eefb47a7018382c1e1bc7dd2c20e412c
                                                • Opcode Fuzzy Hash: 5c254da5c4c752348010c21964da783c85bd6a69d4f8ef9fdd6a73e94079e984
                                                • Instruction Fuzzy Hash: AEE1E532608B85C1E7618B75E8543AAB7B0FBC8784F004536DA8D8BBA9DF7CD148CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD8DE0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 285nativememoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 347 7ff668dd8de0-7ff668dd8e18 348 7ff668dd8e21-7ff668dd8e26 347->348 349 7ff668dd9354-7ff668dd935f 348->349 350 7ff668dd8e2c-7ff668dd8e52 LocalAlloc 348->350 351 7ff668dd8e54-7ff668dd8e61 call 7ff668ddbcc0 350->351 352 7ff668dd8eb0-7ff668dd8ed5 NtReplyWaitReceivePort 350->352 351->352 358 7ff668dd8e63-7ff668dd8e9e NtReplyWaitReceivePortEx 351->358 354 7ff668dd8ed9-7ff668dd8edf 352->354 356 7ff668dd8ef5-7ff668dd8efa 354->356 357 7ff668dd8ee1-7ff668dd8eec CloseHandle 354->357 359 7ff668dd9325-7ff668dd933c LocalFree 356->359 360 7ff668dd8f00-7ff668dd8f16 call 7ff668dd9390 356->360 357->356 361 7ff668dd8eae 358->361 362 7ff668dd8ea0-7ff668dd8eac 358->362 363 7ff668dd934f 359->363 364 7ff668dd933e-7ff668dd934b call 7ff668ddbcc0 359->364 360->359 369 7ff668dd8f1c-7ff668dd8f7e call 7ff668dd7fe0 360->369 361->354 362->358 362->361 363->348 364->363 370 7ff668dd934d 364->370 373 7ff668dd8f80-7ff668dd8fd5 call 7ff668dd7fe0 NtAcceptConnectPort call 7ff668dd8720 LocalFree 369->373 374 7ff668dd8fda-7ff668dd8fe2 369->374 370->349 373->349 376 7ff668dd8fe4-7ff668dd8ff0 374->376 377 7ff668dd8ff6-7ff668dd9082 GetCurrentProcessId LocalAlloc call 7ff668dd7fe0 NtAcceptConnectPort call 7ff668dd8720 374->377 376->377 385 7ff668dd92b8-7ff668dd9312 call 7ff668dd7fe0 NtAcceptConnectPort call 7ff668dd8720 LocalFree 377->385 386 7ff668dd9088-7ff668dd9091 377->386 400 7ff668dd9318-7ff668dd9323 LocalFree 385->400 388 7ff668dd913e-7ff668dd91b0 call 7ff668dd7fe0 NtCompleteConnectPort call 7ff668dd9b50 386->388 389 7ff668dd9097-7ff668dd9139 LocalAlloc call 7ff668ed0c80 * 2 LocalFree 386->389 401 7ff668dd91b5-7ff668dd91ba 388->401 389->388 400->363 402 7ff668dd91c0-7ff668dd91cc 401->402 403 7ff668dd92ab-7ff668dd92b0 LocalFree 401->403 405 7ff668dd91ce-7ff668dd91da SetEvent 402->405 406 7ff668dd91e0-7ff668dd924e call 7ff668f1a1f0 EnterCriticalSection 402->406 404 7ff668dd92b6 403->404 404->400 405->406 409 7ff668dd9253-7ff668dd925c 406->409 410 7ff668dd925e-7ff668dd926b 409->410 411 7ff668dd926d-7ff668dd92a9 LeaveCriticalSection ReleaseSemaphore 409->411 410->409 411->404
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$FreePort$Connect$AcceptAlloc$CriticalReceiveReplySectionWait$CloseCompleteCurrentEnterEventHandleLeaveProcessReleaseSemaphore
                                                • String ID: LpcPortThread: Accepting connection request$LpcPortThread: Completing connection request$LpcPortThread: Got message from client$LpcPortThread: Rejecting connection request because accepting it failed$LpcPortThread: Rejecting connection request because queue is shutting down
                                                • API String ID: 1781747597-1442112762
                                                • Opcode ID: 2a48be5a03281bbd80accd9fddf891c2884e58c8c0839889da63cb77fd44e4c3
                                                • Instruction ID: 99139b9c0b646e8216fd50c3987fe5157995af815bd2b0eaaf55d9ae1ead7868
                                                • Opcode Fuzzy Hash: 2a48be5a03281bbd80accd9fddf891c2884e58c8c0839889da63cb77fd44e4c3
                                                • Instruction Fuzzy Hash: A3E1F536608B85C2EB508B35E49436A77B0FBC5B84F504136EA8E8BBA9CF3DD445CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE7640 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 200memorylibraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 526 7ff668de7640-7ff668de768f call 7ff668ed1330 * 2 531 7ff668de7695-7ff668de772f call 7ff668ddd8d0 * 2 GetModuleHandleA GetProcAddress 526->531 532 7ff668de7aa1-7ff668de7aab call 7ff668de6620 526->532 544 7ff668de7735-7ff668de7789 AllocateAndInitializeSid 531->544 545 7ff668de7a10-7ff668de7a4a InitializeSecurityDescriptor SetSecurityDescriptorDacl 531->545 537 7ff668de7aad-7ff668de7aba call 7ff668de73c0 532->537 538 7ff668de7abc-7ff668de7ae2 InitializeSecurityDescriptor SetSecurityDescriptorDacl 532->538 541 7ff668de7ae8-7ff668de7b20 537->541 538->541 544->545 546 7ff668de778f-7ff668de77e6 AllocateAndInitializeSid 544->546 547 7ff668de7a5a-7ff668de7a63 545->547 548 7ff668de7a4c-7ff668de7a54 FreeSid 545->548 546->545 549 7ff668de77ec-7ff668de7801 GetCurrentProcess call 7ff668dd5270 546->549 550 7ff668de7a73-7ff668de7a7c 547->550 551 7ff668de7a65-7ff668de7a6d FreeSid 547->551 548->547 549->545 558 7ff668de7807-7ff668de780d 549->558 553 7ff668de7a7e-7ff668de7a86 FreeSid 550->553 554 7ff668de7a8c-7ff668de7a92 550->554 551->550 553->554 556 7ff668de7a94-7ff668de7a99 LocalFree 554->556 557 7ff668de7a9f 554->557 556->557 557->541 558->545 559 7ff668de7813-7ff668de78f1 call 7ff668ed1330 call 7ff668de6620 558->559 564 7ff668de79a0-7ff668de79aa 559->564 565 7ff668de78f7-7ff668de7951 AllocateAndInitializeSid 559->565 567 7ff668de79dc-7ff668de7a02 564->567 568 7ff668de79ac-7ff668de79cc SetEntriesInAclA 564->568 565->564 566 7ff668de7953-7ff668de7999 565->566 566->564 567->545 572 7ff668de7a04 567->572 569 7ff668de79ce 568->569 570 7ff668de79da 568->570 569->570 570->545 572->545
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Initialize$DescriptorFreeSecurity$AllocateToken$DaclHandleInformationLocalProcess$AddressAllocCloseCurrentEntriesErrorLastModuleOpenProcVersion
                                                • String ID: 41#4%<fg{199U
                                                • API String ID: 390924663-644288483
                                                • Opcode ID: 922579a6069704a2c6e7ad3dce4f8d5045cf3dd50dd509437d7d75d432d1acea
                                                • Instruction ID: e3c0c0cf1c0141016b94cfa2ce9c09629d7a365740fab4469f1910b03c760ae3
                                                • Opcode Fuzzy Hash: 922579a6069704a2c6e7ad3dce4f8d5045cf3dd50dd509437d7d75d432d1acea
                                                • Instruction Fuzzy Hash: 64C1E5725086C1C6E7B08F25F4587AAB7B0FB84784F404125D68D8BA9ADF7ED148CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD6F80 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 134memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: LookupPrivilegeTokenValue$InformationProcess$AllocCurrentLocalOpen
                                                • String ID: SeBackupPrivilege$SeRestorePrivilege$SeTakeOwnershipPrivilege
                                                • API String ID: 501445279-1682096087
                                                • Opcode ID: 869aad5fb0cc8b260157351f5c49fe73c44433b7bc132cc1b660c4b7f6644c4c
                                                • Instruction ID: 73783f8ff3f42bb70f8297cc82f729e532e429254fc02a9fd615281017e537f3
                                                • Opcode Fuzzy Hash: 869aad5fb0cc8b260157351f5c49fe73c44433b7bc132cc1b660c4b7f6644c4c
                                                • Instruction Fuzzy Hash: 3A611D32A08681C6DB50CB75E49072AB7B1FBD4785F505136E68E8BAA8DF3DE405CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E963D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                C-Code - Quality: 18%
                                                			E00007FF67FF668E963D0(long long* __rax, void* __rcx, long long __rdi, long long __rsi, long long __rbp, long long __r12, long long __r13, intOrPtr _a8, long long _a16, long long _a24, long long _a32) {
				long long _v32;
				long long _v40;
				void* __rbx;
				void* _t26;
				void* _t27;
				void* _t37;
				intOrPtr _t38;
				void* _t78;
				void* _t79;
				void* _t80;

				_t72 = __rbp;
				 *((intOrPtr*)(__rcx + 0xc34)) = 5;
				LoadLibraryA(??); // executed
				if (__rax == 0) goto 0x68e96555;
				GetProcAddress(??, ??);
				if (__rax == 0) goto 0x68e96555;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_v32 = __r12;
				_v40 = __r13;
				_a8 = 0;
				_t26 =  *__rax(); // executed
				if (_t26 != 0x6f) goto 0x68e96545;
				0x68ee0598();
				if (__rax == 0) goto 0x68e96545;
				_t27 =  *__rax(); // executed
				if (_t27 != 0) goto 0x68e96545;
				_t38 =  *((intOrPtr*)(__rcx + 0xc34));
				_t70 = __rax;
				if (_t38 <= 0) goto 0x68e964d4;
				_t49 =  *0x68f9d5b8;
				r9d =  *0x7FF668F9D5BC;
				_t13 = _t49 + 0x198; // 0x198
				if (E00007FF67FF668E958E0(__rax, _t13 + __rax, 0x68f9d5b8, __rax, __rbp, (0 << 4) +  *0x68f9d5b8 + 0x68f9d5b0, _t79, _t80) == 0) goto 0x68e96531;
				if (1 - _t38 < 0) goto 0x68e964a0;
				_t15 = _t70 + 0x198; // 0x198
				 *((intOrPtr*)(__rcx + 0xc2c)) =  *((intOrPtr*)(__rax + 0x194));
				r8d =  *((intOrPtr*)(__rax + 0x194));
				0x68ed0c80();
				E00007FF67FF668F14354(_t37, __rax, __rax, _t15, 0x7ff668f9d5c8, __rax, _t72, _t78);
				FreeLibrary(??);
				return 0;
			}













                                                0x7ff668e963d0
                                                0x7ff668e963dd
                                                0x7ff668e963ee
                                                0x7ff668e963fa
                                                0x7ff668e9640a
                                                0x7ff668e96416
                                                0x7ff668e9641c
                                                0x7ff668e96426
                                                0x7ff668e9642d
                                                0x7ff668e96432
                                                0x7ff668e96437
                                                0x7ff668e9643c
                                                0x7ff668e96444
                                                0x7ff668e96449
                                                0x7ff668e96453
                                                0x7ff668e9645e
                                                0x7ff668e9646c
                                                0x7ff668e96470
                                                0x7ff668e96476
                                                0x7ff668e96484
                                                0x7ff668e9648b
                                                0x7ff668e964a0
                                                0x7ff668e964a6
                                                0x7ff668e964b1
                                                0x7ff668e964c8
                                                0x7ff668e964d2
                                                0x7ff668e964da
                                                0x7ff668e964e1
                                                0x7ff668e964ef
                                                0x7ff668e964f6
                                                0x7ff668e964fe
                                                0x7ff668e96506
                                                0x7ff668e96530

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Library$Free$AdaptersInfo$AddressLoadProc
                                                • String ID: GetAdaptersInfo$iphlpapi.dll
                                                • API String ID: 4217468987-3114217049
                                                • Opcode ID: 6ebf2be7112c68536d2f5ec0508014402ba50f579c707f42a86053250c0258e7
                                                • Instruction ID: d7868d8dfd3fd94f0394f4e50463bcbab60c0b9365459fad44073b58935b6857
                                                • Opcode Fuzzy Hash: 6ebf2be7112c68536d2f5ec0508014402ba50f579c707f42a86053250c0258e7
                                                • Instruction Fuzzy Hash: 06417B75A09782C2EB14DB71E44026963A0FF887D8F444836EE5D8B769DF7CE445C708
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F0ED98 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280timeCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 92%
                                                			E00007FF67FF668F0ED98(void* __ebx, void* __ecx, void* __eflags, intOrPtr* __rax, long long __rbx, signed short* __rcx, void* __r9, long long _a8, signed int _a16, signed int _a24, char _a32) {
				void* __rsi;
				void* _t35;
				void* _t43;
				void* _t44;
				void* _t45;
				signed int _t52;
				signed short _t53;
				signed int _t55;
				void* _t56;
				void* _t61;
				void* _t64;
				signed int _t83;
				signed short* _t89;
				void* _t96;
				intOrPtr* _t110;
				signed short* _t112;
				signed int* _t113;
				signed short* _t121;
				signed short* _t126;
				signed long long _t144;
				signed long long _t145;
				signed short* _t148;
				signed short* _t149;
				signed short* _t150;
				signed short* _t151;
				signed short* _t152;
				signed short* _t153;
				intOrPtr* _t154;
				signed short* _t155;
				void* _t163;
				void* _t165;

				_t163 = __r9;
				_t110 = __rax;
				_t64 = __ebx;
				_a8 = __rbx;
				_t154 = __rcx;
				E00007FF67FF668F0DE20(E00007FF67FF668F0DE18(_t35));
				r13d = 0;
				_a16 = r13d;
				_a24 = r13d;
				if (E00007FF67FF668F0DE88(_t110,  &_a16) != 0) goto 0x68f0f016;
				if (E00007FF67FF668F0DE28(_t110,  &_a24) != 0) goto 0x68f0f016;
				_t121 =  *0x68fc65e0; // 0x0
				_t89 = _t121;
				if (_t89 == 0) goto 0x68f0ee1f;
				r8d =  *(__rcx + _t121 - __rcx) & 0x0000ffff;
				if (_t89 != 0) goto 0x68f0ee17;
				_t112 =  &(__rcx[1]);
				if (r8d != 0) goto 0x68f0ee01;
				if (( *__rcx & 0x0000ffff) - r8d == 0) goto 0x68f0f001;
				_t145 = _t144 | 0xffffffff;
				if (__rcx[_t145 + 1] != r13w) goto 0x68f0ee26;
				E00007FF67FF668F28480(_t112, 2 + (_t145 + 1) * 2);
				if (_t112 == 0) goto 0x68f0eff9;
				_t126 =  *0x68fc65e0; // 0x0
				E00007FF67FF668F284E8(_t112, _t126);
				 *0x68fc65e0 = _t112;
				_t146 = _t145 + 1;
				if ( *((intOrPtr*)(_t154 + (_t145 + 1) * 2)) != r13w) goto 0x68f0ee62;
				if (E00007FF67FF668F1A0B0(_t112, _t112, _t146 + 1, _t154) != 0) goto 0x68f0f016;
				r8d = 0x80;
				_t43 = E00007FF67FF668ED1330(_t42, 0,  *_t110, _t146 + 1, _t154);
				r8d = 0x80;
				_t44 = E00007FF67FF668ED1330(_t43, 0,  *((intOrPtr*)(_t110 + 8)), _t146 + 1, _t154);
				r8d = 0x40;
				_t45 = E00007FF67FF668ED1330(_t44, 0,  *_t110, _t146 + 1, _t154);
				r8d = 0x40;
				E00007FF67FF668ED1330(_t45, 0,  *((intOrPtr*)(_t110 + 8)), _t146 + 1, _t154);
				r9d = 3;
				E00007FF67FF668F0ECB4(_t64, _t112, _t165, _t154,  *_t110, _t154,  *_t110, _t163);
				_t96 =  *_t154 - r13w;
				if (_t96 == 0) goto 0x68f0eee5;
				_t155 = _t154 + 2;
				_t113 = _t112 - 1;
				if (_t96 != 0) goto 0x68f0eedb;
				r14d =  *_t155 & 0x0000ffff;
				_t17 =  &(_t113[2]); // 0xc
				r8d = _t17;
				_t148 =  !=  ? _t155 :  &(_t155[1]);
				_a16 = E00007FF67FF668F28B8C(_t148,  &_a32) * 0xe10;
				if ( *_t148 == 0x2b) goto 0x68f0ef28;
				if (( *_t148 & 0x0000ffff) - 0x30 - 9 > 0) goto 0x68f0ef2e;
				_t149 =  &(_t148[1]);
				goto 0x68f0ef15;
				if ( *_t149 != 0x3a) goto 0x68f0efb3;
				_t150 =  &(_t149[1]);
				r8d = 0xa;
				_t52 = E00007FF67FF668F28B8C(_t150,  &_a32);
				_t53 =  *_t150 & 0x0000ffff;
				_a16 = _a16 + _t52 * 0x3c;
				if (_t53 - 0x30 < 0) goto 0x68f0ef7a;
				if ((_t53 & 0x0000ffff) - 0x39 > 0) goto 0x68f0ef7a;
				_t151 =  &(_t150[1]);
				_t55 =  *_t151 & 0x0000ffff;
				if (_t55 - 0x30 >= 0) goto 0x68f0ef61;
				if (_t55 != 0x3a) goto 0x68f0efb3;
				_t152 =  &(_t151[1]);
				r8d = 0xa;
				_t56 = E00007FF67FF668F28B8C(_t152,  &_a32);
				_t83 = _a16 + _t56;
				_a16 = _t83;
				goto 0x68f0efaa;
				if (_t56 - 0x39 > 0) goto 0x68f0efb3;
				_t153 =  &(_t152[1]);
				if (( *_t153 & 0x0000ffff) - 0x30 >= 0) goto 0x68f0efa0;
				if (r14w != 0x2d) goto 0x68f0efbf;
				_a16 =  ~_t83;
				_t28 =  *_t153 != r13w;
				_a24 = r13d & 0xffffff00 | _t28;
				if (_t28 == 0) goto 0x68f0efe8;
				r9d = 3;
				_t61 = E00007FF67FF668F0DE10(E00007FF67FF668F0ECB4(_t64, _t113, _t165, _t153,  *((intOrPtr*)(_t110 + 8)), _t155,  *((intOrPtr*)(_t110 + 8)), _t163));
				 *_t113 = _a16;
				E00007FF67FF668F0DE00(_t61);
				 *_t113 = _a24;
				return E00007FF67FF668F284E8(_t113, _t165);
			}


































                                                0x7ff668f0ed98
                                                0x7ff668f0ed98
                                                0x7ff668f0ed98
                                                0x7ff668f0ed98
                                                0x7ff668f0edaf
                                                0x7ff668f0edba
                                                0x7ff668f0edbf
                                                0x7ff668f0edc6
                                                0x7ff668f0edcd
                                                0x7ff668f0edd8
                                                0x7ff668f0ede9
                                                0x7ff668f0edef
                                                0x7ff668f0edf6
                                                0x7ff668f0edf9
                                                0x7ff668f0ee04
                                                0x7ff668f0ee0c
                                                0x7ff668f0ee0e
                                                0x7ff668f0ee15
                                                0x7ff668f0ee19
                                                0x7ff668f0ee1f
                                                0x7ff668f0ee2e
                                                0x7ff668f0ee38
                                                0x7ff668f0ee43
                                                0x7ff668f0ee49
                                                0x7ff668f0ee50
                                                0x7ff668f0ee5b
                                                0x7ff668f0ee62
                                                0x7ff668f0ee6a
                                                0x7ff668f0ee7a
                                                0x7ff668f0ee89
                                                0x7ff668f0ee8e
                                                0x7ff668f0ee98
                                                0x7ff668f0ee9d
                                                0x7ff668f0eeaa
                                                0x7ff668f0eeaf
                                                0x7ff668f0eeb8
                                                0x7ff668f0eebd
                                                0x7ff668f0eece
                                                0x7ff668f0eed4
                                                0x7ff668f0eedb
                                                0x7ff668f0eedf
                                                0x7ff668f0eee1
                                                0x7ff668f0eee5
                                                0x7ff668f0eee9
                                                0x7ff668f0eeeb
                                                0x7ff668f0eef8
                                                0x7ff668f0eef8
                                                0x7ff668f0ef00
                                                0x7ff668f0ef12
                                                0x7ff668f0ef19
                                                0x7ff668f0ef26
                                                0x7ff668f0ef28
                                                0x7ff668f0ef2c
                                                0x7ff668f0ef32
                                                0x7ff668f0ef34
                                                0x7ff668f0ef3f
                                                0x7ff668f0ef45
                                                0x7ff668f0ef50
                                                0x7ff668f0ef55
                                                0x7ff668f0ef5c
                                                0x7ff668f0ef68
                                                0x7ff668f0ef6a
                                                0x7ff668f0ef6e
                                                0x7ff668f0ef78
                                                0x7ff668f0ef7e
                                                0x7ff668f0ef80
                                                0x7ff668f0ef8b
                                                0x7ff668f0ef91
                                                0x7ff668f0ef99
                                                0x7ff668f0ef9b
                                                0x7ff668f0ef9e
                                                0x7ff668f0efa4
                                                0x7ff668f0efa6
                                                0x7ff668f0efb1
                                                0x7ff668f0efb8
                                                0x7ff668f0efbc
                                                0x7ff668f0efc6
                                                0x7ff668f0efc9
                                                0x7ff668f0efcc
                                                0x7ff668f0efd2
                                                0x7ff668f0efe8
                                                0x7ff668f0efed
                                                0x7ff668f0eff2
                                                0x7ff668f0eff7
                                                0x7ff668f0f015

                                                APIs
                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF668F0F288), ref: 00007FF668F0F0A3
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: InformationTimeZone
                                                • String ID: GMT Daylight Time$GMT Standard Time
                                                • API String ID: 565725191-2694882606
                                                • Opcode ID: a1951f06c5627574cf6876d27ee0e319c053a8170d2ae453e7b5f226a7e83d8c
                                                • Instruction ID: 314353f52d0c51b811b26e509e84f62f41416be622f7dce841711c5a9a9664d3
                                                • Opcode Fuzzy Hash: a1951f06c5627574cf6876d27ee0e319c053a8170d2ae453e7b5f226a7e83d8c
                                                • Instruction Fuzzy Hash: C0B1AF36B18642CAE760EF32D9611BA6771EF847D4F444135EA4DCBA86EF3CE4418788
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F0F02C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149timeCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 85%
                                                			E00007FF67FF668F0F02C(void* __eflags, signed int* __rax, long long __rbx, void* __rdx, void* __r8, signed int _a8, signed int _a16, signed int _a24, long long _a32) {
				void* __rsi;
				void* _t21;
				void* _t22;
				long _t28;
				intOrPtr _t31;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;
				void* _t40;
				void* _t41;
				void* _t42;
				signed int _t44;
				signed int _t53;
				intOrPtr _t63;
				intOrPtr _t64;
				signed int* _t67;
				long long _t73;
				void* _t90;
				void* _t93;

				_t90 = __r8;
				_t68 = __rbx;
				_t67 = __rax;
				_a32 = __rbx;
				_t22 = E00007FF67FF668F0DE18(_t21);
				_t84 = _t67;
				E00007FF67FF668F0DE20(_t22);
				_a8 = 0;
				_t85 = _t67;
				_a16 = 0;
				_a24 = 0;
				if (E00007FF67FF668F0DE88(_t67,  &_a8) != 0) goto 0x68f0f19f;
				if (E00007FF67FF668F0DE28(_t67,  &_a16) != 0) goto 0x68f0f19f;
				if (E00007FF67FF668F0DE58(_t67,  &_a24) != 0) goto 0x68f0f19f;
				_t73 =  *0x68fc65e0; // 0x0
				E00007FF67FF668F284E8(_t67, _t73);
				 *0x68fc65e0 = __rbx; // executed
				_t28 = GetTimeZoneInformation(??); // executed
				if (_t28 == 0xffffffff) goto 0x68f0f174;
				_t53 =  *0x68fc6600 * 0x3c;
				_t8 = _t68 + 1; // 0x1
				_t63 =  *0x68fc6646; // 0xa
				r8d =  *0x68fc6654; // 0x0
				 *0x68fc65f0 = _t8;
				_a8 = _t53;
				if (_t63 == 0) goto 0x68f0f0de;
				_a8 = r8d * 0x3c + _t53;
				_t64 =  *0x68fc669a; // 0x3
				if (_t64 == 0) goto 0x68f0f0f9;
				_t31 =  *0x68fc66a8; // 0xffffffc4
				if (_t31 == 0) goto 0x68f0f0f9;
				_t44 = (_t31 - r8d) * 0x3c;
				goto 0x68f0f0fb;
				_a24 = _t44;
				_a16 = _t44;
				r8d = 0x80;
				_t33 = E00007FF67FF668ED1330(_t31 - r8d, 0,  *_t67, __rdx, _t90);
				r8d = 0x80;
				_t34 = E00007FF67FF668ED1330(_t33, 0, _t67[2], __rdx, _t90);
				r8d = 0x40;
				_t35 = E00007FF67FF668ED1330(_t34, 0,  *_t67, __rdx, _t90);
				r8d = 0x40;
				E00007FF67FF668ED1330(_t35, 0, _t67[2], __rdx, _t90);
				_t37 = E00007FF67FF668F20448(_t67);
				r9d = _t37;
				E00007FF67FF668F0F2BC(__rbx, 0x68fc6604,  *_t67, _t85,  *_t67, _t93);
				r9d = _t37;
				_t40 = E00007FF67FF668F0DE10(E00007FF67FF668F0F2BC(_t68, 0x68fc6658, _t85[2], _t85, _t84[2], _t93));
				 *_t67 = _a8;
				_t41 = E00007FF67FF668F0DE00(_t40);
				 *_t67 = _a16;
				_t42 = E00007FF67FF668F0DE08(_t41);
				 *_t67 = _a24;
				return _t42;
			}























                                                0x7ff668f0f02c
                                                0x7ff668f0f02c
                                                0x7ff668f0f02c
                                                0x7ff668f0f02c
                                                0x7ff668f0f03b
                                                0x7ff668f0f040
                                                0x7ff668f0f043
                                                0x7ff668f0f04e
                                                0x7ff668f0f051
                                                0x7ff668f0f054
                                                0x7ff668f0f057
                                                0x7ff668f0f061
                                                0x7ff668f0f072
                                                0x7ff668f0f083
                                                0x7ff668f0f089
                                                0x7ff668f0f090
                                                0x7ff668f0f09c
                                                0x7ff668f0f0a3
                                                0x7ff668f0f0ac
                                                0x7ff668f0f0b2
                                                0x7ff668f0f0b9
                                                0x7ff668f0f0bc
                                                0x7ff668f0f0c3
                                                0x7ff668f0f0ca
                                                0x7ff668f0f0d0
                                                0x7ff668f0f0d3
                                                0x7ff668f0f0db
                                                0x7ff668f0f0de
                                                0x7ff668f0f0e5
                                                0x7ff668f0f0e7
                                                0x7ff668f0f0ef
                                                0x7ff668f0f0f4
                                                0x7ff668f0f0f7
                                                0x7ff668f0f0fb
                                                0x7ff668f0f100
                                                0x7ff668f0f10b
                                                0x7ff668f0f10e
                                                0x7ff668f0f117
                                                0x7ff668f0f11c
                                                0x7ff668f0f129
                                                0x7ff668f0f12e
                                                0x7ff668f0f137
                                                0x7ff668f0f13c
                                                0x7ff668f0f141
                                                0x7ff668f0f153
                                                0x7ff668f0f158
                                                0x7ff668f0f16c
                                                0x7ff668f0f177
                                                0x7ff668f0f17c
                                                0x7ff668f0f181
                                                0x7ff668f0f186
                                                0x7ff668f0f18b
                                                0x7ff668f0f190
                                                0x7ff668f0f19e

                                                APIs
                                                  • Part of subcall function 00007FF668F284E8: HeapFree.KERNEL32(?,?,?,00007FF668F3A138,?,?,?,00007FF668F3A55B,?,?,?,00007FF668F3ACF4,?,?,?,00007FF668F3AC27), ref: 00007FF668F284FE
                                                  • Part of subcall function 00007FF668F284E8: GetLastError.KERNEL32(?,?,?,00007FF668F3A138,?,?,?,00007FF668F3A55B,?,?,?,00007FF668F3ACF4,?,?,?,00007FF668F3AC27), ref: 00007FF668F28510
                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF668F0F288), ref: 00007FF668F0F0A3
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorFreeHeapInformationLastTimeZone
                                                • String ID: GMT Daylight Time$GMT Standard Time
                                                • API String ID: 3335090040-2694882606
                                                • Opcode ID: 49698f6b3f580a54e06ccf3a22910a659152a5fd7cfb6307fa4a730a7c236f6a
                                                • Instruction ID: 13557c42f478475fc55590d07e7e88fa715e20930ce6c53a00681c09cd186c8e
                                                • Opcode Fuzzy Hash: 49698f6b3f580a54e06ccf3a22910a659152a5fd7cfb6307fa4a730a7c236f6a
                                                • Instruction Fuzzy Hash: 09617F32A18642CAE760EF31E9915BA6770FF487C4F444139EA4DCBA96DF3CE4418788
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E96730 Relevance: 83.0, APIs: 10, Strings: 37, Instructions: 712libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: InfoSystem$NativeVersion$AddressHandleModuleProc
                                                • String ID: 32bit$ 64bit$%s (Build %d)$003 $003 $008 $012 $10 $2000$2000 $8.1 $GetNativeSystemInfo$GetProductInfo$S10TP$S2003 $S2008$S2012$Vista$Vista $Win10$Win7$Win8$Win8.1$Windows$XP $XP 64$ion $ion $kernel32.dll$on $on $onal $tems $tems $tion $tion $ver
                                                • API String ID: 2282870941-2004042463
                                                • Opcode ID: dd701324b85140d45c7b4cd34103eaf87e73d30d425c6299aabed9904fc47a90
                                                • Instruction ID: 5c32ac39cc71bb40939cd7a388fb6834f190540ea5ca2687e939277926b5e06f
                                                • Opcode Fuzzy Hash: dd701324b85140d45c7b4cd34103eaf87e73d30d425c6299aabed9904fc47a90
                                                • Instruction Fuzzy Hash: 3892293290D782D6EB11CF38C4403B87BB1EF66748F58C122D64D8A1A1EF7EA58AC755
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD9B50 Relevance: 35.4, APIs: 12, Strings: 8, Instructions: 382stringfileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 412 7ff668dd9b50-7ff668dd9b78 413 7ff668dd9b7a-7ff668dd9b87 412->413 414 7ff668dd9b89-7ff668dd9b8b 412->414 413->414 415 7ff668dd9b90-7ff668dd9b9c 413->415 416 7ff668dda386-7ff668dda38d 414->416 417 7ff668dd9ba2-7ff668dd9bc1 call 7ff668ddd8d0 415->417 418 7ff668dda33e-7ff668dda37d 415->418 422 7ff668dd9c03-7ff668dd9c31 call 7ff668e9cb24 417->422 423 7ff668dd9bc3-7ff668dd9c01 call 7ff668e9cb24 417->423 419 7ff668dda382 418->419 419->416 427 7ff668dd9c36-7ff668dd9c52 lstrlenA 422->427 423->427 428 7ff668dd9d57-7ff668dd9df6 call 7ff668dd7fe0 call 7ff668ddd8d0 call 7ff668e9cb24 call 7ff668ddd8d0 call 7ff668de6f70 427->428 429 7ff668dd9c58-7ff668dd9ca4 call 7ff668dd7fe0 call 7ff668ddd8d0 call 7ff668de6950 427->429 450 7ff668dda083-7ff668dda124 call 7ff668ddd8d0 lstrcatA call 7ff668de7130 call 7ff668ddd8d0 lstrcatA call 7ff668de7130 428->450 451 7ff668dd9dfc-7ff668dd9e04 428->451 441 7ff668dd9ca9-7ff668dd9d52 call 7ff668ddd8d0 lstrcatA call 7ff668de6fd0 call 7ff668ddd8d0 lstrcatA call 7ff668de6fd0 429->441 466 7ff668dda267-7ff668dda273 441->466 450->466 489 7ff668dda12a-7ff668dda132 450->489 453 7ff668dd9e53-7ff668dd9e8e call 7ff668e9cb24 451->453 454 7ff668dd9e06-7ff668dd9e51 call 7ff668e9cb24 451->454 464 7ff668dd9e93-7ff668dd9eed lstrlenA call 7ff668ddd8d0 call 7ff668de6f70 453->464 454->464 483 7ff668dd9ef3-7ff668dd9efd call 7ff668de6620 464->483 484 7ff668dd9ff4-7ff668dd9ffc 464->484 470 7ff668dda275-7ff668dda2a2 MapViewOfFile 466->470 471 7ff668dda2a6-7ff668dda2b3 466->471 470->471 474 7ff668dda2b5-7ff668dda2c2 471->474 475 7ff668dda2e0 471->475 474->475 479 7ff668dda2c4-7ff668dda2d1 474->479 476 7ff668dda2eb-7ff668dda2fe 475->476 480 7ff668dda32f-7ff668dda337 call 7ff668dda390 476->480 481 7ff668dda300-7ff668dda30a 476->481 479->475 485 7ff668dda2d3-7ff668dda2de 479->485 495 7ff668dda33c 480->495 486 7ff668dda32d 481->486 487 7ff668dda30c-7ff668dda328 call 7ff668ed1330 481->487 483->484 504 7ff668dd9f03-7ff668dd9f1c call 7ff668dd9990 483->504 490 7ff668dda03e-7ff668dda06c call 7ff668e9cb24 484->490 491 7ff668dd9ffe-7ff668dda03c call 7ff668e9cb24 484->491 485->476 486->495 487->486 496 7ff668dda134-7ff668dda17f call 7ff668e9cb24 489->496 497 7ff668dda181-7ff668dda1bc call 7ff668e9cb24 489->497 501 7ff668dda071-7ff668dda07c lstrlenA 490->501 491->501 495->419 506 7ff668dda1c1-7ff668dda263 lstrlenA call 7ff668ddd8d0 lstrcatA call 7ff668de7130 call 7ff668ddd8d0 lstrcatA call 7ff668de7130 496->506 497->506 501->450 504->484 510 7ff668dd9f22-7ff668dd9fe4 call 7ff668e9cb24 * 2 lstrlenA call 7ff668ddd8d0 call 7ff668de6f70 504->510 506->466 525 7ff668dd9fe9-7ff668dd9ff1 510->525 525->484
                                                C-Code - Quality: 45%
                                                			E00007FF67FF668DD9B50(signed int __ecx, long long __rdx, signed int _a8, void* _a16, long long _a24, intOrPtr _a32, long long* _a40, long long _a48) {
				long long _v24;
				char _v296;
				char _v568;
				char _v592;
				int _v600;
				char _v952;
				char _v976;
				signed int _v984;
				intOrPtr _v992;
				intOrPtr _v1000;
				long long _v1008;
				long long _v1016;
				void* _t232;
				long long _t338;
				long long _t340;
				long long _t342;
				long long _t344;
				long long _t351;
				long long _t357;
				long long _t361;
				long long _t363;
				long long _t370;
				long long _t372;
				void* _t466;

				_t291 = __ecx;
				_a32 = r9d;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __ecx;
				_v984 = 0;
				if (_a16 == 0) goto 0x68dd9b89;
				if ( *_a16 != 0) goto 0x68dd9b90;
				goto 0x68dda386;
				if ( *((intOrPtr*)(_a40 + 0x10)) <= 0) goto 0x68dda33e;
				r8d = 0x10;
				E00007FF67FF668DDD8D0(0x68f5ce18,  &_v976);
				if (_a32 == 0) goto 0x68dd9c03;
				_v1000 = _a32;
				_v1008 = _a24;
				_v1016 =  &_v976;
				E00007FF67FF668E9CB24(__ecx,  &_v976,  &_v952,  &_v976, "%s%s%d$%x", _a16);
				goto 0x68dd9c36;
				_v1008 = _a24;
				_v1016 =  &_v976;
				_t468 = "%s%s%d";
				E00007FF67FF668E9CB24(__ecx,  &_v976,  &_v952,  &_v976, "%s%s%d", _a16);
				_v600 = lstrlenA(??);
				if ((_a8 & 0x000000ff) == 0) goto 0x68dd9d57;
				E00007FF67FF668DD7FE0(_a8 & 0x000000ff, L"InitIpcAnswer: Creating Answer file mapping.  name=%S\n",  &_v952, "%s%s%d", _a16);
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5cd8c, _t466 + _v600 + 0x60);
				r9d = 0;
				r8d = 1;
				_t338 = _a40;
				E00007FF67FF668DE6950(__ecx,  *((intOrPtr*)(_t338 + 0x10)), _t338,  &_v952, "%s%s%d"); // executed
				 *_a40 = _t338;
				_t340 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5ce04, _t340);
				lstrcatA(??, ??);
				r8d = 0;
				E00007FF67FF668DE6FD0(__ecx, 0,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x18)) = _t340;
				_t342 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5ce04, _t342);
				lstrcatA(??, ??);
				r8d = 0;
				_t232 = E00007FF67FF668DE6FD0(_t291, 0,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x20)) = _t342;
				goto 0x68dda267;
				E00007FF67FF668DD7FE0(_t232, L"InitIpcAnswer: Opening existing answer file mapping.  name=%S\n",  &_v952, _t468, _a16);
				r8d = 0x10;
				E00007FF67FF668DDD8D0(0x68f5cdf0,  &_v592);
				_v1016 = _a48;
				E00007FF67FF668E9CB24(_t291, _t342,  &_v568,  &_v592, "%s%d\\",  &_v592);
				_t344 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5cd8c, _t344);
				E00007FF67FF668DE6F70(1,  &_v952); // executed
				 *_a40 = _t344;
				if ( *_a40 != 0) goto 0x68dda083;
				if (_a32 == 0) goto 0x68dd9e53;
				_v992 = _a32;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				E00007FF67FF668E9CB24(_t291, _a16,  &_v952, _t344, "%s%s%s%d$%x",  &_v568);
				goto 0x68dd9e93;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				E00007FF67FF668E9CB24(_t291, _a16,  &_v952, _t344, "%s%s%s%d",  &_v568);
				_v600 = lstrlenA(??);
				_t351 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5cd8c, _t351);
				E00007FF67FF668DE6F70(1,  &_v952); // executed
				 *_a40 = _t351;
				if ( *_a40 != 0) goto 0x68dd9ff4;
				E00007FF67FF668DE6620();
				if (0 == 0) goto 0x68dd9ff4;
				_t292 = _a32;
				E00007FF67FF668DD9990(_a32, _a40,  &_v296); // executed
				if (0 == 0) goto 0x68dd9ff4;
				_v1008 =  &_v296;
				_v1016 = _a48;
				E00007FF67FF668E9CB24(_a32,  &_v296,  &_v568,  &_v296, "%s%d\\%s\\",  &_v592);
				_v992 = _a32;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				E00007FF67FF668E9CB24(_a32, _a16,  &_v952,  &_v296, "%s%s%s%d$%x",  &_v568);
				_v600 = lstrlenA(??);
				_t357 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5cd8c, _t357);
				E00007FF67FF668DE6F70(1,  &_v952); // executed
				 *_a40 = _t357;
				if (_a32 == 0) goto 0x68dda03e;
				_v1000 = _a32;
				_v1008 = _a24;
				_v1016 =  &_v976;
				E00007FF67FF668E9CB24(_a32,  &_v976,  &_v952, _t357, "%s%s%d$%x", _a16);
				goto 0x68dda071;
				_v1008 = _a24;
				_v1016 =  &_v976;
				E00007FF67FF668E9CB24(_a32,  &_v976,  &_v952, _t357, "%s%s%d", _a16);
				_v600 = lstrlenA(??);
				_t361 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5ce04, _t361);
				lstrcatA(??, ??);
				E00007FF67FF668DE7130(_t292, 0x15e,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x18)) = _t361;
				_t363 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5ce04, _t363);
				lstrcatA(??, ??);
				E00007FF67FF668DE7130(_t292, 0x15e,  &_v952, "%s%s%d");
				 *((long long*)(_a40 + 0x20)) = _t363;
				if ( *((long long*)(_a40 + 0x18)) != 0) goto 0x68dda267;
				if (_a32 == 0) goto 0x68dda181;
				_v992 = _a32;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				E00007FF67FF668E9CB24(_t292, _a16,  &_v952, "2", "%s%s%s%d$%x",  &_v568);
				goto 0x68dda1c1;
				_v1000 = _a24;
				_v1008 =  &_v976;
				_v1016 = _a16;
				E00007FF67FF668E9CB24(_t292, _a16,  &_v952, "2", "%s%s%s%d",  &_v568);
				_v600 = lstrlenA(??);
				_t370 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5ce04, _t370);
				lstrcatA(??, ??);
				E00007FF67FF668DE7130(_t292, 0x15e,  &_v952, "%s%s%s%d");
				 *((long long*)(_a40 + 0x18)) = _t370;
				_t372 = _t466 + _v600 + 0x60;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5ce04, _t372);
				lstrcatA(??, ??);
				E00007FF67FF668DE7130(_t292, 0x15e,  &_v952, "%s%s%s%d");
				 *((long long*)(_a40 + 0x20)) = _t372;
				if ( *_a40 == 0) goto 0x68dda2a6;
				_v1016 = 0;
				r9d = 0;
				r8d = 0;
				MapViewOfFile(??, ??, ??, ??, ??); // executed
				 *((long long*)(_a40 + 8)) = _a40;
				if ( *((long long*)(_a40 + 0x18)) == 0) goto 0x68dda2e0;
				if ( *((long long*)(_a40 + 0x20)) == 0) goto 0x68dda2e0;
				if ( *((long long*)(_a40 + 8)) == 0) goto 0x68dda2e0;
				_v24 = 1;
				goto 0x68dda2eb;
				_v24 = 0;
				_v984 = 0;
				if ((_v984 & 0x000000ff) == 0) goto 0x68dda32f;
				if ((_a8 & 0x000000ff) == 0) goto 0x68dda32d;
				E00007FF67FF668ED1330( *((intOrPtr*)(_a40 + 0x10)), 0,  *((intOrPtr*)(_a40 + 8)), "2", _a40);
				goto 0x68dda33c;
				E00007FF67FF668DDA390(_a40);
				goto 0x68dda382;
				 *_a40 = 0;
				 *((long long*)(_a40 + 8)) = 0;
				 *((long long*)(_a40 + 0x18)) = 0;
				 *((long long*)(_a40 + 0x20)) = 0;
				_v984 = 1;
				return _v984;
			}



























                                                0x7ff668dd9b50
                                                0x7ff668dd9b50
                                                0x7ff668dd9b55
                                                0x7ff668dd9b5a
                                                0x7ff668dd9b5f
                                                0x7ff668dd9b6a
                                                0x7ff668dd9b78
                                                0x7ff668dd9b87
                                                0x7ff668dd9b8b
                                                0x7ff668dd9b9c
                                                0x7ff668dd9ba2
                                                0x7ff668dd9bb4
                                                0x7ff668dd9bc1
                                                0x7ff668dd9bca
                                                0x7ff668dd9bd5
                                                0x7ff668dd9bde
                                                0x7ff668dd9bfc
                                                0x7ff668dd9c01
                                                0x7ff668dd9c0a
                                                0x7ff668dd9c13
                                                0x7ff668dd9c20
                                                0x7ff668dd9c31
                                                0x7ff668dd9c41
                                                0x7ff668dd9c52
                                                0x7ff668dd9c64
                                                0x7ff668dd9c76
                                                0x7ff668dd9c86
                                                0x7ff668dd9c8b
                                                0x7ff668dd9c8e
                                                0x7ff668dd9c94
                                                0x7ff668dd9ca4
                                                0x7ff668dd9cb1
                                                0x7ff668dd9cbc
                                                0x7ff668dd9cc1
                                                0x7ff668dd9cd1
                                                0x7ff668dd9ce2
                                                0x7ff668dd9ce8
                                                0x7ff668dd9cf2
                                                0x7ff668dd9cff
                                                0x7ff668dd9d0b
                                                0x7ff668dd9d10
                                                0x7ff668dd9d20
                                                0x7ff668dd9d31
                                                0x7ff668dd9d37
                                                0x7ff668dd9d41
                                                0x7ff668dd9d4e
                                                0x7ff668dd9d52
                                                0x7ff668dd9d63
                                                0x7ff668dd9d68
                                                0x7ff668dd9d7d
                                                0x7ff668dd9d89
                                                0x7ff668dd9da9
                                                0x7ff668dd9db6
                                                0x7ff668dd9dbb
                                                0x7ff668dd9dcb
                                                0x7ff668dd9dda
                                                0x7ff668dd9de7
                                                0x7ff668dd9df6
                                                0x7ff668dd9e04
                                                0x7ff668dd9e0d
                                                0x7ff668dd9e18
                                                0x7ff668dd9e21
                                                0x7ff668dd9e2e
                                                0x7ff668dd9e4c
                                                0x7ff668dd9e51
                                                0x7ff668dd9e5a
                                                0x7ff668dd9e63
                                                0x7ff668dd9e70
                                                0x7ff668dd9e8e
                                                0x7ff668dd9e9e
                                                0x7ff668dd9ead
                                                0x7ff668dd9eb2
                                                0x7ff668dd9ec2
                                                0x7ff668dd9ed1
                                                0x7ff668dd9ede
                                                0x7ff668dd9eed
                                                0x7ff668dd9ef3
                                                0x7ff668dd9efd
                                                0x7ff668dd9f0b
                                                0x7ff668dd9f12
                                                0x7ff668dd9f1c
                                                0x7ff668dd9f2a
                                                0x7ff668dd9f36
                                                0x7ff668dd9f56
                                                0x7ff668dd9f62
                                                0x7ff668dd9f6d
                                                0x7ff668dd9f76
                                                0x7ff668dd9f83
                                                0x7ff668dd9fa1
                                                0x7ff668dd9fb1
                                                0x7ff668dd9fc0
                                                0x7ff668dd9fc5
                                                0x7ff668dd9fd5
                                                0x7ff668dd9fe4
                                                0x7ff668dd9ff1
                                                0x7ff668dd9ffc
                                                0x7ff668dda005
                                                0x7ff668dda010
                                                0x7ff668dda019
                                                0x7ff668dda037
                                                0x7ff668dda03c
                                                0x7ff668dda045
                                                0x7ff668dda04e
                                                0x7ff668dda06c
                                                0x7ff668dda07c
                                                0x7ff668dda08b
                                                0x7ff668dda090
                                                0x7ff668dda0a0
                                                0x7ff668dda0b1
                                                0x7ff668dda0bc
                                                0x7ff668dda0c9
                                                0x7ff668dda0d5
                                                0x7ff668dda0da
                                                0x7ff668dda0ea
                                                0x7ff668dda0fb
                                                0x7ff668dda106
                                                0x7ff668dda113
                                                0x7ff668dda124
                                                0x7ff668dda132
                                                0x7ff668dda13b
                                                0x7ff668dda146
                                                0x7ff668dda14f
                                                0x7ff668dda15c
                                                0x7ff668dda17a
                                                0x7ff668dda17f
                                                0x7ff668dda188
                                                0x7ff668dda191
                                                0x7ff668dda19e
                                                0x7ff668dda1bc
                                                0x7ff668dda1cc
                                                0x7ff668dda1db
                                                0x7ff668dda1e0
                                                0x7ff668dda1f0
                                                0x7ff668dda201
                                                0x7ff668dda20c
                                                0x7ff668dda219
                                                0x7ff668dda225
                                                0x7ff668dda22a
                                                0x7ff668dda23a
                                                0x7ff668dda24b
                                                0x7ff668dda256
                                                0x7ff668dda263
                                                0x7ff668dda273
                                                0x7ff668dda275
                                                0x7ff668dda27e
                                                0x7ff668dda281
                                                0x7ff668dda294
                                                0x7ff668dda2a2
                                                0x7ff668dda2b3
                                                0x7ff668dda2c2
                                                0x7ff668dda2d1
                                                0x7ff668dda2d3
                                                0x7ff668dda2de
                                                0x7ff668dda2e0
                                                0x7ff668dda2f3
                                                0x7ff668dda2fe
                                                0x7ff668dda30a
                                                0x7ff668dda328
                                                0x7ff668dda32d
                                                0x7ff668dda337
                                                0x7ff668dda33c
                                                0x7ff668dda346
                                                0x7ff668dda355
                                                0x7ff668dda365
                                                0x7ff668dda375
                                                0x7ff668dda37d
                                                0x7ff668dda38d

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: lstrcat$lstrlen$ErrorLast$CloseHandle$FileView$Unmap
                                                • String ID: %s%d\$%s%d\%s\$%s%s%d$%s%s%d$%x$%s%s%s%d$%s%s%s%d$%x$InitIpcAnswer: Creating Answer file mapping. name=%S$InitIpcAnswer: Opening existing answer file mapping. name=%S
                                                • API String ID: 3776462660-1343440147
                                                • Opcode ID: a77844890bcd0c174544e17d3be48501995c0a2a553506158a35668cc725925f
                                                • Instruction ID: c34ed575058d9e8bcbad5542714a1c5997940b7f665d2c01a27c9cc94d7090a7
                                                • Opcode Fuzzy Hash: a77844890bcd0c174544e17d3be48501995c0a2a553506158a35668cc725925f
                                                • Instruction Fuzzy Hash: A5220C72619B85D5EB20DB35E4403AAB7B0FB84344F804136E68D8BB69DF3DD548CB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD8740 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 221memorysynchronizationthreadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 573 7ff668dd8740-7ff668dd8755 574 7ff668dd875d-7ff668dd8762 573->574 575 7ff668dd8bb4-7ff668dd8bbd 574->575 576 7ff668dd8768-7ff668dd878b WaitForSingleObject 574->576 577 7ff668dd8792-7ff668dd87bf EnterCriticalSection 576->577 578 7ff668dd878d 576->578 579 7ff668dd87c1-7ff668dd87d8 577->579 580 7ff668dd87dc-7ff668dd87eb LeaveCriticalSection 577->580 578->575 579->580 581 7ff668dd87f1-7ff668dd87f7 580->581 582 7ff668dd8a30-7ff668dd8a3c 581->582 583 7ff668dd87fd-7ff668dd8805 581->583 585 7ff668dd8a43-7ff668dd8a76 582->585 586 7ff668dd8a3e 582->586 584 7ff668dd8812-7ff668dd8830 583->584 587 7ff668dd88cf-7ff668dd88d5 584->587 588 7ff668dd8836-7ff668dd8860 584->588 590 7ff668dd8baf 585->590 591 7ff668dd8a7c-7ff668dd8a81 585->591 586->575 594 7ff668dd8a2b 587->594 595 7ff668dd88db-7ff668dd8900 587->595 592 7ff668dd8862-7ff668dd88c8 SetEvent 588->592 593 7ff668dd88ca 588->593 590->574 596 7ff668dd8a83-7ff668dd8a88 591->596 597 7ff668dd8a8e-7ff668dd8abe 591->597 592->587 593->584 594->581 599 7ff668dd89fc-7ff668dd8a02 595->599 600 7ff668dd8906-7ff668dd89ac LocalAlloc call 7ff668ddb620 CreateEventW CreateThread 595->600 596->597 601 7ff668dd8baa 596->601 597->601 602 7ff668dd8ac4-7ff668dd8b0e GetTickCount 597->602 599->594 603 7ff668dd8a04-7ff668dd8a27 WaitForSingleObject 599->603 608 7ff668dd89ae-7ff668dd89c7 SetThreadPriority 600->608 609 7ff668dd89c9-7ff668dd89f7 CloseHandle LocalFree call 7ff668ddb740 600->609 602->601 605 7ff668dd8b14-7ff668dd8ba5 call 7ff668dd7fe0 SetEvent call 7ff668ddb7e0 602->605 603->594 606 7ff668dd8a29 603->606 605->601 606->582 608->599 609->599
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CreateCriticalEventSection$AllocEnterLeaveLocalObjectSingleThreadWait
                                                • String ID: Dispatch thread: Removing idle thread from worker pool
                                                • API String ID: 3859977208-3158692423
                                                • Opcode ID: 7d59c1f4d3895bd0bd333589b4f75440f54afd6977aba81e33d57fad430b6780
                                                • Instruction ID: f4d7c36ea6257fb7cd9012d7a85bc49e60b23630d72d3028055fd98a5da2551f
                                                • Opcode Fuzzy Hash: 7d59c1f4d3895bd0bd333589b4f75440f54afd6977aba81e33d57fad430b6780
                                                • Instruction Fuzzy Hash: FBC1C836618B85C6DB60CB6AE48436EB7B0FBC8B84F105526DA8D87768CF3DD449CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD72D0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 174libraryloadermemoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Free$AddressProc$AllocateInitializeLibraryLocal$Load
                                                • String ID: 41#4%<fg{199U
                                                • API String ID: 2943476830-644288483
                                                • Opcode ID: 70781ce6cd9d3f61ba4326bef274ed2bac387456112f7569cec5e8808cd91c58
                                                • Instruction ID: b771b9c1115e5dfe67999a3e741d8240e2b29e7313fbbe2fdfcc97df729041f7
                                                • Opcode Fuzzy Hash: 70781ce6cd9d3f61ba4326bef274ed2bac387456112f7569cec5e8808cd91c58
                                                • Instruction Fuzzy Hash: F1A1C372618AC1D6E7B08F21E49479AB7B0FB84784F004129D6CD8BAA9DF7DD548CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DDA5D0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 115synchronizationfileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                C-Code - Quality: 21%
                                                			E00007FF67FF668DDA5D0(long long __rax) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				intOrPtr _v64;
				long long _v72;
				long long _v80;
				char _v120;
				char _v136;
				char _v144;
				char _v160;
				char _v200;
				long long _v208;
				long long _v216;
				void* _t44;
				long long _t86;
				intOrPtr* _t87;
				intOrPtr _t110;

				_t86 = __rax;
				if ( *0x68fc5618 != 0) goto 0x68dda84d;
				E00007FF67FF668DDE080(E00007FF67FF668DDE080(_t44,  &_v200),  &_v120);
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5cdfc,  &_v144);
				_v56 = _t86;
				_v48 = GetCurrentProcessId();
				r8d = 0x10;
				E00007FF67FF668DDD8D0(0x68f5ce24,  &_v160);
				_v40 = _t86;
				r8d = 0x10;
				E00007FF67FF668DDD8D0(0x68f5ce0c,  &_v136);
				_v208 = _v56;
				_v216 = _v48;
				E00007FF67FF668DDF640(E00007FF67FF668DDF490( &_v200, L"%S%S$%x%S", _t86, _v40),  &_v200);
				CreateMutexW(??, ??, ??); // executed
				_v80 = _t86;
				if (_v80 == 0) goto 0x68dda836;
				WaitForSingleObject(??, ??);
				_v32 = GetCurrentProcessId();
				r8d = 0x10;
				E00007FF67FF668DDD8D0(0x68f5ce24,  &_v160);
				_v24 = _t86;
				r8d = 0x10;
				E00007FF67FF668DDD8D0(0x68f5ce0c,  &_v136);
				_v216 = _v32;
				E00007FF67FF668DDF640(E00007FF67FF668DDF490( &_v120, L"%S%S$%x", _t86, _v24),  &_v120);
				_v208 = _t86;
				_v216 = 4;
				r9d = 0;
				r8d = 4;
				CreateFileMappingW(??, ??, ??, ??, ??, ??); // executed
				_v72 = _t86;
				if (_v72 == 0) goto 0x68dda81a;
				if (GetLastError() == 0xb7) goto 0x68dda7a9;
				_v16 = 1;
				goto 0x68dda7b4;
				_v16 = 0;
				_v64 = _v16;
				_v216 = 0;
				r9d = 0;
				r8d = 0;
				MapViewOfFile(??, ??, ??, ??, ??); // executed
				 *0x68fc5618 = _t86;
				if (_v64 == 0) goto 0x68dda80c;
				if ( *0x68fc5618 == 0) goto 0x68dda80c;
				_t87 =  *0x68fc5618; // 0x2253f940000
				 *_t87 = 0;
				FindCloseChangeNotification(??); // executed
				ReleaseMutex(??);
				CloseHandle(??);
				E00007FF67FF668DDE460( &_v120);
				E00007FF67FF668DDE460( &_v200);
				if ( *0x68fc5618 == 0) goto 0x68dda867;
				_t110 =  *0x68fc5618; // 0x2253f940000
				E00007FF67FF668DDA880(_t110);
				goto 0x68dda869;
				return 0;
			}























                                                0x7ff668dda5d0
                                                0x7ff668dda5df
                                                0x7ff668dda5f7
                                                0x7ff668dda5fc
                                                0x7ff668dda60e
                                                0x7ff668dda613
                                                0x7ff668dda621
                                                0x7ff668dda628
                                                0x7ff668dda63a
                                                0x7ff668dda63f
                                                0x7ff668dda647
                                                0x7ff668dda659
                                                0x7ff668dda666
                                                0x7ff668dda672
                                                0x7ff668dda69a
                                                0x7ff668dda6a6
                                                0x7ff668dda6ac
                                                0x7ff668dda6bd
                                                0x7ff668dda6d0
                                                0x7ff668dda6dc
                                                0x7ff668dda6e3
                                                0x7ff668dda6f5
                                                0x7ff668dda6fa
                                                0x7ff668dda702
                                                0x7ff668dda714
                                                0x7ff668dda720
                                                0x7ff668dda74e
                                                0x7ff668dda753
                                                0x7ff668dda758
                                                0x7ff668dda760
                                                0x7ff668dda763
                                                0x7ff668dda772
                                                0x7ff668dda778
                                                0x7ff668dda789
                                                0x7ff668dda79a
                                                0x7ff668dda79c
                                                0x7ff668dda7a7
                                                0x7ff668dda7a9
                                                0x7ff668dda7bb
                                                0x7ff668dda7c2
                                                0x7ff668dda7cb
                                                0x7ff668dda7ce
                                                0x7ff668dda7de
                                                0x7ff668dda7e4
                                                0x7ff668dda7f3
                                                0x7ff668dda7fd
                                                0x7ff668dda7ff
                                                0x7ff668dda806
                                                0x7ff668dda814
                                                0x7ff668dda822
                                                0x7ff668dda830
                                                0x7ff668dda83e
                                                0x7ff668dda848
                                                0x7ff668dda855
                                                0x7ff668dda857
                                                0x7ff668dda85e
                                                0x7ff668dda865
                                                0x7ff668dda870

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CloseCreateCurrentFileMutexProcess$ChangeErrorFindHandleLastMappingNotificationObjectReleaseSingleViewWait
                                                • String ID: %S%S$%x$%S%S$%x%S
                                                • API String ID: 1868983480-81248443
                                                • Opcode ID: 1aee1f823dce3be5c686984bc740502b8bc8446c281f2855fe24a21cb27572de
                                                • Instruction ID: 4322cc52e08ee4a01c409a0438beaa1f3f099058ff803e63124d03cabae86ed6
                                                • Opcode Fuzzy Hash: 1aee1f823dce3be5c686984bc740502b8bc8446c281f2855fe24a21cb27572de
                                                • Instruction Fuzzy Hash: 8D61FA31A18A82D2E760DB30E4447AA6370FF84794F408236D58E8BAA5DF7CD548CB59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD9990 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84librarymemoryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CloseHandleLocalOpenProcess$AddressAllocChangeContainerFindFreeModuleNamedNotificationObjectPathProcToken
                                                • String ID: GetAppContainerNamedObjectPath$kernelbase.dll
                                                • API String ID: 2961208496-3458540933
                                                • Opcode ID: 74a11f496d0f8fc8468f624b53228d9506efc05de08c0337b81540f98b338382
                                                • Instruction ID: 41985d047a4b8b153a7d29d4d33237ff4e1a9c0ac47da03b83ee6899d815c9a5
                                                • Opcode Fuzzy Hash: 74a11f496d0f8fc8468f624b53228d9506efc05de08c0337b81540f98b338382
                                                • Instruction Fuzzy Hash: F141E931A1CA86C1E7609B75E4583AAA7B0FFC5784F404235DA8E8B7A9DF3DD448CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E11CF0 Relevance: 18.1, APIs: 12, Instructions: 125COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: htonl
                                                • String ID:
                                                • API String ID: 2009864989-0
                                                • Opcode ID: 471a6efb0f4ee218f46eb07636cc69f771bc947363cd053ad18a130205095da5
                                                • Instruction ID: b11134c5088e0db5f6e7a7152a64ede144a6557221da71d6f2da0b9d0ab9cd3a
                                                • Opcode Fuzzy Hash: 471a6efb0f4ee218f46eb07636cc69f771bc947363cd053ad18a130205095da5
                                                • Instruction Fuzzy Hash: 7B511A76A08282DBEB14AFB5D2911BD7771FF54780F405036EB898B685DF78E4A1CB08
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E11180 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 276COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 775 7ff668e11180-7ff668e111d9 call 7ff668f0fbcc 778 7ff668e111db-7ff668e111de 775->778 779 7ff668e111e3-7ff668e11215 call 7ff668f17144 call 7ff668f0f728 775->779 781 7ff668e11584-7ff668e115a0 call 7ff668e9d970 778->781 787 7ff668e11217-7ff668e1121c 779->787 788 7ff668e11221-7ff668e11224 779->788 789 7ff668e11524 787->789 790 7ff668e11226-7ff668e1122b 788->790 791 7ff668e11230-7ff668e11270 call 7ff668e00f40 788->791 792 7ff668e11528-7ff668e11537 789->792 790->789 798 7ff668e11276-7ff668e1127c 791->798 799 7ff668e1151f 791->799 794 7ff668e11539-7ff668e1153e call 7ff668e9dddc 792->794 795 7ff668e11543-7ff668e1154a 792->795 794->795 800 7ff668e1154c-7ff668e1154f call 7ff668f14354 795->800 801 7ff668e11554-7ff668e11557 795->801 802 7ff668e11283-7ff668e1128f 798->802 799->789 800->801 804 7ff668e11559-7ff668e1155c call 7ff668f14354 801->804 805 7ff668e11561-7ff668e11570 801->805 802->799 808 7ff668e11295-7ff668e11299 802->808 804->805 806 7ff668e1157a-7ff668e1157d call 7ff668f0f674 805->806 807 7ff668e11572-7ff668e11575 call 7ff668f14354 805->807 813 7ff668e11582 806->813 807->806 808->802 812 7ff668e1129b-7ff668e112b3 call 7ff668f1434c 808->812 816 7ff668e112bd-7ff668e112de call 7ff668f17144 call 7ff668f0f728 812->816 817 7ff668e112b5-7ff668e112b8 812->817 813->781 822 7ff668e112ea-7ff668e112f1 816->822 823 7ff668e112e0-7ff668e112e5 816->823 817->792 824 7ff668e112fd-7ff668e11332 call 7ff668e110c0 822->824 825 7ff668e112f3-7ff668e112f8 822->825 823->792 828 7ff668e1133e-7ff668e11342 824->828 829 7ff668e11334-7ff668e11339 824->829 825->792 830 7ff668e1134e-7ff668e113ed call 7ff668e99a31 call 7ff668e99a37 htons * 3 htonl * 5 call 7ff668f1434c 828->830 831 7ff668e11344-7ff668e11349 828->831 829->792 838 7ff668e113f7-7ff668e11418 call 7ff668f17144 call 7ff668f0f728 830->838 839 7ff668e113ef-7ff668e113f2 830->839 831->792 844 7ff668e1141a-7ff668e1141f 838->844 845 7ff668e11424-7ff668e1142b 838->845 839->792 844->792 846 7ff668e11437-7ff668e1145a call 7ff668e110c0 845->846 847 7ff668e1142d-7ff668e11432 845->847 849 7ff668e1145f-7ff668e11461 846->849 847->792 850 7ff668e1146d-7ff668e11481 849->850 851 7ff668e11463-7ff668e11468 849->851 852 7ff668e11487-7ff668e1149d call 7ff668f1434c 850->852 853 7ff668e11518-7ff668e1151d 850->853 851->792 856 7ff668e114a7-7ff668e114c8 call 7ff668f17144 call 7ff668f0f728 852->856 857 7ff668e1149f-7ff668e114a2 852->857 853->792 862 7ff668e114ca-7ff668e114cf 856->862 863 7ff668e114d1-7ff668e114d8 856->863 857->792 862->792 864 7ff668e114da-7ff668e114df 863->864 865 7ff668e114e1-7ff668e1150f call 7ff668e110c0 863->865 864->792 865->853 868 7ff668e11511-7ff668e11516 865->868 868->792
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %4s%04hd%04hd%08d%08d%08d$lcd&
                                                • API String ID: 0-279038762
                                                • Opcode ID: 1491a448b6b83c5a35cf9c1f1f0357b63292ff05a73aca9024171472601ea632
                                                • Instruction ID: a1c972075257d9f31f6d57a4a50b1a04c2c37dc00bce5dc4297c51c271f5c29b
                                                • Opcode Fuzzy Hash: 1491a448b6b83c5a35cf9c1f1f0357b63292ff05a73aca9024171472601ea632
                                                • Instruction Fuzzy Hash: FBC12B22B08742C6EB54DBF1D0502BC63B1EF55B88F405136EE8D9BB8ADE7CE4458749
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E06AF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 139libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 869 7ff668e06af0-7ff668e06b49 LoadLibraryA 871 7ff668e06d03-7ff668e06d10 869->871 872 7ff668e06b4f-7ff668e06b69 GetProcAddress 869->872 873 7ff668e06ba5-7ff668e06baf 872->873 874 7ff668e06b6b-7ff668e06b81 872->874 875 7ff668e06bb1-7ff668e06bbc 873->875 876 7ff668e06bc8-7ff668e06bd2 873->876 874->873 885 7ff668e06b83-7ff668e06ba0 call 7ff668e06d80 CoTaskMemFree 874->885 875->876 877 7ff668e06bbe-7ff668e06bc3 875->877 878 7ff668e06bd4-7ff668e06bdf 876->878 879 7ff668e06beb-7ff668e06bf5 876->879 881 7ff668e06c6d-7ff668e06c84 GetProcAddress 877->881 878->879 882 7ff668e06be1-7ff668e06be6 878->882 883 7ff668e06c0b-7ff668e06c15 879->883 884 7ff668e06bf7-7ff668e06c02 879->884 886 7ff668e06c9a-7ff668e06ca8 call 7ff668e9d810 881->886 887 7ff668e06c86-7ff668e06c94 881->887 882->881 889 7ff668e06c2b-7ff668e06c35 883->889 890 7ff668e06c17-7ff668e06c22 883->890 884->883 888 7ff668e06c04-7ff668e06c09 884->888 902 7ff668e06ce4-7ff668e06d02 FreeLibrary 885->902 904 7ff668e06cc5-7ff668e06cd2 SHGetMalloc 886->904 905 7ff668e06caa-7ff668e06cc2 SHGetPathFromIDListA 886->905 887->902 903 7ff668e06c96-7ff668e06c98 887->903 888->881 894 7ff668e06c4b-7ff668e06c55 889->894 895 7ff668e06c37-7ff668e06c42 889->895 890->889 893 7ff668e06c24-7ff668e06c29 890->893 893->881 900 7ff668e06c62-7ff668e06c6a 894->900 901 7ff668e06c57-7ff668e06c5b 894->901 895->894 899 7ff668e06c44-7ff668e06c49 895->899 899->881 900->881 901->900 903->902 904->902 906 7ff668e06cd4-7ff668e06cde 904->906 905->904 906->902
                                                APIs
                                                • LoadLibraryA.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06B3D
                                                • GetProcAddress.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06B5E
                                                • CoTaskMemFree.OLE32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06B98
                                                • GetProcAddress.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06C77
                                                • SHGetPathFromIDListA.SHELL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06CB2
                                                • SHGetMalloc.SHELL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06CCA
                                                  • Part of subcall function 00007FF668E06D80: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000000,00007FF668E06B93,?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06DDB
                                                  • Part of subcall function 00007FF668E06D80: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000000,00007FF668E06B93,?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06E07
                                                • FreeLibrary.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06CE7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: AddressByteCharFreeLibraryMultiProcWide$FromListLoadMallocPathTask
                                                • String ID: SHGetKnownFolderPath$SHGetSpecialFolderPathA$shell32.dll
                                                • API String ID: 2053887120-2979111280
                                                • Opcode ID: 95ebe8afa48a5ad123524d5a1db794af6f40ff7374569eabd97b57f26d3f9430
                                                • Instruction ID: 8690156673a457e812f327965b92d6a61e7beb022eea910c4d6115d3d4021ed7
                                                • Opcode Fuzzy Hash: 95ebe8afa48a5ad123524d5a1db794af6f40ff7374569eabd97b57f26d3f9430
                                                • Instruction Fuzzy Hash: FC513D32B08B06D1EB109B76E88027963B1EF95B94F444832EA0D8F775CE7CE895C759
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD5270 Relevance: 16.6, APIs: 11, Instructions: 62memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Token$InformationLocal$AllocCloseFreeHandleOpenProcess
                                                • String ID:
                                                • API String ID: 1603393945-0
                                                • Opcode ID: b48f7d3b9f3b57e5c9fe93ab85e27d1f234972dfe33d89ee2fcd8dd63abcd9c1
                                                • Instruction ID: 10814d5e516a51c5a2b2e8b34d671317b2a0526f56097a8a131ed053f78fe204
                                                • Opcode Fuzzy Hash: b48f7d3b9f3b57e5c9fe93ab85e27d1f234972dfe33d89ee2fcd8dd63abcd9c1
                                                • Instruction Fuzzy Hash: 4D31C332618A41C6E6508BB5E44472EA7B0FFC4B94F505036EA9EC7B66DFBCE448CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD8BF0 Relevance: 15.1, APIs: 10, Instructions: 104synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CloseCriticalFreeHandleLocalSection$CountEnterEventLeaveObjectReleaseSemaphoreSingleTickWait
                                                • String ID:
                                                • API String ID: 171361178-0
                                                • Opcode ID: c79578270a447eaf7a1279089145a49caf00512a62228acb0a381b216ba3d22b
                                                • Instruction ID: b1743b5051b6629628ceb040d1d91b9daac9018998e96c6b90e2c50a4e7c71f8
                                                • Opcode Fuzzy Hash: c79578270a447eaf7a1279089145a49caf00512a62228acb0a381b216ba3d22b
                                                • Instruction Fuzzy Hash: FB51C676A08B89C2DB008F2AE48425E77B1FBC9F94F110522EE4D87765CF38E485CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE6D90 Relevance: 12.1, APIs: 8, Instructions: 74COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 41%
                                                			E00007FF67FF668DE6D90(void* __ecx, intOrPtr __edx, long long __rax, long long __rcx, void* __r8, void* __r9, long long _a8, intOrPtr _a16, intOrPtr _a24) {
				long _v16;
				char _v56;
				char _v64;
				char _v104;
				long long _v112;
				intOrPtr _v120;
				void* _t48;
				long long _t66;

				_t82 = __r8;
				_t66 = __rax;
				_t54 = __edx;
				_a24 = r8d;
				_a16 = __edx;
				_a8 = __rcx;
				_v112 = 0;
				_v120 = 0;
				if (_a16 == 0) goto 0x68de6dca;
				_v120 = 0xf001f;
				goto 0x68de6dd2;
				_v120 = 4;
				if (_a24 == 0) goto 0x68de6e3f;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5e250,  &_v64);
				r8d = 0;
				E00007FF67FF668DDE210(__ecx, __edx,  &_v104,  &_v64, __r8);
				E00007FF67FF668DDF640(E00007FF67FF668DDF130(__ecx, _t54,  &_v104, _a8, _t82),  &_v104);
				OpenFileMappingW(??, ??, ??); // executed
				_v112 = _t66;
				E00007FF67FF668DDE460( &_v104);
				if (_v112 != 0) goto 0x68de6e94;
				if (_a24 == 0) goto 0x68de6e57;
				GetLastError();
				r8d = 0;
				E00007FF67FF668DDF640(E00007FF67FF668DDE210(_v120, 0,  &_v56, _a8, _t66),  &_v56);
				OpenFileMappingW(??, ??, ??); // executed
				_v112 = _t66;
				E00007FF67FF668DDE460( &_v56);
				if (_v112 != 0) goto 0x68de6ef0;
				if (GetLastError() == 5) goto 0x68de6eb2;
				if (GetLastError() != 6) goto 0x68de6ef0;
				_v16 = GetLastError();
				_t48 = E00007FF67FF668DE6AE0(GetLastError() - 6, _t66, _a8, _a8);
				_v112 = _t66;
				if (_v112 == 0) goto 0x68de6ee3;
				SetLastError(??);
				goto 0x68de6ef0;
				SetLastError(??);
				return _t48;
			}











                                                0x7ff668de6d90
                                                0x7ff668de6d90
                                                0x7ff668de6d90
                                                0x7ff668de6d90
                                                0x7ff668de6d95
                                                0x7ff668de6d99
                                                0x7ff668de6da5
                                                0x7ff668de6dae
                                                0x7ff668de6dbe
                                                0x7ff668de6dc0
                                                0x7ff668de6dc8
                                                0x7ff668de6dca
                                                0x7ff668de6dda
                                                0x7ff668de6ddc
                                                0x7ff668de6dee
                                                0x7ff668de6df3
                                                0x7ff668de6e00
                                                0x7ff668de6e1c
                                                0x7ff668de6e2a
                                                0x7ff668de6e30
                                                0x7ff668de6e3a
                                                0x7ff668de6e45
                                                0x7ff668de6e4f
                                                0x7ff668de6e51
                                                0x7ff668de6e57
                                                0x7ff668de6e71
                                                0x7ff668de6e7f
                                                0x7ff668de6e85
                                                0x7ff668de6e8f
                                                0x7ff668de6e9a
                                                0x7ff668de6ea5
                                                0x7ff668de6eb0
                                                0x7ff668de6eb8
                                                0x7ff668de6ec7
                                                0x7ff668de6ecc
                                                0x7ff668de6ed7
                                                0x7ff668de6edb
                                                0x7ff668de6ee1
                                                0x7ff668de6eea
                                                0x7ff668de6efc

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$FileMappingOpen
                                                • String ID:
                                                • API String ID: 3574041349-0
                                                • Opcode ID: b8a13fa10ca18c1ef034bf41a54e06d6f1f9cd658580162f24241f160b9e5c31
                                                • Instruction ID: 5b9717f547ea0aa525119c4037956306b6a93d8be221a2d13829da48ac112982
                                                • Opcode Fuzzy Hash: b8a13fa10ca18c1ef034bf41a54e06d6f1f9cd658580162f24241f160b9e5c31
                                                • Instruction Fuzzy Hash: C341FA3291C686C6EA709B74E44436EB7B1FF84784F405635E38D8A9AADF3CD548CB18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E06AB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06B3D
                                                • GetProcAddress.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06B5E
                                                • CoTaskMemFree.OLE32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06B98
                                                • GetProcAddress.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06C77
                                                • SHGetPathFromIDListA.SHELL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06CB2
                                                • SHGetMalloc.SHELL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06CCA
                                                  • Part of subcall function 00007FF668E06D80: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000000,00007FF668E06B93,?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06DDB
                                                  • Part of subcall function 00007FF668E06D80: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000000,00007FF668E06B93,?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06E07
                                                • FreeLibrary.KERNEL32(?,?,?,00007FF668E014C4,?,00007FF668E00690), ref: 00007FF668E06CE7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: AddressByteCharFreeLibraryMultiProcWide$FromListLoadMallocPathTask
                                                • String ID: SHGetKnownFolderPath$shell32.dll
                                                • API String ID: 2053887120-2936008475
                                                • Opcode ID: 06ed3de4797366f5a3ad8a3ea99a71ffd2e5c1c9530a4abb40b8a92d23913f21
                                                • Instruction ID: e251c7c6495296df933649292548bd56e2a9a7c91eadc5c7475f67bcb865212d
                                                • Opcode Fuzzy Hash: 06ed3de4797366f5a3ad8a3ea99a71ffd2e5c1c9530a4abb40b8a92d23913f21
                                                • Instruction Fuzzy Hash: 2F117332B08B12C1EA04DB72A850179A7B0AFC9BD0F484432EE4D8BB65DF3CE195C744
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F329FC Relevance: 7.8, APIs: 5, Instructions: 291COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 21%
                                                			E00007FF67FF668F329FC(void* __ebx, signed int __ecx, intOrPtr* __rax, long long __rbx, long long __rdx, long long __r9, char _a8, long long _a16, long long _a24, intOrPtr _a32) {
				void* _v72;
				long long _v80;
				signed int _v88;
				long long _v96;
				void* _v104;
				unsigned long long _v120;
				void* _t121;
				signed char _t125;
				void* _t134;
				char _t136;
				int _t145;
				void* _t146;
				void* _t149;
				char _t160;
				char _t161;
				signed int _t165;
				void* _t188;
				void* _t189;
				void* _t190;
				unsigned int _t192;
				void* _t195;
				long long _t200;
				long long _t236;
				signed long long _t243;
				signed short* _t247;
				intOrPtr* _t249;
				char* _t252;
				intOrPtr _t257;
				signed long long _t270;
				void* _t272;
				unsigned long long _t277;
				signed long long _t283;
				unsigned long long _t284;
				signed short* _t286;
				signed short* _t292;
				signed short* _t294;
				unsigned long long _t297;
				signed long long _t298;
				char* _t300;
				char* _t301;
				char* _t302;

				_a24 = __rbx;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0x68f32a3d;
				E00007FF67FF668F18A10(_t121, __rax);
				 *__rax = 0;
				0x68f18a30();
				 *__rax = 9;
				goto 0x68f32e37;
				if (__ecx < 0) goto 0x68f32e20;
				_t195 = r12d -  *0x68fc7730; // 0x40
				if (_t195 >= 0) goto 0x68f32e20;
				_t3 = _t277 + 1; // 0x1
				r9d = _t3;
				_v80 = __r9;
				_t282 = __ecx >> 6;
				_v88 = __ecx >> 6;
				_t298 = __ecx + __ecx * 8;
				if ((r9b &  *(0x68fc7330 + 0x38 + _t298 * 8)) == 0) goto 0x68f32e20;
				if (r13d - 0x7fffffff <= 0) goto 0x68f32aac;
				_t125 = E00007FF67FF668F18A10( *(0x68fc7330 + 0x38 + _t298 * 8), __ecx);
				 *__ecx = 0;
				0x68f18a30();
				 *__ecx = 0x16;
				goto 0x68f32e32;
				if (r13d == 0) goto 0x68f32e1c;
				if ((_t125 & 0x00000002) != 0) goto 0x68f32e1c;
				_t200 = __rdx;
				if (_t200 == 0) goto 0x68f32a95;
				r11d =  *((char*)(0x68fc7330 + 0x39 + _t298 * 8));
				_t236 =  *((intOrPtr*)(0x68fc7330 + 0x28 + _t298 * 8));
				_v96 = _t236;
				_a8 = r11b;
				if (_t200 == 0) goto 0x68f32b27;
				if (r11d - r9d != r9d) goto 0x68f32b15;
				if ((r9b &  !r13d) != 0) goto 0x68f32b15;
				E00007FF67FF668F18A10( !r13d, _t236);
				 *_t236 = 0;
				0x68f18a30();
				 *_t236 = 0x16;
				E00007FF67FF668F14258();
				goto 0x68f32cb0;
				goto 0x68f32bab;
				if ((r9b &  !r13d) == 0) goto 0x68f32af9;
				_t188 =  <  ? 4 : r13d >> 1;
				E00007FF67FF668F28480(_t236,  *((intOrPtr*)(0x68fc7330 + _t282 * 8)));
				_t252 = _t236;
				E00007FF67FF668F284E8(_t236,  *((intOrPtr*)(0x68fc7330 + _t282 * 8)));
				_t134 = E00007FF67FF668F284E8(_t236,  *((intOrPtr*)(0x68fc7330 + _t282 * 8)));
				_t300 = _t252;
				if (_t252 != 0) goto 0x68f32b76;
				0x68f18a30();
				 *_t236 = 0xc;
				E00007FF67FF668F18A10(_t134, _t236);
				 *_t236 = 8;
				goto 0x68f32cb0;
				r8d = 0x7ff668fc7331;
				0x68f34aa8();
				_t283 = _v88;
				r11b = _a8;
				r9d = 1;
				 *((long long*)( *((intOrPtr*)(0x68fc7330 + _t283 * 8)) + 0x30 + _t298 * 8)) = _t236;
				_t257 =  *((intOrPtr*)(0x68fc7330 + _t283 * 8));
				_v72 = _t300;
				r10d = 0xa;
				if (( *(_t257 + 0x38 + _t298 * 8) & 0x00000048) == 0) goto 0x68f32c3a;
				_t136 =  *((intOrPtr*)(_t257 + 0x3a + _t298 * 8));
				if (_t136 == r10b) goto 0x68f32c3a;
				if (_t188 == 0) goto 0x68f32c3a;
				 *_t300 = _t136;
				_t189 = _t188 - 1;
				_t301 = _t300 + __r9;
				 *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _t283 * 8)) + 0x3a + _t298 * 8)) = r10b;
				if (r11b == 0) goto 0x68f32c3a;
				_t160 =  *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _t283 * 8)) + 0x3b + _t298 * 8));
				if (_t160 == r10b) goto 0x68f32c3a;
				if (_t189 == 0) goto 0x68f32c3a;
				 *_t301 = _t160;
				_t302 = _t301 + __r9;
				_t190 = _t189 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _t283 * 8)) + 0x3b + _t298 * 8)) = r10b;
				if (r11b != r9b) goto 0x68f32c3a;
				_t161 =  *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _t283 * 8)) + 0x3c + _t298 * 8));
				if (_t161 == r10b) goto 0x68f32c3a;
				if (_t190 == 0) goto 0x68f32c3a;
				 *_t302 = _t161;
				 *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _t283 * 8)) + 0x3c + _t298 * 8)) = r10b;
				if (E00007FF67FF668F41064(r12d,  *((intOrPtr*)(0x68fc7330 + _t283 * 8))) == 0) goto 0x68f32cce;
				_t243 =  *((intOrPtr*)(0x68fc7330 + _v88 * 8));
				if ( *((intOrPtr*)(_t243 + 0x38 + _t298 * 8)) - sil >= 0) goto 0x68f32cce;
				if (GetConsoleMode(??, ??) == 0) goto 0x68f32cce;
				if (_a8 != 2) goto 0x68f32cd3;
				_t192 = _t190 - 1 >> 1;
				r8d = _t192;
				_v120 = _t277;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0x68f32cc2;
				E00007FF67FF668F189C0(GetLastError(), _t243, _t252);
				E00007FF67FF668F284E8(_t243, _t252);
				goto 0x68f32e3a;
				goto 0x68f32d0e;
				_v80 = sil;
				r8d = _t192;
				_v120 = _t277;
				_t145 = ReadFile(??, ??, ??, ??, ??); // executed
				if (_t145 == 0) goto 0x68f32de6;
				if (_a32 - r13d > 0) goto 0x68f32de6;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _v88 * 8)) + 0x38 + _t298 * 8)) - sil >= 0) goto 0x68f32cb3;
				_t284 = _t272 + _t243 * 2 + _a32;
				if (_a8 == 2) goto 0x68f32d57;
				_t270 = _t302 + __r9;
				_v120 = _t297 >> 1;
				_t146 = E00007FF67FF668F32530(_t145, __ebx, r12d, 0, _t270, _t284, _a16);
				goto 0x68f32cb3;
				if (_v80 == sil) goto 0x68f32dd4;
				_t294 = _v72;
				_t247 = _t294;
				_t292 =  &(_t294[_t284 >> 1]);
				if (_t294 - _t292 >= 0) goto 0x68f32dc7;
				_t165 =  *_t247 & 0x0000ffff;
				if (_t165 == 0x1a) goto 0x68f32dbd;
				if (_t165 != 0xd) goto 0x68f32da3;
				_t286 =  &(_t247[1]);
				if (_t286 - _t292 >= 0) goto 0x68f32da3;
				if ( *_t286 != 0xa) goto 0x68f32da3;
				r8d = 4;
				goto 0x68f32da9;
				r8d = 2;
				 *_t294 = 0xa;
				if (_t247 + _t286 - _t292 < 0) goto 0x68f32d7a;
				goto 0x68f32dc7;
				_t249 =  *((intOrPtr*)(0x68fc7330 + _t270 * 8));
				 *(_t249 + 0x38 + _t298 * 8) =  *(_t249 + 0x38 + _t298 * 8) | 0x00000002;
				goto 0x68f32cb3;
				E00007FF67FF668F32280(_t146, r12d, _v72,  &(_t294[1]));
				goto 0x68f32d50;
				if (GetLastError() != 5) goto 0x68f32e0c;
				0x68f18a30();
				 *_t249 = 9;
				_t149 = E00007FF67FF668F18A10(_t148, _t249);
				 *_t249 = 5;
				goto 0x68f32cb0;
				if (_t149 != 0x6d) goto 0x68f32ca9;
				goto 0x68f32cb3;
				goto 0x68f32e3a;
				E00007FF67FF668F18A10(0, _t249);
				 *_t249 = 0xa;
				0x68f18a30();
				 *_t249 = 9;
				return E00007FF67FF668F14258() | 0xffffffff;
			}












































                                                0x7ff668f329fc
                                                0x7ff668f32a01
                                                0x7ff668f32a1b
                                                0x7ff668f32a22
                                                0x7ff668f32a24
                                                0x7ff668f32a2b
                                                0x7ff668f32a2d
                                                0x7ff668f32a32
                                                0x7ff668f32a38
                                                0x7ff668f32a41
                                                0x7ff668f32a47
                                                0x7ff668f32a4e
                                                0x7ff668f32a57
                                                0x7ff668f32a57
                                                0x7ff668f32a5e
                                                0x7ff668f32a6d
                                                0x7ff668f32a71
                                                0x7ff668f32a76
                                                0x7ff668f32a86
                                                0x7ff668f32a93
                                                0x7ff668f32a95
                                                0x7ff668f32a9a
                                                0x7ff668f32a9c
                                                0x7ff668f32aa1
                                                0x7ff668f32aa7
                                                0x7ff668f32aaf
                                                0x7ff668f32ab7
                                                0x7ff668f32abd
                                                0x7ff668f32ac0
                                                0x7ff668f32ac2
                                                0x7ff668f32acb
                                                0x7ff668f32ad3
                                                0x7ff668f32add
                                                0x7ff668f32ae8
                                                0x7ff668f32aed
                                                0x7ff668f32af7
                                                0x7ff668f32af9
                                                0x7ff668f32afe
                                                0x7ff668f32b00
                                                0x7ff668f32b05
                                                0x7ff668f32b0b
                                                0x7ff668f32b10
                                                0x7ff668f32b22
                                                0x7ff668f32b2f
                                                0x7ff668f32b38
                                                0x7ff668f32b3d
                                                0x7ff668f32b44
                                                0x7ff668f32b47
                                                0x7ff668f32b4e
                                                0x7ff668f32b53
                                                0x7ff668f32b59
                                                0x7ff668f32b5b
                                                0x7ff668f32b60
                                                0x7ff668f32b66
                                                0x7ff668f32b6b
                                                0x7ff668f32b71
                                                0x7ff668f32b7b
                                                0x7ff668f32b7f
                                                0x7ff668f32b84
                                                0x7ff668f32b90
                                                0x7ff668f32b98
                                                0x7ff668f32ba2
                                                0x7ff668f32ba7
                                                0x7ff668f32bb3
                                                0x7ff668f32bb8
                                                0x7ff668f32bbe
                                                0x7ff668f32bc0
                                                0x7ff668f32bc8
                                                0x7ff668f32bcc
                                                0x7ff668f32bce
                                                0x7ff668f32bd1
                                                0x7ff668f32bd7
                                                0x7ff668f32bdd
                                                0x7ff668f32be5
                                                0x7ff668f32beb
                                                0x7ff668f32bf3
                                                0x7ff668f32bf7
                                                0x7ff668f32bf9
                                                0x7ff668f32c04
                                                0x7ff668f32c07
                                                0x7ff668f32c09
                                                0x7ff668f32c11
                                                0x7ff668f32c17
                                                0x7ff668f32c1f
                                                0x7ff668f32c23
                                                0x7ff668f32c25
                                                0x7ff668f32c35
                                                0x7ff668f32c44
                                                0x7ff668f32c56
                                                0x7ff668f32c5f
                                                0x7ff668f32c73
                                                0x7ff668f32c7d
                                                0x7ff668f32c8c
                                                0x7ff668f32c91
                                                0x7ff668f32c94
                                                0x7ff668f32ca1
                                                0x7ff668f32cab
                                                0x7ff668f32cb6
                                                0x7ff668f32cbd
                                                0x7ff668f32ccc
                                                0x7ff668f32cce
                                                0x7ff668f32ce0
                                                0x7ff668f32ce3
                                                0x7ff668f32ceb
                                                0x7ff668f32cf3
                                                0x7ff668f32d01
                                                0x7ff668f32d23
                                                0x7ff668f32d2d
                                                0x7ff668f32d30
                                                0x7ff668f32d40
                                                0x7ff668f32d46
                                                0x7ff668f32d4b
                                                0x7ff668f32d52
                                                0x7ff668f32d5f
                                                0x7ff668f32d61
                                                0x7ff668f32d66
                                                0x7ff668f32d6c
                                                0x7ff668f32d73
                                                0x7ff668f32d7a
                                                0x7ff668f32d81
                                                0x7ff668f32d87
                                                0x7ff668f32d89
                                                0x7ff668f32d90
                                                0x7ff668f32d96
                                                0x7ff668f32d9b
                                                0x7ff668f32da1
                                                0x7ff668f32da3
                                                0x7ff668f32dac
                                                0x7ff668f32db9
                                                0x7ff668f32dbb
                                                0x7ff668f32dbd
                                                0x7ff668f32dc1
                                                0x7ff668f32dcf
                                                0x7ff668f32ddc
                                                0x7ff668f32de1
                                                0x7ff668f32def
                                                0x7ff668f32df1
                                                0x7ff668f32df6
                                                0x7ff668f32dfc
                                                0x7ff668f32e01
                                                0x7ff668f32e07
                                                0x7ff668f32e0f
                                                0x7ff668f32e17
                                                0x7ff668f32e1e
                                                0x7ff668f32e20
                                                0x7ff668f32e25
                                                0x7ff668f32e27
                                                0x7ff668f32e2c
                                                0x7ff668f32e51

                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d7a05dccb82793cc3d1bf604d4ffe3836d37af732fce56f005a164cd171c699
                                                • Instruction ID: 91919b486ffcce11bd92d0279fff30c8f59d6ca5c5e05caecefd6d2770b791ff
                                                • Opcode Fuzzy Hash: 4d7a05dccb82793cc3d1bf604d4ffe3836d37af732fce56f005a164cd171c699
                                                • Instruction Fuzzy Hash: 49C1E232A1C786D2E6615B3590402BE7BB1EF84BD1F444131DA4E8B792CE7DEC5683CA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E959C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: InfoInformationSystemVolume
                                                • String ID: $C:\
                                                • API String ID: 1094708105-488312911
                                                • Opcode ID: 46ecacbc170f0f6baa00fe73d468b227dda82c0ffc5dffed7d5d0270cbfce548
                                                • Instruction ID: 0aac3f49309268402934ae46aa3f82b298b02055fff4c9822f85bca58edcbdfc
                                                • Opcode Fuzzy Hash: 46ecacbc170f0f6baa00fe73d468b227dda82c0ffc5dffed7d5d0270cbfce548
                                                • Instruction Fuzzy Hash: 6A113A32628A85C6EB10CB35E0847AA73A0FB89754F801236EA8D8B716DF39C549CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F33E3C Relevance: 6.2, APIs: 4, Instructions: 202COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E00007FF67FF668F33E3C(signed long long __ecx, void* __edi, intOrPtr* __rax, long __rbx, signed short* __rdx, void* __r9, void* __r10, void* __r11, long long _a32) {
				signed short _v72;
				void* _v84;
				unsigned int _v88;
				intOrPtr _v96;
				intOrPtr _v100;
				long _v104;
				signed int _v120;
				void* __rsi;
				void* __rbp;
				void* _t77;
				void* _t89;
				int _t97;
				long _t98;
				unsigned int _t99;
				void* _t101;
				signed int _t114;
				void* _t125;
				intOrPtr _t128;
				intOrPtr _t129;
				void* _t148;
				signed long long _t160;
				unsigned long long _t166;
				signed int* _t168;
				long _t169;
				signed short* _t182;
				signed short* _t185;
				void* _t186;
				void* _t188;
				void* _t197;
				signed long long _t199;
				void* _t200;
				signed long long _t202;
				void* _t203;
				signed short* _t204;
				signed long long _t206;

				_t197 = __r10;
				_t182 = __rdx;
				_t169 = __rbx;
				_t125 = __edi;
				_a32 = __rbx;
				r14d = r8d;
				_t199 = __ecx;
				_t185 = __rdx;
				if (r8d == 0) goto 0x68f34105;
				if (__rdx != 0) goto 0x68f33e8b;
				E00007FF67FF668F18A10(_t77, __rax);
				 *__rax = 0;
				0x68f18a30();
				 *__rax = 0x16;
				E00007FF67FF668F14258();
				goto 0x68f34107;
				_t202 = _t199 >> 6;
				_t206 = _t199 + _t199 * 8;
				if (_t186 - 1 - 1 > 0) goto 0x68f33ebd;
				if (( !r14d & 0x00000001) == 0) goto 0x68f33e6c;
				if (( *( *((intOrPtr*)(0x68fc7330 + _t202 * 8)) + 0x38 + _t206 * 8) & 0x00000020) == 0) goto 0x68f33ed3;
				_t17 = _t182 + 2; // 0x2
				r8d = _t17;
				0x68f34aa8();
				_v88 = __rbx;
				if (E00007FF67FF668F41064(r12d, _t199) == 0) goto 0x68f33ff2;
				_t160 =  *((intOrPtr*)(0x68fc7330 + _t202 * 8));
				if ( *(0x68fc7330 + 0x38 + _t206 * 8) >= 0) goto 0x68f33ff2;
				E00007FF67FF668F299B4(_t160, __rbx,  *((intOrPtr*)(0x68fc7330 + _t202 * 8)), _t182, _t186, __r9);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x90)) + 0x138)) != _t169) goto 0x68f33f28;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x68fc7330 + _t202 * 8)) + 0x39 + _t206 * 8)) == 0) goto 0x68f33ff2;
				if (GetConsoleMode(??, ??) == 0) goto 0x68f33ff2;
				if (sil == 0) goto 0x68f33fd4;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0x68f3408e;
				_t200 = _t185 + _t203;
				_v104 = _t169;
				_t204 = _t185;
				if (_t185 - _t200 >= 0) goto 0x68f34084;
				_v72 =  *_t204 & 0x0000ffff;
				_t89 = E00007FF67FF668F4372C( *_t204 & 0xffff);
				_t114 = _v72 & 0x0000ffff;
				if (_t89 != _t114) goto 0x68f33fc6;
				_t128 = _v100 + 2;
				_v100 = _t128;
				if (_t114 != 0xa) goto 0x68f33fb7;
				if (E00007FF67FF668F4372C(0xd) != 0xd) goto 0x68f33fc6;
				_t129 = _t128 + 1;
				_v100 = _t129;
				if ( &(_t204[1]) - _t200 >= 0) goto 0x68f34084;
				goto 0x68f33f77;
				_v104 = GetLastError();
				goto 0x68f34084;
				r9d = r14d;
				E00007FF67FF668F333AC(_t91, r12d, _t125,  &(_t204[1]) - _t200, _t169,  &_v104,  &_v72, _t185, __r11);
				asm("movsd xmm0, [eax]");
				goto 0x68f34089;
				if ( *( *((intOrPtr*)(0x68fc7330 + _t202 * 8)) + 0x38 + _t206 * 8) -  *0x7FF668FC7338 >= 0) goto 0x68f34051;
				_t148 = sil;
				if (_t148 == 0) goto 0x68f3403d;
				if (_t148 == 0) goto 0x68f34029;
				if (_t129 - 1 != 1) goto 0x68f3408e;
				r9d = r14d;
				E00007FF67FF668F33AC4( *0x7FF668FC7338, r12d, 0x68fc7330, _t169,  &_v104, _t188, _t185, _t197, __r11);
				goto 0x68f33fe6;
				r9d = r14d;
				E00007FF67FF668F33BE0(r12d, _t125, 0x68fc7330, _t169,  &_v104, _t188, _t185, _t197, __r11);
				goto 0x68f33fe6;
				r9d = r14d;
				E00007FF67FF668F339C0( *0x7FF668FC7338, _t129 - 1, r12d, 0x68fc7330, _t169,  &_v104, _t188, _t185, _t197, __r11);
				goto 0x68f33fe6;
				r8d = r14d;
				_v120 = _v120 & 0x68fc7330;
				_v104 = 0x68fc7330;
				_v96 = 0;
				_t97 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t97 != 0) goto 0x68f34081;
				_t98 = GetLastError();
				_v104 = _t98;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				_t166 = _v88 >> 0x20;
				if (_t98 != 0) goto 0x68f340fe;
				_t99 = _v88;
				if (_t99 == 0) goto 0x68f340ce;
				if (_t99 != 5) goto 0x68f340c1;
				0x68f18a30();
				 *_t166 = 9;
				E00007FF67FF668F18A10(_t99, _t166);
				 *_t166 = 5;
				goto 0x68f33e83;
				_t101 = E00007FF67FF668F189C0(_v88, _t166, _t169);
				goto 0x68f33e83;
				_t168 =  *((intOrPtr*)(0x68fc7330 + _t202 * 8));
				if (( *(0x68fc7330 + 0x38 + _t206 * 8) & 0x00000040) == 0) goto 0x68f340e6;
				if ( *_t185 == 0x1a) goto 0x68f34105;
				0x68f18a30();
				 *0x68fc7330 = 0x1c;
				E00007FF67FF668F18A10(_t101, _t168);
				 *_t168 =  *_t168 & 0x00000000;
				goto 0x68f33e83;
				goto 0x68f34107;
				return 0;
			}






































                                                0x7ff668f33e3c
                                                0x7ff668f33e3c
                                                0x7ff668f33e3c
                                                0x7ff668f33e3c
                                                0x7ff668f33e3c
                                                0x7ff668f33e55
                                                0x7ff668f33e58
                                                0x7ff668f33e5b
                                                0x7ff668f33e61
                                                0x7ff668f33e6a
                                                0x7ff668f33e6c
                                                0x7ff668f33e71
                                                0x7ff668f33e73
                                                0x7ff668f33e78
                                                0x7ff668f33e7e
                                                0x7ff668f33e86
                                                0x7ff668f33e9b
                                                0x7ff668f33e9f
                                                0x7ff668f33eb2
                                                0x7ff668f33ebb
                                                0x7ff668f33ec3
                                                0x7ff668f33eca
                                                0x7ff668f33eca
                                                0x7ff668f33ece
                                                0x7ff668f33ed6
                                                0x7ff668f33ee1
                                                0x7ff668f33eee
                                                0x7ff668f33ef7
                                                0x7ff668f33efd
                                                0x7ff668f33f10
                                                0x7ff668f33f22
                                                0x7ff668f33f44
                                                0x7ff668f33f4d
                                                0x7ff668f33f53
                                                0x7ff668f33f5a
                                                0x7ff668f33f60
                                                0x7ff668f33f64
                                                0x7ff668f33f68
                                                0x7ff668f33f6e
                                                0x7ff668f33f7e
                                                0x7ff668f33f82
                                                0x7ff668f33f87
                                                0x7ff668f33f8e
                                                0x7ff668f33f90
                                                0x7ff668f33f93
                                                0x7ff668f33f9a
                                                0x7ff668f33fae
                                                0x7ff668f33fb0
                                                0x7ff668f33fb2
                                                0x7ff668f33fbe
                                                0x7ff668f33fc4
                                                0x7ff668f33fcc
                                                0x7ff668f33fcf
                                                0x7ff668f33fd4
                                                0x7ff668f33fe1
                                                0x7ff668f33fe6
                                                0x7ff668f33fed
                                                0x7ff668f34002
                                                0x7ff668f34006
                                                0x7ff668f34009
                                                0x7ff668f3400e
                                                0x7ff668f34013
                                                0x7ff668f34015
                                                0x7ff668f34022
                                                0x7ff668f34027
                                                0x7ff668f34029
                                                0x7ff668f34036
                                                0x7ff668f3403b
                                                0x7ff668f3403d
                                                0x7ff668f3404a
                                                0x7ff668f3404f
                                                0x7ff668f3405c
                                                0x7ff668f3405f
                                                0x7ff668f34067
                                                0x7ff668f3406b
                                                0x7ff668f3406e
                                                0x7ff668f34076
                                                0x7ff668f34078
                                                0x7ff668f3407e
                                                0x7ff668f34084
                                                0x7ff668f34089
                                                0x7ff668f34092
                                                0x7ff668f34098
                                                0x7ff668f3409a
                                                0x7ff668f3409f
                                                0x7ff668f340a4
                                                0x7ff668f340a6
                                                0x7ff668f340ab
                                                0x7ff668f340b1
                                                0x7ff668f340b6
                                                0x7ff668f340bc
                                                0x7ff668f340c4
                                                0x7ff668f340c9
                                                0x7ff668f340d5
                                                0x7ff668f340df
                                                0x7ff668f340e4
                                                0x7ff668f340e6
                                                0x7ff668f340eb
                                                0x7ff668f340f1
                                                0x7ff668f340f6
                                                0x7ff668f340f9
                                                0x7ff668f34103
                                                0x7ff668f3411e

                                                APIs
                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,00000000,?,?,00000058,00007FF668F33DFB,?,00000000,?,00007FF668F3444A), ref: 00007FF668F33F3C
                                                • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00000000,?,?,00000058,00007FF668F33DFB,?,00000000,?,00007FF668F3444A), ref: 00007FF668F33FC6
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ConsoleErrorLastMode
                                                • String ID:
                                                • API String ID: 953036326-0
                                                • Opcode ID: 8cb7c9035db952c94ba43c15ae712a6a7823672888e56e562582d7138aa01980
                                                • Instruction ID: e2a06964d44ebe1a17939e31d8a2f4388fe59b46c2cb33153504dbe32f8522f1
                                                • Opcode Fuzzy Hash: 8cb7c9035db952c94ba43c15ae712a6a7823672888e56e562582d7138aa01980
                                                • Instruction Fuzzy Hash: 8E81BC72E18A12C6E720DB7495406BD27B0BFA4BC4F444136DE0E9B692DE3DAC45C39A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F12B0C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E00007FF67FF668F12B0C(intOrPtr __edx, long long __rbx, void* __rcx, void* __r8, intOrPtr* __r9, long long _a16) {
				signed int _v56;
				intOrPtr _v64;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v120;
				signed long long _v128;
				long long _v136;
				void* __rsi;
				void* __rbp;
				long _t37;
				intOrPtr _t40;
				int _t42;
				signed int _t47;
				intOrPtr _t58;
				long _t59;
				signed long long _t76;
				signed long long _t77;
				intOrPtr _t87;
				void* _t100;

				_a16 = __rbx;
				_t76 =  *0x68faa518; // 0x6f377a770bdc
				_t77 = _t76 ^ _t100 - 0x00000080;
				_v56 = _t77;
				r14d = __edx; // executed
				_t37 = GetFileType(??); // executed
				r15d = 1;
				asm("btr ecx, 0xf");
				if (_t37 != r15d) goto 0x68f12c17;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				if (__rcx == 0) goto 0x68f12b86;
				_v120 = _v120 & 0x00000000;
				if (E00007FF67FF668F13488(__rcx,  &_v120, __r8) == 0) goto 0x68f12c2e;
				_t40 = _v120 - 1;
				 *((intOrPtr*)(__r9 + 0x10)) = _t40;
				 *__r9 = _t40;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x48], xmm0");
				_v64 = 0;
				asm("movups [ebp-0x38], xmm0");
				asm("movups [ebp-0x28], xmm0"); // executed
				_t42 = GetFileInformationByHandle(??, ??); // executed
				if (_t42 == 0) goto 0x68f12c32;
				_t58 = _v112;
				_t94 = __rcx;
				 *((short*)(__r9 + 6)) = E00007FF67FF668F13344(_t58, __r9, __rcx, __r8, _t100);
				E00007FF67FF668F12D4C(_t58, _v92, _t94); // executed
				 *(__r9 + 0x20) = _t77;
				E00007FF67FF668F12D4C(_t58, _v100, _t77); // executed
				_t87 = _v108;
				 *(__r9 + 0x18) = _t77;
				E00007FF67FF668F12D4C(_t58, _t87,  *(__r9 + 0x20)); // executed
				 *(__r9 + 0x28) = _t77;
				 *(__r9 + 0x14) =  *(__r9 + 0x14) & 0x00000000;
				if (_v80 != 0) goto 0x68f12c0a;
				_t47 = _v76;
				if (_t47 - 0x7fffffff > 0) goto 0x68f12c0a;
				 *(__r9 + 0x14) = _t47;
				goto 0x68f12c8e;
				0x68f18a30();
				 *_t77 = 0x84;
				goto 0x68f12c2e;
				_t25 = _t87 - 2; // -2
				if (_t25 - r15d <= 0) goto 0x68f12c41;
				if (_t58 != 0) goto 0x68f12c32;
				0x68f18a30();
				 *_t77 = 9;
				goto 0x68f12c91;
				_t59 = GetLastError();
				E00007FF67FF668F189C0(_t59, _t77, __r9);
				goto 0x68f12c2e;
				 *((intOrPtr*)(__r9 + 8)) = r15w;
				 *((intOrPtr*)(__r9 + 0x10)) = r14d;
				 *__r9 = r14d;
				_t53 =  ==  ? 0x2000 : 0x1000;
				 *((short*)(__r9 + 6)) =  ==  ? 0x2000 : 0x1000;
				if (_t59 == 2) goto 0x68f12c8e;
				_v128 = _v128 & 0x00000000;
				_v136 =  &_v120;
				r9d = 0;
				r8d = 0;
				if (PeekNamedPipe(??, ??, ??, ??, ??, ??) == 0) goto 0x68f12c8e;
				 *(__r9 + 0x14) = _v120;
				return E00007FF67FF668E9D970(r15b, _v120, _v56 ^ _t100 - 0x00000080);
			}


























                                                0x7ff668f12b0c
                                                0x7ff668f12b22
                                                0x7ff668f12b29
                                                0x7ff668f12b2c
                                                0x7ff668f12b3c
                                                0x7ff668f12b3f
                                                0x7ff668f12b47
                                                0x7ff668f12b4d
                                                0x7ff668f12b54
                                                0x7ff668f12b5a
                                                0x7ff668f12b62
                                                0x7ff668f12b64
                                                0x7ff668f12b76
                                                0x7ff668f12b7f
                                                0x7ff668f12b81
                                                0x7ff668f12b84
                                                0x7ff668f12b86
                                                0x7ff668f12b92
                                                0x7ff668f12b96
                                                0x7ff668f12b99
                                                0x7ff668f12b9d
                                                0x7ff668f12ba1
                                                0x7ff668f12ba9
                                                0x7ff668f12baf
                                                0x7ff668f12bb2
                                                0x7ff668f12bc0
                                                0x7ff668f12bc4
                                                0x7ff668f12bd0
                                                0x7ff668f12bd4
                                                0x7ff668f12bdd
                                                0x7ff668f12be1
                                                0x7ff668f12be5
                                                0x7ff668f12bea
                                                0x7ff668f12bee
                                                0x7ff668f12bf6
                                                0x7ff668f12bf8
                                                0x7ff668f12c00
                                                0x7ff668f12c02
                                                0x7ff668f12c05
                                                0x7ff668f12c0a
                                                0x7ff668f12c0f
                                                0x7ff668f12c15
                                                0x7ff668f12c17
                                                0x7ff668f12c1d
                                                0x7ff668f12c21
                                                0x7ff668f12c23
                                                0x7ff668f12c28
                                                0x7ff668f12c30
                                                0x7ff668f12c38
                                                0x7ff668f12c3a
                                                0x7ff668f12c3f
                                                0x7ff668f12c44
                                                0x7ff668f12c4e
                                                0x7ff668f12c57
                                                0x7ff668f12c5a
                                                0x7ff668f12c5e
                                                0x7ff668f12c62
                                                0x7ff668f12c64
                                                0x7ff668f12c6e
                                                0x7ff668f12c73
                                                0x7ff668f12c79
                                                0x7ff668f12c86
                                                0x7ff668f12c8b
                                                0x7ff668f12cb3

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                • String ID:
                                                • API String ID: 2780335769-0
                                                • Opcode ID: e4d9aac5fae5392703d7614b3da436d9bb1670d0e0d7c31bdac4f55b716482ef
                                                • Instruction ID: ca0d6824ae39ea75544a2c9750f26982a070067829f2f6ecfd595ae518b3b214
                                                • Opcode Fuzzy Hash: e4d9aac5fae5392703d7614b3da436d9bb1670d0e0d7c31bdac4f55b716482ef
                                                • Instruction Fuzzy Hash: 0C517AB2A18641CAFB10DFB1D4503BD33B1AF49BA8F148539DE89DB689DF39D4818708
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F16974 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 85%
                                                			E00007FF67FF668F16974(void* __ebx, void* __edx, long long __rbx, long long __rcx, void* __rdx, long long __rdi, void* __rsi) {
				void* _t28;
				void* _t31;
				char _t36;
				char _t37;
				void* _t48;
				signed long long _t64;
				signed long long _t65;
				long long _t70;
				char* _t80;
				void* _t83;
				void* _t86;
				signed long long _t87;
				void* _t89;
				void* _t90;

				_t70 = __rcx;
				_t68 = __rbx;
				 *((long long*)(_t86 + 0x10)) = __rbx;
				 *((long long*)(_t86 + 0x18)) = __rdi;
				_t87 = _t86 - 0x180;
				_t64 =  *0x68faa518; // 0x6f377a770bdc
				_t65 = _t64 ^ _t87;
				 *(_t86 - 0x80 + 0x70) = _t65;
				if (__rcx != 0) goto 0x68f169be;
				E00007FF67FF668F18A10(_t28, _t65);
				 *_t65 =  *_t65 & 0x00000000;
				0x68f18a30();
				 *_t65 = 0x16;
				E00007FF67FF668F14258();
				goto 0x68f16a85; // executed
				_t31 = E00007FF67FF668F31F64(_t48, __rcx, _t65, __rbx, __rcx, __rdx, __rdi, __rsi, _t89, _t90, _t83); // executed
				if (_t31 != 0) goto 0x68f169d6;
				E00007FF67FF668F189C0(GetLastError(), _t65, _t68);
				goto 0x68f169b6;
				 *(_t87 + 0x48) =  *(_t87 + 0x48) & 0x00000000;
				 *((long long*)(_t87 + 0x28)) = _t87 + 0x60;
				 *((long long*)(_t87 + 0x30)) = _t70;
				 *((long long*)(_t87 + 0x40)) = _t70;
				 *((long long*)(_t87 + 0x38)) = _t87 + 0x60;
				 *((char*)(_t87 + 0x50)) = 0;
				if (E00007FF67FF668F16088(_t68, _t87 + 0x28, __rdx, __rdi, __rsi) == 0) goto 0x68f16a25;
				if ( *((char*)(_t87 + 0x50)) == 0) goto 0x68f169b6;
				E00007FF67FF668F284E8(_t87 + 0x60,  *((intOrPtr*)(_t87 + 0x38)));
				goto 0x68f169b6;
				_t80 =  *((intOrPtr*)(_t87 + 0x38));
				_t36 =  *_t80;
				if (_t36 == 0x5c) goto 0x68f16a35;
				if (_t36 != 0x2f) goto 0x68f16a3e;
				if (_t36 !=  *((intOrPtr*)(_t80 + 1))) goto 0x68f16a3e;
				goto 0x68f16a76;
				_t37 = E00007FF67FF668F10B58(_t36,  *((intOrPtr*)(_t87 + 0x38)));
				 *((char*)(_t87 + 0x20)) = 0x3d;
				 *((char*)(_t87 + 0x21)) = _t37;
				 *((short*)(_t87 + 0x22)) = 0x3a;
				if (E00007FF67FF668F31C28(_t36, _t36 -  *((intOrPtr*)(_t80 + 1)), _t68, _t87 + 0x20, _t80, _t80, __rsi, _t89, _t90) != 0) goto 0x68f16a3a;
				E00007FF67FF668F189C0(GetLastError(), _t87 + 0x60, _t68);
				if ( *((char*)(_t87 + 0x50)) == 0) goto 0x68f16a85;
				E00007FF67FF668F284E8(_t87 + 0x60, _t80);
				return E00007FF67FF668E9D970(0xffffffff, _t39,  *(_t86 - 0x80 + 0x70) ^ _t87);
			}

















                                                0x7ff668f16974
                                                0x7ff668f16974
                                                0x7ff668f16974
                                                0x7ff668f16979
                                                0x7ff668f16984
                                                0x7ff668f1698b
                                                0x7ff668f16992
                                                0x7ff668f16995
                                                0x7ff668f1699c
                                                0x7ff668f1699e
                                                0x7ff668f169a3
                                                0x7ff668f169a6
                                                0x7ff668f169ab
                                                0x7ff668f169b1
                                                0x7ff668f169b9
                                                0x7ff668f169be
                                                0x7ff668f169c5
                                                0x7ff668f169cf
                                                0x7ff668f169d4
                                                0x7ff668f169d6
                                                0x7ff668f169e6
                                                0x7ff668f169f0
                                                0x7ff668f169f5
                                                0x7ff668f169ff
                                                0x7ff668f16a04
                                                0x7ff668f16a10
                                                0x7ff668f16a17
                                                0x7ff668f16a1e
                                                0x7ff668f16a23
                                                0x7ff668f16a25
                                                0x7ff668f16a2a
                                                0x7ff668f16a2f
                                                0x7ff668f16a33
                                                0x7ff668f16a38
                                                0x7ff668f16a3c
                                                0x7ff668f16a40
                                                0x7ff668f16a48
                                                0x7ff668f16a52
                                                0x7ff668f16a56
                                                0x7ff668f16a64
                                                0x7ff668f16a6e
                                                0x7ff668f16a7b
                                                0x7ff668f16a80
                                                0x7ff668f16aa7

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast
                                                • String ID: :$=
                                                • API String ID: 1452528299-2134709475
                                                • Opcode ID: ff113cdd309eb0795d19d25a24ddee70d95714f9ee1ada8787e197426c7592aa
                                                • Instruction ID: 15f853229c846d574aa23193ae926fac1f55b76bf56622241b2d869d24014640
                                                • Opcode Fuzzy Hash: ff113cdd309eb0795d19d25a24ddee70d95714f9ee1ada8787e197426c7592aa
                                                • Instruction Fuzzy Hash: A7316B72A0C681C6EB609B70A5403BA77B4AF893D4F400135FBCD8B69ADF7CE4448719
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE6950 Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00007FF67FF668DE6950(void* __ecx, intOrPtr __edx, long long __rax, long long __rcx, void* __r8, long long _a8, intOrPtr _a16, intOrPtr _a24, intOrPtr _a32) {
				long long _v16;
				long long _v24;
				char _v64;
				char _v72;
				char _v112;
				long long _v120;
				long long _v128;
				intOrPtr _v136;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t47;
				void* _t48;
				void* _t49;
				long long _t62;

				_t81 = __r8;
				_t62 = __rax;
				_t55 = __edx;
				_a32 = r9d;
				_a24 = r8d;
				_a16 = __edx;
				_a8 = __rcx;
				_v120 = 0;
				if (_a24 == 0) goto 0x68de6a29;
				r8d = 8;
				E00007FF67FF668DDD8D0(0x68f5e250,  &_v72);
				r8d = 0;
				E00007FF67FF668DDE210(__ecx, __edx,  &_v112,  &_v72, __r8);
				_t39 = E00007FF67FF668DDF130(__ecx, _t55,  &_v112, _a8, _t81);
				if (_a32 == 0) goto 0x68de69d5;
				_t40 = E00007FF67FF668DE7BB0(_t39);
				_v24 = _t62;
				goto 0x68de69e2;
				_t41 = E00007FF67FF668DE7BC0(_t40);
				_v24 = _t62;
				E00007FF67FF668DDF640(_t41,  &_v112);
				_v128 = _t62;
				_v136 = _a16;
				r9d = 0;
				r8d = 4;
				CreateFileMappingW(??, ??, ??, ??, ??, ??); // executed
				_v120 = _t62;
				E00007FF67FF668DDE460( &_v112);
				if (_v120 != 0) goto 0x68de6ac7;
				if (_a24 == 0) goto 0x68de6a45;
				GetLastError();
				r8d = 0;
				_t47 = E00007FF67FF668DDE210(__ecx, _t55,  &_v64, _a8, _t81);
				if (_a32 == 0) goto 0x68de6a73;
				_t48 = E00007FF67FF668DE7BB0(_t47);
				_v16 = _t62;
				goto 0x68de6a80;
				_t49 = E00007FF67FF668DE7BC0(_t48);
				_v16 = _t62;
				E00007FF67FF668DDF640(_t49,  &_v64);
				_v128 = _t62;
				_v136 = _a16;
				r9d = 0;
				r8d = 4;
				CreateFileMappingW(??, ??, ??, ??, ??, ??);
				_v120 = _t62;
				return E00007FF67FF668DDE460( &_v64);
			}


















                                                0x7ff668de6950
                                                0x7ff668de6950
                                                0x7ff668de6950
                                                0x7ff668de6950
                                                0x7ff668de6955
                                                0x7ff668de695a
                                                0x7ff668de695e
                                                0x7ff668de696a
                                                0x7ff668de697b
                                                0x7ff668de6981
                                                0x7ff668de6993
                                                0x7ff668de6998
                                                0x7ff668de69a5
                                                0x7ff668de69b7
                                                0x7ff668de69c4
                                                0x7ff668de69c6
                                                0x7ff668de69cb
                                                0x7ff668de69d3
                                                0x7ff668de69d5
                                                0x7ff668de69da
                                                0x7ff668de69e7
                                                0x7ff668de69ec
                                                0x7ff668de69f8
                                                0x7ff668de69fc
                                                0x7ff668de69ff
                                                0x7ff668de6a14
                                                0x7ff668de6a1a
                                                0x7ff668de6a24
                                                0x7ff668de6a2f
                                                0x7ff668de6a3d
                                                0x7ff668de6a3f
                                                0x7ff668de6a45
                                                0x7ff668de6a55
                                                0x7ff668de6a62
                                                0x7ff668de6a64
                                                0x7ff668de6a69
                                                0x7ff668de6a71
                                                0x7ff668de6a73
                                                0x7ff668de6a78
                                                0x7ff668de6a85
                                                0x7ff668de6a8a
                                                0x7ff668de6a96
                                                0x7ff668de6a9a
                                                0x7ff668de6a9d
                                                0x7ff668de6ab2
                                                0x7ff668de6ab8
                                                0x7ff668de6ad3

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CreateFileMapping$ErrorLast
                                                • String ID:
                                                • API String ID: 1378698740-0
                                                • Opcode ID: 9476e01bfae08999b82c8ef80a756813171e8d8f392f5faf4b9c3279863c1886
                                                • Instruction ID: bcc56db8bc2047f16c3863bc66c3d333e25bce4b0ed6cea9317f717083f426d1
                                                • Opcode Fuzzy Hash: 9476e01bfae08999b82c8ef80a756813171e8d8f392f5faf4b9c3279863c1886
                                                • Instruction Fuzzy Hash: 1941B732918AC1C1E7A09B35F4457AAB6A0EF80394F005735E69D8AADADF3CD148CB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F12238 Relevance: 3.1, APIs: 2, Instructions: 92fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ChangeCloseCreateDriveFileFindNotificationType
                                                • String ID:
                                                • API String ID: 1747263055-0
                                                • Opcode ID: 6057a801db53b5d69720128c73fe9a96e0817f79aa81f15d649e70f5087ec258
                                                • Instruction ID: f9a7b7af94eeebb4bc13f82440d762e31b55d8910d6567589891307a2f9a69a5
                                                • Opcode Fuzzy Hash: 6057a801db53b5d69720128c73fe9a96e0817f79aa81f15d649e70f5087ec258
                                                • Instruction Fuzzy Hash: 9931B0B2A0878186E6509F7595002A97760BF997E4F044335EAB88BAD2DF3CA1A18758
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F12D4C Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF668F12BC9), ref: 00007FF668F12D80
                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF668F12BC9), ref: 00007FF668F12D94
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Time$System$FileLocalSpecific
                                                • String ID:
                                                • API String ID: 1707611234-0
                                                • Opcode ID: 68ba15054977bdbfc719e045e91726441d4ad1c71c7472378e805576693c77ba
                                                • Instruction ID: c3a154503882f167bb02ddc44f6014ceb606e99a60f4cddc50a8aa694422f098
                                                • Opcode Fuzzy Hash: 68ba15054977bdbfc719e045e91726441d4ad1c71c7472378e805576693c77ba
                                                • Instruction Fuzzy Hash: 5A1182B1B14612C9FB509BB0D4411BD37B0AF09BA9B400239EE6EDA9D9EF3C9191C714
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F32034 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00007FF67FF668F32034() {
				int _t1;
				void* _t10;
				void* _t11;

				_t1 = CreateDirectoryW(); // executed
				if (_t1 != 0) goto 0x68f32056;
				E00007FF67FF668F189C0(GetLastError(), _t10, _t11);
				goto 0x68f32058;
				return 0;
			}






                                                0x7ff668f3203a
                                                0x7ff668f32042
                                                0x7ff668f3204c
                                                0x7ff668f32054
                                                0x7ff668f3205c

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CreateDirectoryErrorLast
                                                • String ID:
                                                • API String ID: 1375471231-0
                                                • Opcode ID: 5297ff365fd67a536d49a09903df50d5827e53541372801d636c07543c258a02
                                                • Instruction ID: 8e807d1cbadaa18e6c994ae6ea29a790f3c31339bda21001ebb0b273c70b8acf
                                                • Opcode Fuzzy Hash: 5297ff365fd67a536d49a09903df50d5827e53541372801d636c07543c258a02
                                                • Instruction Fuzzy Hash: 2AD0C974F1C54AC2EA5427B15D8503D22B16F987B1FB04A31C919CB2D2DF3DA98A914A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F31F64 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 60%
                                                			E00007FF67FF668F31F64(void* __ecx, void* __eflags, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __rdi, void* __rsi, void* __r8, void* __r9, long long _a8) {
				char _v16;
				signed long long _v24;
				signed long long _v32;
				signed int _v40;
				signed long long _v48;
				signed long long _v56;
				char _v64;
				intOrPtr _v80;
				void* _v88;
				void* __rbp;
				void* _t33;
				int _t35;
				void* _t68;

				_t66 = __rsi;
				_a8 = __rbx;
				_v56 = _v56 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v40 = _v40 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v16 = 0;
				_t33 = E00007FF67FF668EE6C10(__rax, __rcx,  &_v88, __rdx, __rsi);
				r8d = 0xfde9;
				if ( *((intOrPtr*)(_v80 + 0xc)) != r8d) goto 0x68f31fbf;
				if (_v64 == 0) goto 0x68f31ff4;
				 *(_v88 + 0x3a8) =  *(_v88 + 0x3a8) & 0xfffffffd;
				goto 0x68f31ff4;
				E00007FF67FF668F2C3E4();
				if (_t33 != 0) goto 0x68f31fe0;
				if (_v64 == _t33) goto 0x68f31fd8;
				 *(_v88 + 0x3a8) =  *(_v88 + 0x3a8) & 0xfffffffd;
				r8d = 1;
				goto 0x68f31ff4;
				if (_v64 == 0) goto 0x68f31ff1;
				 *(_v88 + 0x3a8) =  *(_v88 + 0x3a8) & 0xfffffffd;
				r8d = 0;
				if (E00007FF67FF668F10E4C(0, __rcx, __rcx,  &_v56, __rdi, _t66, _t68, __r9) == 0) goto 0x68f32008;
				goto 0x68f32014;
				_t35 = SetCurrentDirectoryW(??); // executed
				if (_v16 == 0) goto 0x68f32023;
				E00007FF67FF668F284E8(_v88, _v40);
				return _t35;
			}
















                                                0x7ff668f31f64
                                                0x7ff668f31f64
                                                0x7ff668f31f71
                                                0x7ff668f31f79
                                                0x7ff668f31f82
                                                0x7ff668f31f89
                                                0x7ff668f31f8e
                                                0x7ff668f31f93
                                                0x7ff668f31f97
                                                0x7ff668f31fa0
                                                0x7ff668f31faa
                                                0x7ff668f31fb0
                                                0x7ff668f31fb6
                                                0x7ff668f31fbd
                                                0x7ff668f31fbf
                                                0x7ff668f31fc6
                                                0x7ff668f31fcb
                                                0x7ff668f31fd1
                                                0x7ff668f31fd8
                                                0x7ff668f31fde
                                                0x7ff668f31fe4
                                                0x7ff668f31fea
                                                0x7ff668f31ff1
                                                0x7ff668f32002
                                                0x7ff668f32006
                                                0x7ff668f3200c
                                                0x7ff668f32018
                                                0x7ff668f3201e
                                                0x7ff668f32032

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentDirectory
                                                • String ID:
                                                • API String ID: 1611563598-0
                                                • Opcode ID: 9ebdab02b3df277a91b0a78b8b846853c912d81b2bdc45851fe93d8dc7bc07a4
                                                • Instruction ID: 029e64430af0b7c07dabbb9a8a5e787926ace08dff7816f9419bba49d7e0a85b
                                                • Opcode Fuzzy Hash: 9ebdab02b3df277a91b0a78b8b846853c912d81b2bdc45851fe93d8dc7bc07a4
                                                • Instruction Fuzzy Hash: 1E216032F28691CEF76187B5C4843BC2BB0AB457A8F144135DE589F6D9CF789884C745
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F2D270 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF668F29B8D,?,?,?,00007FF668F18A39,?,?,?,?,00007FF668F1A32A), ref: 00007FF668F2D2C5
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 9a51033d4b8575e5b09a2469873d428cf02065427df863ea8d685ea6dc0e59bc
                                                • Instruction ID: cedc338f9332a1c4da9bc84ab9ce7b03e8a35b7106424e3d9ecf120a9b8d2bfa
                                                • Opcode Fuzzy Hash: 9a51033d4b8575e5b09a2469873d428cf02065427df863ea8d685ea6dc0e59bc
                                                • Instruction Fuzzy Hash: E8F0F974B0968AC1FE59A6F659613B513A45F95BD0F588430CD4ECF2C2DE3CE5908338
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD6DE0 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 51%
                                                			E00007FF67FF668DD6DE0(long long __rax, long long __rcx, long long _a8) {
				char _v24;
				void* _t10;

				_a8 = __rcx;
				r9d = 8;
				if (E00007FF67FF668DDD050(__rax, 0x7ff668dd6de0, 0x68fc54a0,  &_v24) != 0) goto 0x68dd6e1a;
				GetModuleHandleW(??);
				 *0x68fc54a0 = __rax;
				if (E00007FF67FF668DD6F50() == 0) goto 0x68dd6e3e;
				 *0x68fc54a8 = 0;
				E00007FF67FF668DE8B60(_t6);
				E00007FF67FF668DE7C70(__rax);
				E00007FF67FF668DE34B0(__rax); // executed
				_t10 = E00007FF67FF668DE7B30(E00007FF67FF668DD6F50()); // executed
				return _t10;
			}





                                                0x7ff668dd6de0
                                                0x7ff668dd6de9
                                                0x7ff668dd6e09
                                                0x7ff668dd6e0d
                                                0x7ff668dd6e13
                                                0x7ff668dd6e21
                                                0x7ff668dd6e23
                                                0x7ff668dd6e2a
                                                0x7ff668dd6e2f
                                                0x7ff668dd6e34
                                                0x7ff668dd6e39
                                                0x7ff668dd6e42

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Module$FileHandleNameQueryVirtual
                                                • String ID:
                                                • API String ID: 2639326306-0
                                                • Opcode ID: 0a2e3deb7a5c7b755e63f09eccbffa371e8b29262d1ad039619a62faafec7a4b
                                                • Instruction ID: 3ead4a74c2ad3c4a8178adf4be6bd23286bf2f98089814dcbc5b2deec84ce806
                                                • Opcode Fuzzy Hash: 0a2e3deb7a5c7b755e63f09eccbffa371e8b29262d1ad039619a62faafec7a4b
                                                • Instruction Fuzzy Hash: C8F0DA20D0C687D4FA516BB1B8152BA6370BF50349F904231D54CCB1A7EE2CE12ECBA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E091D0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF668E001AD), ref: 00007FF668E091D9
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: InfoSystem
                                                • String ID:
                                                • API String ID: 31276548-0
                                                • Opcode ID: ed95ad0d7dc81019959744eac0ab360bf71fbefd27494d740be90e47c3eac36d
                                                • Instruction ID: 9c23495caec0ec971b403ce8bda2f969c6940d8f337ce52c6cd59d13894dce91
                                                • Opcode Fuzzy Hash: ed95ad0d7dc81019959744eac0ab360bf71fbefd27494d740be90e47c3eac36d
                                                • Instruction Fuzzy Hash: 68B09B17D189C0C2CB21BB30D90501D7331F7D4744FC00511D18E425A55F7CC759CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 00007FF668DEDB30 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 234registryserviceCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 22%
                                                			E00007FF67FF668DEDB30(void* __ecx, void* __eflags, long long __rax, long long __rcx, void* __r8, void* __r9, long long _a8) {
				signed char _v16;
				signed char _v20;
				signed char _v24;
				long _v28;
				intOrPtr _v32;
				long long _v40;
				short _v46;
				signed short _v48;
				long long _v56;
				signed char _v60;
				long _v64;
				char _v72;
				char _v200;
				short _v726;
				char _v728;
				char _v792;
				char _v808;
				intOrPtr _v836;
				void* _v840;
				long long _v848;
				signed int _v856;
				long long _v864;
				signed char _v872;
				char _v880;
				char _v904;
				long long _v920;
				long long _v928;
				long long _v936;
				intOrPtr _v944;
				signed char _v952;
				long long _t199;
				long long _t204;

				_t261 = __r9;
				_t199 = __rax;
				_a8 = __rcx;
				_v856 = 0;
				_v872 = 0;
				E00007FF67FF668DD6F80(__rax);
				_v904 = 0x19;
				_v880 = 1;
				_v952 = 0;
				r9d = 0;
				if (E00007FF67FF668DED7D0(0x22e008, __rax, _a8,  &_v904, __r9) == 0) goto 0x68dedb8e;
				_v24 = 1;
				goto 0x68dedb99;
				_v24 = 0;
				_v872 = _v24 & 0x000000ff;
				r8d = 0xf003f;
				OpenSCManagerW(??, ??, ??);
				_v864 = __rax;
				if (_v864 != 0) goto 0x68dedbd4;
				r8d = 0;
				OpenSCManagerW(??, ??, ??);
				_v864 = __rax;
				if (_v864 == 0) goto 0x68dee035;
				r8d = 0xf01ff;
				OpenServiceW(??, ??, ??);
				_v848 = __rax;
				if (_v848 == 0) goto 0x68dedc80;
				ControlService(??, ??, ??);
				if (QueryServiceStatus(??, ??) == 0) goto 0x68dedc58;
				if (_v836 != 1) goto 0x68dedc58;
				_v20 = 1;
				goto 0x68dedc63;
				_v20 = 0;
				_v856 = _v20 & 0x000000ff;
				CloseServiceHandle(??);
				CloseServiceHandle(??);
				if ((_v856 & 0x000000ff) != 0) goto 0x68dee035;
				r8d = 0x40;
				E00007FF67FF668DDD8D0(0x68f5e350,  &_v792);
				E00007FF67FF668DD5930(_t199,  &_v728);
				_v952 =  &_v72;
				r9d = 0xf003f;
				r8d = 0;
				if (RegOpenKeyExW(??, ??, ??, ??, ??) != 0) goto 0x68dee035;
				_v952 =  &_v808;
				r9d = 0x20019;
				r8d = 0;
				if (RegOpenKeyExW(??, ??, ??, ??, ??) == 0) goto 0x68dedfe5;
				_v920 = 0;
				_v928 =  &_v808;
				_v936 = 0;
				_v944 = 0xf003f;
				_v952 = 0;
				r9d = 0;
				r8d = 0;
				if (RegCreateKeyExW(??, ??, ??, ??, ??, ??, ??, ??, ??) != 0) goto 0x68dedfe3;
				_v60 = 1;
				r8d = 0x40;
				E00007FF67FF668DDD8D0(0x68f5e320,  &_v792);
				E00007FF67FF668DD5930( &_v808,  &_v200);
				_v944 = 4;
				_t203 =  &_v60;
				_v952 =  &_v60;
				r9d = 4;
				r8d = 0;
				if (RegSetValueExW(??, ??, ??, ??, ??, ??) != 0) goto 0x68dedfa6;
				_v728 = 0x5c;
				_v726 = 0;
				r8d = 0x40;
				E00007FF67FF668DDD8D0("\'02<&!\',\t846=<;0U",  &_v792);
				E00007FF67FF668DD5930( &_v60,  &_v200);
				E00007FF67FF668F19FC4(_t203,  &_v728,  &_v200,  &_v200);
				E00007FF67FF668F19FC4(_t203,  &_v728,  &_v200, "\\");
				r8d = 0x40;
				E00007FF67FF668DDD8D0(0x68f5e350,  &_v792);
				_t250 =  &_v200;
				E00007FF67FF668DD5930(_t203,  &_v200);
				E00007FF67FF668F19FC4(_t203,  &_v728,  &_v200,  &_v200);
				E00007FF67FF668F19FC4(_t203,  &_v728,  &_v200, "\\");
				E00007FF67FF668F19FC4(_t203,  &_v728, _t250, _a8);
				_t204 =  &_v728;
				_v40 = _t204;
				_v48 = (E00007FF67FF668F19C38(_t204,  &_v728, _t261) & 0x0000ffff) << 1;
				_v46 = (_v48 & 0x0000ffff) + 2;
				E00007FF67FF668DDDB30(0, _t204, 0x68f5e2f8);
				_v56 = _t204;
				if (_v56 == 0) goto 0x68dedfa6;
				_v32 = _v56();
				if (_v32 < 0) goto 0x68dedf62;
				_v16 = 1;
				goto 0x68dedf6d;
				_v16 = 0;
				_v856 = _v16 & 0x000000ff;
				if ((_v856 & 0x000000ff) == 0) goto 0x68dedf92;
				SetLastError(??);
				goto 0x68dedfa6;
				E00007FF67FF668DE9740(_v32, _t204);
				SetLastError(??);
				_v64 = GetLastError();
				RegCloseKey(??);
				E00007FF67FF668DE9680(_v72, _a8);
				SetLastError(??);
				goto 0x68dee00d;
				_v64 = GetLastError();
				RegCloseKey(??);
				SetLastError(??);
				_v64 = GetLastError();
				RegCloseKey(??);
				SetLastError(??);
				if ((_v856 & 0x000000ff) != 0) goto 0x68dee08b;
				if ((_v872 & 0x000000ff) == 0) goto 0x68dee08b;
				_v28 = GetLastError();
				_v880 = 0;
				_v952 = 0;
				r9d = 0;
				E00007FF67FF668DED7D0(0x22e008, _t204, _a8,  &_v904, _t261);
				SetLastError(??);
				return _v856 & 0x000000ff;
			}



































                                                0x7ff668dedb30
                                                0x7ff668dedb30
                                                0x7ff668dedb30
                                                0x7ff668dedb3c
                                                0x7ff668dedb44
                                                0x7ff668dedb49
                                                0x7ff668dedb4e
                                                0x7ff668dedb56
                                                0x7ff668dedb5b
                                                0x7ff668dedb63
                                                0x7ff668dedb7f
                                                0x7ff668dedb81
                                                0x7ff668dedb8c
                                                0x7ff668dedb8e
                                                0x7ff668dedba1
                                                0x7ff668dedba5
                                                0x7ff668dedbaf
                                                0x7ff668dedbb5
                                                0x7ff668dedbc0
                                                0x7ff668dedbc2
                                                0x7ff668dedbc9
                                                0x7ff668dedbcf
                                                0x7ff668dedbda
                                                0x7ff668dedbe0
                                                0x7ff668dedbf3
                                                0x7ff668dedbf9
                                                0x7ff668dedc0a
                                                0x7ff668dedc21
                                                0x7ff668dedc3f
                                                0x7ff668dedc49
                                                0x7ff668dedc4b
                                                0x7ff668dedc56
                                                0x7ff668dedc58
                                                0x7ff668dedc6b
                                                0x7ff668dedc7a
                                                0x7ff668dedc85
                                                0x7ff668dedc95
                                                0x7ff668dedc9b
                                                0x7ff668dedcb0
                                                0x7ff668dedcc0
                                                0x7ff668dedccd
                                                0x7ff668dedcd2
                                                0x7ff668dedcd8
                                                0x7ff668dedcf2
                                                0x7ff668dedd00
                                                0x7ff668dedd05
                                                0x7ff668dedd0b
                                                0x7ff668dedd25
                                                0x7ff668dedd2b
                                                0x7ff668dedd3c
                                                0x7ff668dedd41
                                                0x7ff668dedd4a
                                                0x7ff668dedd52
                                                0x7ff668dedd5a
                                                0x7ff668dedd5d
                                                0x7ff668dedd78
                                                0x7ff668dedd7e
                                                0x7ff668dedd89
                                                0x7ff668dedd9e
                                                0x7ff668deddae
                                                0x7ff668deddb3
                                                0x7ff668deddbb
                                                0x7ff668deddc3
                                                0x7ff668deddc8
                                                0x7ff668deddce
                                                0x7ff668dedde9
                                                0x7ff668deddef
                                                0x7ff668deddf9
                                                0x7ff668dede03
                                                0x7ff668dede18
                                                0x7ff668dede28
                                                0x7ff668dede42
                                                0x7ff668dede5b
                                                0x7ff668dede60
                                                0x7ff668dede75
                                                0x7ff668dede7a
                                                0x7ff668dede85
                                                0x7ff668dede9f
                                                0x7ff668dedeb8
                                                0x7ff668deded2
                                                0x7ff668deded7
                                                0x7ff668dededf
                                                0x7ff668dedef9
                                                0x7ff668dedf0c
                                                0x7ff668dedf1d
                                                0x7ff668dedf22
                                                0x7ff668dedf33
                                                0x7ff668dedf44
                                                0x7ff668dedf53
                                                0x7ff668dedf55
                                                0x7ff668dedf60
                                                0x7ff668dedf62
                                                0x7ff668dedf75
                                                0x7ff668dedf86
                                                0x7ff668dedf8a
                                                0x7ff668dedf90
                                                0x7ff668dedf99
                                                0x7ff668dedfa0
                                                0x7ff668dedfac
                                                0x7ff668dedfbb
                                                0x7ff668dedfd1
                                                0x7ff668dedfdd
                                                0x7ff668dedfe3
                                                0x7ff668dedfeb
                                                0x7ff668dedffa
                                                0x7ff668dee007
                                                0x7ff668dee013
                                                0x7ff668dee022
                                                0x7ff668dee02f
                                                0x7ff668dee03f
                                                0x7ff668dee048
                                                0x7ff668dee050
                                                0x7ff668dee057
                                                0x7ff668dee05c
                                                0x7ff668dee064
                                                0x7ff668dee079
                                                0x7ff668dee085
                                                0x7ff668dee09a

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CloseOpenService$CreateHandleManager$AllocControlCurrentFileLocalQueryStatusThreadValue
                                                • String ID: '02<&!',846=<;0U$?$\
                                                • API String ID: 1558769067-128437696
                                                • Opcode ID: aecd097f783e06d1705a0ead709c2f517c0ee0690500060ad3e5397892a96660
                                                • Instruction ID: 10a76b40a58c5d25f790292b75319a174868f7015354def322bc631227e56f36
                                                • Opcode Fuzzy Hash: aecd097f783e06d1705a0ead709c2f517c0ee0690500060ad3e5397892a96660
                                                • Instruction Fuzzy Hash: 4FD11432618AC1C6E7719B34E4547AAA7B4FFC4780F404136D68D8BA9ADF7CD248CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD5A10 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 351memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Process$LocalMemoryRead$Open$AllocCloseErrorFreeHandleLast$DirectoryWindows
                                                • String ID: [System Process]$\??\$\SystemRoot\
                                                • API String ID: 535225777-911814108
                                                • Opcode ID: 6e40ea72f06507d7c15f64492d8e9ec21d21d0038388a27dd36eac3dd88269d0
                                                • Instruction ID: 5ad16213653311753c5cdcc783a5edaf6c814645a05d8baa69561afc9d2f1edc
                                                • Opcode Fuzzy Hash: 6e40ea72f06507d7c15f64492d8e9ec21d21d0038388a27dd36eac3dd88269d0
                                                • Instruction Fuzzy Hash: 4612E732608AC1C6E7608B75E4547AEB7B4FBC4B84F004126EAC987AA9DF7CD584CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E11A20 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 129networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Internet$Open$CloseErrorHandleLast
                                                • String ID: FileOpen Tollkit Update
                                                • API String ID: 2418903746-2275244106
                                                • Opcode ID: 896ec40bc74bd20297aaceb99ad41f08a58ed0e51c0a3b7589c91a59d7a24ee5
                                                • Instruction ID: dc71eaee4ac540b89dd643b6267ae86e54c349f94373f9cc4752486d3ab91aae
                                                • Opcode Fuzzy Hash: 896ec40bc74bd20297aaceb99ad41f08a58ed0e51c0a3b7589c91a59d7a24ee5
                                                • Instruction Fuzzy Hash: BB515B72A09642C6EB64DF35A850A7D63B4FF99B80F445435EE8E8B745EE3CE504CB08
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F299B4 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 159COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 54%
                                                			E00007FF67FF668F299B4(signed long long __rax, long long __rbx, void* __rcx, signed int __rdx, long long __rsi, void* __r9, long long _a8, long long _a16) {
				void* _t13;
				intOrPtr _t15;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t20;
				signed long long _t35;
				signed long long _t46;

				_t39 = __rcx;
				_t37 = __rbx;
				_t35 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				GetLastError();
				_t15 =  *0x68faa924; // 0x6
				if (_t15 == 0xffffffff) goto 0x68f299f5;
				0x68f2c624();
				if (__rax == 0) goto 0x68f299ef;
				if (__rax != 0xffffffff) goto 0x68f29a5c;
				goto 0x68f29a5f;
				_t16 =  *0x68faa924; // 0x6
				_t43 = __rdx | 0xffffffff;
				if (E00007FF67FF668F2C66C(_t16, __rax, __rbx, __rdx | 0xffffffff) == 0) goto 0x68f299e9;
				E00007FF67FF668F2D270(_t6, __rcx, _t43);
				_t18 =  *0x68faa924; // 0x6
				_t46 = _t35;
				if (_t35 != 0) goto 0x68f29a2f;
				E00007FF67FF668F2C66C(_t18, _t35, _t37, _t43);
				E00007FF67FF668F284E8(_t35, _t39);
				goto 0x68f299e9;
				if (E00007FF67FF668F2C66C(0, _t35, _t37, _t46) != 0) goto 0x68f29a4d;
				_t20 =  *0x68faa924; // 0x6
				E00007FF67FF668F2C66C(_t20, _t35, _t37, _t46);
				goto 0x68f29a28;
				E00007FF67FF668F29468(_t46, _t46);
				_t13 = E00007FF67FF668F284E8(_t35, _t46);
				SetLastError(??);
				asm("dec eax");
				if ((_t35 & _t46) == 0) goto 0x68f29a82;
				return _t13;
			}










                                                0x7ff668f299b4
                                                0x7ff668f299b4
                                                0x7ff668f299b4
                                                0x7ff668f299b4
                                                0x7ff668f299b9
                                                0x7ff668f299c3
                                                0x7ff668f299c9
                                                0x7ff668f299d4
                                                0x7ff668f299d6
                                                0x7ff668f299e1
                                                0x7ff668f299e7
                                                0x7ff668f299ed
                                                0x7ff668f299ef
                                                0x7ff668f299f5
                                                0x7ff668f29a00
                                                0x7ff668f29a0c
                                                0x7ff668f29a11
                                                0x7ff668f29a17
                                                0x7ff668f29a1d
                                                0x7ff668f29a21
                                                0x7ff668f29a28
                                                0x7ff668f29a2d
                                                0x7ff668f29a39
                                                0x7ff668f29a3b
                                                0x7ff668f29a43
                                                0x7ff668f29a4b
                                                0x7ff668f29a50
                                                0x7ff668f29a57
                                                0x7ff668f29a61
                                                0x7ff668f29a6a
                                                0x7ff668f29a70
                                                0x7ff668f29a81

                                                APIs
                                                • GetLastError.KERNEL32(?,?,?,00007FF668EE6C4F,?,?,?,00007FF668F190FF), ref: 00007FF668F299C3
                                                • SetLastError.KERNEL32(?,?,?,00007FF668EE6C4F,?,?,?,00007FF668F190FF), ref: 00007FF668F29A61
                                                • GetLastError.KERNEL32(?,?,?,00007FF668F18A39,?,?,?,?,00007FF668F1A32A), ref: 00007FF668F29B3F
                                                • SetLastError.KERNEL32(?,?,?,00007FF668F18A39,?,?,?,?,00007FF668F1A32A), ref: 00007FF668F29BDD
                                                  • Part of subcall function 00007FF668F2C66C: TlsSetValue.KERNEL32(?,?,?,00007FF668F29B7A,?,?,?,00007FF668F18A39,?,?,?,?,00007FF668F1A32A), ref: 00007FF668F2C6AC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Value
                                                • String ID: 6
                                                • API String ID: 1883355122-3045116330
                                                • Opcode ID: 29d19bc96f056d62af6ed531f6719d9bb21994d5f190b761e11ad5dc5fbaf2b7
                                                • Instruction ID: 5013119dd0e6188d839e1d9eb039fd299bf75d71356a5c6a186e4efbc4e9f589
                                                • Opcode Fuzzy Hash: 29d19bc96f056d62af6ed531f6719d9bb21994d5f190b761e11ad5dc5fbaf2b7
                                                • Instruction Fuzzy Hash: 3F516B30F09682C2FA6867B1A96197923B25F887F0F141735D97E8F7D6DE3CB8458608
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E03E90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204fileCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 43%
                                                			E00007FF67FF668E03E90(void* __rcx, signed char* __rdx, long long __rdi, void* __r8, void* __r9) {
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t96;
				signed short _t99;
				signed int _t108;
				signed int _t112;
				signed int _t114;
				signed long long _t150;
				signed long long _t157;
				void* _t159;
				void* _t165;
				short* _t166;
				void* _t169;
				signed char* _t172;
				signed char* _t173;
				void* _t176;
				signed char* _t179;
				void* _t183;
				void* _t185;
				signed char* _t193;
				signed int* _t196;
				signed int* _t197;
				void* _t202;
				void* _t210;
				void* _t211;
				signed long long _t212;

				_t210 = _t211 - 0x878;
				_t212 = _t211 - 0x978;
				_t150 =  *0x68faa518; // 0x6f377a770bdc
				 *(_t210 + 0x860) = _t150 ^ _t212;
				_t87 =  *__rdx & 0x000000ff;
				 *(_t210 + 0x460 - __rdx + __rdx) = _t87;
				_t193 =  &(__rdx[1]);
				if (_t87 != 0) goto 0x68e03ed0;
				if ( *((char*)(_t210 + 0x460)) != 0) goto 0x68e03ef0;
				_t108 =  *(_t210 + 0x45f) & 0x000000ff;
				if (_t108 == 0x5c) goto 0x68e03f34;
				if (_t108 == 0x2f) goto 0x68e03f34;
				_t165 = _t210 + 0x460 - 1;
				asm("o16 nop [eax+eax]");
				_t166 = _t165 + 1;
				if ( *((char*)(_t165 + 1)) != 0) goto 0x68e03f20;
				 *_t166 = "\\" & 0x0000ffff;
				if ( *(__rcx + 4) == 5) goto 0x68e04054;
				_t89 =  *(_t210 + _t166 + 0x460) & 0x000000ff;
				 *(_t210 + _t166 + 0x60) = _t89;
				if (_t89 != 0) goto 0x68e03f40;
				_t169 = _t210 + 0x60 - 1;
				if ( *((char*)(_t169 + 1)) != 0) goto 0x68e03f60;
				_t90 =  *(__r8 + _t193) & 0x000000ff;
				 *(_t169 + 1 + _t193) = _t90;
				if (_t90 != 0) goto 0x68e03f70;
				if (E00007FF67FF668F11128() != 0) goto 0x68e03fc4;
				_t172 = _t210 + 0x60;
				_t196 = __rcx + 8 + ( *(__rcx + 4) << 0xa);
				asm("o16 nop [eax+eax]");
				_t92 =  *_t172 & 0x000000ff;
				_t173 =  &(_t172[1]);
				 *_t196 = _t92;
				_t197 =  &(_t196[0]);
				if (_t92 != 0) goto 0x68e03fb0;
				 *(__rcx + 4) =  *(__rcx + 4) + 1;
				asm("o16 nop [eax+eax]");
				_t93 =  *(_t210 +  &(_t173[0x460])) & 0x000000ff;
				 *(_t210 +  &(_t173[0x60])) = _t93;
				if (_t93 != 0) goto 0x68e03fd0;
				_t176 = _t210 + 0x60 - 1;
				if ( *((char*)(_t176 + 1)) != 0) goto 0x68e03ff0;
				_t94 =  *(__r9 + _t197) & 0x000000ff;
				 *(_t176 + 1 + _t197) = _t94;
				if (_t94 != 0) goto 0x68e04000;
				if (E00007FF67FF668F11128() != 0) goto 0x68e0405b;
				_t157 =  *(__rcx + 4) << 0xa;
				_t179 = _t210 + 0x60;
				asm("o16 nop [eax+eax]");
				_t96 =  *_t179 & 0x000000ff;
				 *(__rcx + 8 + _t157) = _t96;
				if (_t96 != 0) goto 0x68e04040;
				 *(__rcx + 4) =  *(__rcx + 4) + 1;
				goto 0x68e0417b;
				 *((long long*)(_t212 + 0x970)) = __rdi;
				asm("o16 nop [eax+eax]");
				 *((char*)(_t210 +  &(_t179[0x61]))) = 1;
				if (1 != 0) goto 0x68e04070;
				_t183 = _t210 + 0x60 - 1;
				if ( *(_t183 + 1) != 0) goto 0x68e04090;
				_t99 = "*.*"; // 0x2a2e2a
				_t202 = _t212 + 0x20;
				 *(_t183 + 1) = _t99;
				_t185 = _t210 + 0x60;
				FindFirstFileA(??, ??);
				if (_t157 == 0xffffffff) goto 0x68e04171;
				if (( *(_t212 + 0x20) & 0x00000010) == 0) goto 0x68e04152;
				_t112 =  *(_t212 + 0x4c) & 0x000000ff;
				if (_t112 != 0x2e) goto 0x68e040ed;
				if (1 == 0) goto 0x68e04152;
				if (_t112 != _t112) goto 0x68e040ed;
				if (1 != _t112) goto 0x68e040ed;
				if ( *((char*)(_t212 + 0x4e)) == 0) goto 0x68e04152;
				 *((char*)(_t210 + _t185 + 0x60)) = 1;
				if (( *(_t210 + _t185 + 0x460) & 0x000000ff) != 0) goto 0x68e040f0;
				_t159 = _t210 + 0x60 - 1;
				if ( *((char*)(_t159 + 1)) != 0) goto 0x68e04110;
				asm("o16 nop [eax+eax]");
				_t114 = (_t212 + 0x4c)[_t202] & 0x000000ff;
				 *(_t159 + 1 + _t202) = _t114;
				if (_t114 != 0) goto 0x68e04130;
				E00007FF67FF668E03E90(__rcx, _t210 + 0x60, _t157, __r8, __r9);
				if (FindNextFileA(??, ??) != 0) goto 0x68e040c0;
				FindClose(??);
				return E00007FF67FF668E9D970(0, _t114,  *(_t210 + 0x860) ^ _t212);
			}

































                                                0x7ff668e03e96
                                                0x7ff668e03e9e
                                                0x7ff668e03ea5
                                                0x7ff668e03eaf
                                                0x7ff668e03ed0
                                                0x7ff668e03ed3
                                                0x7ff668e03ed7
                                                0x7ff668e03edd
                                                0x7ff668e03ef9
                                                0x7ff668e03efb
                                                0x7ff668e03f06
                                                0x7ff668e03f0b
                                                0x7ff668e03f14
                                                0x7ff668e03f17
                                                0x7ff668e03f24
                                                0x7ff668e03f28
                                                0x7ff668e03f31
                                                0x7ff668e03f38
                                                0x7ff668e03f40
                                                0x7ff668e03f48
                                                0x7ff668e03f52
                                                0x7ff668e03f58
                                                0x7ff668e03f68
                                                0x7ff668e03f70
                                                0x7ff668e03f75
                                                0x7ff668e03f7e
                                                0x7ff668e03f8d
                                                0x7ff668e03f9b
                                                0x7ff668e03f9f
                                                0x7ff668e03fa6
                                                0x7ff668e03fb0
                                                0x7ff668e03fb3
                                                0x7ff668e03fb7
                                                0x7ff668e03fb9
                                                0x7ff668e03fbf
                                                0x7ff668e03fc1
                                                0x7ff668e03fc6
                                                0x7ff668e03fd0
                                                0x7ff668e03fd8
                                                0x7ff668e03fe2
                                                0x7ff668e03fe8
                                                0x7ff668e03ff8
                                                0x7ff668e04000
                                                0x7ff668e04005
                                                0x7ff668e0400e
                                                0x7ff668e0401d
                                                0x7ff668e04027
                                                0x7ff668e0402b
                                                0x7ff668e04036
                                                0x7ff668e04040
                                                0x7ff668e04047
                                                0x7ff668e0404f
                                                0x7ff668e04051
                                                0x7ff668e04056
                                                0x7ff668e0405b
                                                0x7ff668e04065
                                                0x7ff668e04078
                                                0x7ff668e04082
                                                0x7ff668e04088
                                                0x7ff668e04098
                                                0x7ff668e0409a
                                                0x7ff668e040a0
                                                0x7ff668e040a5
                                                0x7ff668e040a7
                                                0x7ff668e040ab
                                                0x7ff668e040b8
                                                0x7ff668e040c5
                                                0x7ff668e040cb
                                                0x7ff668e040d8
                                                0x7ff668e040dc
                                                0x7ff668e040e0
                                                0x7ff668e040e4
                                                0x7ff668e040eb
                                                0x7ff668e040f8
                                                0x7ff668e04102
                                                0x7ff668e04108
                                                0x7ff668e04118
                                                0x7ff668e04125
                                                0x7ff668e04130
                                                0x7ff668e04135
                                                0x7ff668e0413e
                                                0x7ff668e0414d
                                                0x7ff668e04162
                                                0x7ff668e0416b
                                                0x7ff668e04196

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Find$File$CloseFirstNext
                                                • String ID: *.*
                                                • API String ID: 3541575487-438819550
                                                • Opcode ID: 5278647b40b37ae9cc7a6f7b897e86ec6bfa3eeb9a3d470834a93127d5be6982
                                                • Instruction ID: e3f3d1df5efc4ac54abe3585c447b93730155f00089e3ccea20a8d296ec6785b
                                                • Opcode Fuzzy Hash: 5278647b40b37ae9cc7a6f7b897e86ec6bfa3eeb9a3d470834a93127d5be6982
                                                • Instruction Fuzzy Hash: 7091816260C6C5C9EB118F34D0403F9BBB1EB62B4CF488272DA5D8B696DF3AD51AC714
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E08B10 Relevance: 6.4, APIs: 4, Instructions: 387COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 65%
                                                			E00007FF67FF668E08B10(void* __edi, void* __esp, long long __rbx, int __rcx, long long __rdx) {
				void* __rsi;
				void* __rbp;
				void* __r14;
				int _t80;
				void* _t82;
				void* _t93;
				int _t96;
				void* _t98;
				void* _t99;
				void* _t105;
				void* _t109;
				void* _t110;
				signed long long _t174;
				long long _t183;
				long long _t198;
				long long _t208;
				long long _t209;
				void* _t212;
				void* _t213;
				void* _t216;
				void* _t217;
				void* _t220;
				void* _t221;
				intOrPtr _t252;
				intOrPtr _t262;
				intOrPtr _t267;
				intOrPtr _t271;
				intOrPtr _t275;
				int _t282;
				void* _t283;
				long long _t284;
				intOrPtr _t287;
				char* _t291;
				long long _t294;
				intOrPtr _t295;
				intOrPtr _t296;
				intOrPtr _t297;
				int _t300;
				void* _t301;
				void* _t303;
				signed long long _t304;
				int _t314;
				long long _t315;
				char* _t317;
				int _t318;
				int _t320;
				int _t324;
				void* _t325;
				void* _t326;
				long long _t327;
				void* _t328;

				_t208 = __rbx;
				 *((long long*)(_t303 + 0x18)) = __rbx;
				_t301 = _t303 - 0x27;
				_t304 = _t303 - 0xb0;
				_t174 =  *0x68faa518; // 0x6f377a770bdc
				 *(_t301 + 0x1f) = _t174 ^ _t304;
				_t315 = __rdx;
				_t318 = __rcx;
				 *(_t301 - 0x41) = __rcx;
				if ( *((long long*)(__rdx + 0x18)) - 0x10 < 0) goto 0x68e08b51;
				 *(_t304 + 0x28) = 0;
				 *((long long*)(_t304 + 0x20)) = __rbx;
				r9d = r14d;
				_t80 = MultiByteToWideChar(_t324, _t320, _t317);
				 *(_t301 - 0x41) = _t80;
				if (_t80 != 0) goto 0x68e08bd3;
				E00007FF67FF668E06610(_t174 ^ _t304, _t301 - 1);
				_t82 = E00007FF67FF668E083B0(_t174 ^ _t304, __rbx, _t318, __rdx, _t291);
				_t262 =  *((intOrPtr*)(_t301 + 0x17));
				if (_t262 - 0x10 < 0) goto 0x68e09029;
				if (_t262 + 1 - 0x1000 < 0) goto 0x68e09024;
				if ( *((intOrPtr*)(_t301 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t301 - 1)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x68e09059;
				goto 0x68e09024;
				 *(_t301 - 0x49) = 0;
				_t325 = _t82;
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp-0x39], xmm0");
				 *((long long*)(_t301 - 0x29)) = _t208;
				if (_t325 - 0xffffffff > 0) goto 0x68e09071;
				_t283 = _t325 + _t325;
				if (_t283 - 0x1000 < 0) goto 0x68e08c13;
				E00007FF67FF668E06270(_t283);
				goto 0x68e08c28;
				if (_t283 == 0) goto 0x68e08c25;
				E00007FF67FF668E9DDA0(0xffffffff, _t283);
				goto 0x68e08c28;
				_t294 = _t208;
				 *((long long*)(_t301 - 0x39)) = _t294;
				_t209 = _t283 + _t294;
				 *((long long*)(_t301 - 0x29)) = _t209;
				if (E00007FF67FF668E083A0(_t301 - 0x49) == 0) goto 0x68e08c4e;
				E00007FF67FF668E08390(_t294, _t325);
				goto 0x68e08c5c;
				_t284 = _t294;
				memset(__edi, 0, 0xfde9);
				 *((long long*)(_t301 - 0x31)) = _t209;
				if ( *((long long*)(_t315 + 0x18)) - 0x10 < 0) goto 0x68e08c72;
				 *(_t304 + 0x28) =  *(_t301 - 0x41);
				 *((long long*)(_t304 + 0x20)) = _t294;
				r9d = r14d;
				if (MultiByteToWideChar(_t314, _t282, _t291) != 0) goto 0x68e08d38;
				E00007FF67FF668E06610(_t209, _t301 - 0x21);
				_t93 = E00007FF67FF668E083B0(_t209, _t209, _t318, _t315, _t294);
				_t267 =  *((intOrPtr*)(_t301 - 9));
				if (_t267 - 0x10 < 0) goto 0x68e08ce7;
				if (_t267 + 1 - 0x1000 < 0) goto 0x68e08ce2;
				_t183 =  *((intOrPtr*)(_t301 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t301 - 0x21)) - 8)) + 0xfffffff8;
				if (_t183 - 0x1f > 0) goto 0x68e09077;
				E00007FF67FF668E9DDDC(_t93,  *((intOrPtr*)( *((intOrPtr*)(_t301 - 0x21)) - 8)));
				 *((long long*)(_t301 - 0x11)) = _t183;
				 *((long long*)(_t301 - 9)) = 0xf;
				 *((char*)(_t301 - 0x21)) = 0;
				if (_t294 == 0) goto 0x68e09029;
				_t212 = (_t209 - _t294 >> 1) + (_t209 - _t294 >> 1);
				if (_t212 - 0x1000 < 0) goto 0x68e0901e;
				_t213 = _t212 + 0x27;
				_t295 =  *((intOrPtr*)(_t294 - 8));
				if (_t294 - _t295 + 0xfffffff8 - 0x1f > 0) goto 0x68e0905f;
				goto 0x68e0901e;
				 *((intOrPtr*)(_t301 - 0x45)) = 0;
				 *((long long*)(_t304 + 0x38)) = _t301 - 0x45;
				 *((long long*)(_t304 + 0x30)) = _t284;
				 *(_t304 + 0x28) = 0;
				 *((long long*)(_t304 + 0x20)) = _t284;
				r9d = r14d;
				_t96 = WideCharToMultiByte(_t300, ??, ??, ??, ??, ??, ??);
				 *(_t301 - 0x49) = _t96;
				if (_t96 != 0) goto 0x68e08e10;
				E00007FF67FF668E06610(_t301 - 0x45, _t301 - 0x21);
				_t98 = E00007FF67FF668E083B0(_t301 - 0x45, _t213, _t318, _t315, _t295);
				_t271 =  *((intOrPtr*)(_t301 - 9));
				if (_t271 - 0x10 < 0) goto 0x68e08dc0;
				if (_t271 + 1 - 0x1000 < 0) goto 0x68e08dbb;
				if ( *((intOrPtr*)(_t301 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t301 - 0x21)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x68e0907d;
				_t99 = E00007FF67FF668E9DDDC(_t98,  *((intOrPtr*)( *((intOrPtr*)(_t301 - 0x21)) - 8)));
				 *((long long*)(_t301 - 0x11)) = _t284;
				 *((long long*)(_t301 - 9)) = 0xf;
				 *((char*)(_t301 - 0x21)) = 0;
				if (_t295 == 0) goto 0x68e09029;
				_t216 = (_t213 - _t295 >> 1) + (_t213 - _t295 >> 1);
				if (_t216 - 0x1000 < 0) goto 0x68e0901e;
				_t217 = _t216 + 0x27;
				_t296 =  *((intOrPtr*)(_t295 - 8));
				if (_t295 - _t296 + 0xfffffff8 - 0x1f > 0) goto 0x68e09065;
				goto 0x68e0901e;
				_t326 = _t99;
				asm("xorps xmm0, xmm0");
				asm("movdqu [ebp-0x21], xmm0");
				 *((long long*)(_t301 - 0x11)) = _t284;
				if (_t326 - 0xffffffff > 0) goto 0x68e09083;
				if (_t326 - 0x1000 < 0) goto 0x68e08e45;
				E00007FF67FF668E06270(_t326);
				goto 0x68e08e4a;
				E00007FF67FF668E9DDA0(0xffffffff, _t326);
				 *((long long*)(_t301 - 0x21)) = 0xffffffff;
				_t327 = _t326 + 0xffffffff;
				 *((long long*)(_t301 - 0x11)) = _t327;
				E00007FF67FF668E08380(0, 0xffffffff, _t271 + 0x28);
				 *((long long*)(_t301 - 0x19)) = _t327;
				 *((intOrPtr*)(_t301 - 0x45)) = 0;
				 *((long long*)(_t304 + 0x38)) = _t301 - 0x45;
				 *((long long*)(_t304 + 0x30)) = 0xffffffff;
				 *(_t304 + 0x28) = 0;
				 *((long long*)(_t304 + 0x20)) = 0xffffffff;
				r9d = r14d;
				if (WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??) != 0) goto 0x68e08f7d;
				E00007FF67FF668E06610(_t301 - 0x45, _t301 - 1);
				_t105 = E00007FF67FF668E083B0(_t301 - 0x45, _t217, _t318, _t315, _t296);
				_t275 =  *((intOrPtr*)(_t301 + 0x17));
				if (_t275 - 0x10 < 0) goto 0x68e08ef3;
				if (_t275 + 1 - 0x1000 < 0) goto 0x68e08eee;
				_t198 =  *((intOrPtr*)(_t301 - 1)) -  *((intOrPtr*)( *((intOrPtr*)(_t301 - 1)) - 8)) + 0xfffffff8;
				if (_t198 - 0x1f > 0) goto 0x68e09089;
				E00007FF67FF668E9DDDC(_t105,  *((intOrPtr*)( *((intOrPtr*)(_t301 - 1)) - 8)));
				 *((long long*)(_t301 + 0xf)) = _t198;
				 *((long long*)(_t301 + 0x17)) = 0xf;
				 *((char*)(_t301 - 1)) = 0;
				if (0xffffffff == 0) goto 0x68e08f3d;
				_t328 = _t327 - 0xffffffff;
				if (_t328 - 0x1000 < 0) goto 0x68e08f31;
				_t252 =  *0x7FFFFFFFFFFFFFF7;
				_t68 = 0xffffffff - _t252 - 8; // -8
				if (_t68 - 0x1f > 0) goto 0x68e0908f;
				_t287 = _t252;
				E00007FF67FF668E9DDDC(0, _t287);
				if (_t296 == 0) goto 0x68e09029;
				_t220 = (_t217 - _t296 >> 1) + (_t217 - _t296 >> 1);
				if (_t220 - 0x1000 < 0) goto 0x68e0901e;
				_t221 = _t220 + 0x27;
				_t297 =  *((intOrPtr*)(_t296 - 8));
				if (_t296 - _t297 + 0xfffffff8 - 0x1f > 0) goto 0x68e0906b;
				goto 0x68e0901e;
				r12d = 0;
				 *((long long*)(_t301 - 1)) = _t315;
				 *((long long*)(_t301 + 0xf)) = _t315;
				 *((long long*)(_t301 + 0x17)) = 0xf;
				if ( *((intOrPtr*)(_t287 + 0xffffffff)) != r12b) goto 0x68e08f90;
				_t109 = E00007FF67FF668E066B0(_t296 - _t297 + 0xfffffff8, _t221, _t301 - 1, _t287, 0xffffffff, 0);
				asm("movups xmm0, [ebp-0x1]");
				asm("inc ecx");
				asm("movups xmm1, [ebp+0xf]");
				asm("inc ecx");
				if (_t287 == 0) goto 0x68e08fef;
				if (_t328 + 0x27 - _t287 - 0x1000 < 0) goto 0x68e08fe3;
				_t76 = _t287 -  *((intOrPtr*)(_t287 - 8)) - 8; // -8
				if (_t76 - 0x1f > 0) goto 0x68e09053;
				_t110 = E00007FF67FF668E9DDDC(_t109,  *((intOrPtr*)(_t287 - 8)));
				if (_t297 == 0) goto 0x68e09029;
				if ((_t221 - _t297 >> 1) + (_t221 - _t297 >> 1) - 0x1000 < 0) goto 0x68e0901e;
				if (_t297 -  *((intOrPtr*)(_t297 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0x68e09095;
				return E00007FF67FF668E9D970(E00007FF67FF668E9DDDC(_t110,  *((intOrPtr*)(_t297 - 8))), 0,  *(_t301 + 0x1f) ^ _t304);
			}






















































                                                0x7ff668e08b10
                                                0x7ff668e08b10
                                                0x7ff668e08b20
                                                0x7ff668e08b25
                                                0x7ff668e08b2c
                                                0x7ff668e08b36
                                                0x7ff668e08b3a
                                                0x7ff668e08b3d
                                                0x7ff668e08b40
                                                0x7ff668e08b4c
                                                0x7ff668e08b53
                                                0x7ff668e08b57
                                                0x7ff668e08b63
                                                0x7ff668e08b6d
                                                0x7ff668e08b73
                                                0x7ff668e08b78
                                                0x7ff668e08b7e
                                                0x7ff668e08b8a
                                                0x7ff668e08b90
                                                0x7ff668e08b98
                                                0x7ff668e08baf
                                                0x7ff668e08bc8
                                                0x7ff668e08bce
                                                0x7ff668e08bd3
                                                0x7ff668e08bd7
                                                0x7ff668e08bda
                                                0x7ff668e08bdd
                                                0x7ff668e08be2
                                                0x7ff668e08bf3
                                                0x7ff668e08bf9
                                                0x7ff668e08c04
                                                0x7ff668e08c09
                                                0x7ff668e08c11
                                                0x7ff668e08c16
                                                0x7ff668e08c1b
                                                0x7ff668e08c23
                                                0x7ff668e08c25
                                                0x7ff668e08c28
                                                0x7ff668e08c2c
                                                0x7ff668e08c30
                                                0x7ff668e08c3f
                                                0x7ff668e08c47
                                                0x7ff668e08c4c
                                                0x7ff668e08c53
                                                0x7ff668e08c59
                                                0x7ff668e08c5f
                                                0x7ff668e08c6c
                                                0x7ff668e08c75
                                                0x7ff668e08c79
                                                0x7ff668e08c7e
                                                0x7ff668e08c90
                                                0x7ff668e08c9a
                                                0x7ff668e08ca6
                                                0x7ff668e08cac
                                                0x7ff668e08cb4
                                                0x7ff668e08cc7
                                                0x7ff668e08cd4
                                                0x7ff668e08cdc
                                                0x7ff668e08ce2
                                                0x7ff668e08ce9
                                                0x7ff668e08ced
                                                0x7ff668e08cf5
                                                0x7ff668e08cfb
                                                0x7ff668e08d07
                                                0x7ff668e08d14
                                                0x7ff668e08d1a
                                                0x7ff668e08d1e
                                                0x7ff668e08d2d
                                                0x7ff668e08d33
                                                0x7ff668e08d3a
                                                0x7ff668e08d41
                                                0x7ff668e08d46
                                                0x7ff668e08d4b
                                                0x7ff668e08d4f
                                                0x7ff668e08d54
                                                0x7ff668e08d5e
                                                0x7ff668e08d64
                                                0x7ff668e08d69
                                                0x7ff668e08d73
                                                0x7ff668e08d7f
                                                0x7ff668e08d85
                                                0x7ff668e08d8d
                                                0x7ff668e08da0
                                                0x7ff668e08db5
                                                0x7ff668e08dbb
                                                0x7ff668e08dc0
                                                0x7ff668e08dc4
                                                0x7ff668e08dcc
                                                0x7ff668e08dd3
                                                0x7ff668e08ddf
                                                0x7ff668e08dec
                                                0x7ff668e08df2
                                                0x7ff668e08df6
                                                0x7ff668e08e05
                                                0x7ff668e08e0b
                                                0x7ff668e08e10
                                                0x7ff668e08e13
                                                0x7ff668e08e16
                                                0x7ff668e08e1b
                                                0x7ff668e08e2c
                                                0x7ff668e08e3c
                                                0x7ff668e08e3e
                                                0x7ff668e08e43
                                                0x7ff668e08e45
                                                0x7ff668e08e4d
                                                0x7ff668e08e51
                                                0x7ff668e08e54
                                                0x7ff668e08e61
                                                0x7ff668e08e66
                                                0x7ff668e08e6c
                                                0x7ff668e08e73
                                                0x7ff668e08e78
                                                0x7ff668e08e81
                                                0x7ff668e08e85
                                                0x7ff668e08e8a
                                                0x7ff668e08e9c
                                                0x7ff668e08ea6
                                                0x7ff668e08eb2
                                                0x7ff668e08eb8
                                                0x7ff668e08ec0
                                                0x7ff668e08ed3
                                                0x7ff668e08ee0
                                                0x7ff668e08ee8
                                                0x7ff668e08eee
                                                0x7ff668e08ef5
                                                0x7ff668e08ef9
                                                0x7ff668e08f01
                                                0x7ff668e08f07
                                                0x7ff668e08f09
                                                0x7ff668e08f13
                                                0x7ff668e08f19
                                                0x7ff668e08f20
                                                0x7ff668e08f28
                                                0x7ff668e08f2e
                                                0x7ff668e08f37
                                                0x7ff668e08f40
                                                0x7ff668e08f4c
                                                0x7ff668e08f59
                                                0x7ff668e08f5f
                                                0x7ff668e08f63
                                                0x7ff668e08f72
                                                0x7ff668e08f78
                                                0x7ff668e08f7d
                                                0x7ff668e08f80
                                                0x7ff668e08f84
                                                0x7ff668e08f88
                                                0x7ff668e08f97
                                                0x7ff668e08fa3
                                                0x7ff668e08fa8
                                                0x7ff668e08fac
                                                0x7ff668e08fb1
                                                0x7ff668e08fb5
                                                0x7ff668e08fbd
                                                0x7ff668e08fc9
                                                0x7ff668e08fd6
                                                0x7ff668e08fde
                                                0x7ff668e08fe9
                                                0x7ff668e08ff2
                                                0x7ff668e09007
                                                0x7ff668e0901c
                                                0x7ff668e09052

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ByteCharMultiWide$ErrorLast
                                                • String ID:
                                                • API String ID: 1717984340-0
                                                • Opcode ID: 7bdf1fb821260b6a1b4e44c14bf7831916a66b033c4d85dcb0b72dd7e02042bb
                                                • Instruction ID: 8321d0e396f72f2e9e558ec5e2a90434a1c547b6a9a061f30c09d7dad95a7991
                                                • Opcode Fuzzy Hash: 7bdf1fb821260b6a1b4e44c14bf7831916a66b033c4d85dcb0b72dd7e02042bb
                                                • Instruction Fuzzy Hash: EDE1D122F18752C5FF14AB7598043BD22B1AF497E4F104B31EA6D9BBDADE7CD0918248
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E0BC20 Relevance: 6.1, APIs: 4, Instructions: 73fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 64%
                                                			E00007FF67FF668E0BC20(long long __rbx, intOrPtr* __rdx, void* __r8, void* __r9, long long _a8) {
				signed int _v40;
				char _v312;
				char _v588;
				char _v632;
				char _v656;
				signed long long _v664;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t28;
				signed long long _t39;
				signed long long _t40;
				intOrPtr* _t43;
				void* _t63;
				void* _t68;

				_t57 = __rdx;
				_a8 = __rbx;
				_t39 =  *0x68faa518; // 0x6f377a770bdc
				_t40 = _t39 ^ _t68 - 0x000002a0;
				_v40 = _t40;
				_t43 = __rdx;
				if (__r9 == 0) goto 0x68e0bc69;
				E00007FF67FF668F15D9C(0x104,  &_v312);
				E00007FF67FF668F16974(_t28, 0x104, _t43, __r9, _t57, _t63, __r8);
				 *_t43 = 0;
				FindFirstFileA(??, ??);
				if (_t40 != 0xffffffff) goto 0x68e0bc8b;
				goto 0x68e0bd1e;
				E00007FF67FF668E9DDA0(_t40, __r8);
				_v664 = _t40;
				if (_t40 == 0) goto 0x68e0bcb2;
				r8d = 0;
				E00007FF67FF668E0E680(_t43, _t40,  &_v588, _t40);
				 *_t43 =  *_t43 + 1;
				if (FindNextFileA(??, ??) == 0) goto 0x68e0bd00;
				asm("o16 nop [eax+eax]");
				E00007FF67FF668E0E710(E00007FF67FF668E0E7F0(_t40, _t40,  &_v656, _t40, __r9,  &_v588),  &_v656);
				 *_t43 =  *_t43 + 1;
				if (FindNextFileA(??, ??) != 0) goto 0x68e0bcd0;
				FindClose(??);
				if (__r9 == 0) goto 0x68e0bd1b;
				return E00007FF67FF668E9D970(E00007FF67FF668F16974(_t28, 0x104, _t43,  &_v312,  &_v632, _t40, _t40), 0x18, _v40 ^ _t68 - 0x000002a0);
			}


















                                                0x7ff668e0bc20
                                                0x7ff668e0bc20
                                                0x7ff668e0bc2f
                                                0x7ff668e0bc36
                                                0x7ff668e0bc39
                                                0x7ff668e0bc47
                                                0x7ff668e0bc4d
                                                0x7ff668e0bc5c
                                                0x7ff668e0bc64
                                                0x7ff668e0bc6b
                                                0x7ff668e0bc75
                                                0x7ff668e0bc82
                                                0x7ff668e0bc86
                                                0x7ff668e0bc90
                                                0x7ff668e0bc95
                                                0x7ff668e0bc9d
                                                0x7ff668e0bc9f
                                                0x7ff668e0bcaa
                                                0x7ff668e0bcb2
                                                0x7ff668e0bcc4
                                                0x7ff668e0bcc6
                                                0x7ff668e0bce7
                                                0x7ff668e0bcec
                                                0x7ff668e0bcfe
                                                0x7ff668e0bd03
                                                0x7ff668e0bd0c
                                                0x7ff668e0bd40

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Find$File$Next$CloseFirst
                                                • String ID:
                                                • API String ID: 1884811643-0
                                                • Opcode ID: f12ef12a5bd1b9aa9b247cc10e20ecba49f40fd214321a8a89f2ca4780d1f663
                                                • Instruction ID: 4a9238215c8601798b8208d94328b0ab171502294f86fbfc93b4386151628026
                                                • Opcode Fuzzy Hash: f12ef12a5bd1b9aa9b247cc10e20ecba49f40fd214321a8a89f2ca4780d1f663
                                                • Instruction Fuzzy Hash: 1C31A032B08646D6EA20AB31E0503B96370FFC5BD4F444931EE5D8B79ADE3CD5058748
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E0BD50 Relevance: 6.1, APIs: 4, Instructions: 73fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00007FF67FF668E0BD50(long long __rbx, intOrPtr* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t30;
				signed long long _t41;
				signed long long _t42;
				intOrPtr* _t45;
				CHAR* _t65;
				void* _t68;
				void* _t72;
				void* _t75;
				signed long long _t76;

				_t59 = __rdx;
				 *((long long*)(_t75 + 8)) = __rbx;
				_t76 = _t75 - 0x2a0;
				_t41 =  *0x68faa518; // 0x6f377a770bdc
				_t42 = _t41 ^ _t76;
				 *(_t76 + 0x290) = _t42;
				_t45 = __rdx;
				if (__r9 == 0) goto 0x68e0bd9a;
				E00007FF67FF668F15D9C(0x104, _t76 + 0x180);
				E00007FF67FF668F16974(_t30, 0x104, _t45,  *((intOrPtr*)(__r9 + 0x10)), _t59, _t65, __r8);
				 *_t45 = 0;
				FindFirstFileA(_t65);
				if (_t42 != 0xffffffff) goto 0x68e0bdbd;
				goto 0x68e0be4e;
				E00007FF67FF668E9DDA0(_t42,  *((intOrPtr*)(__r8 + 0x10)));
				 *(_t76 + 0x20) = _t42;
				if (_t42 == 0) goto 0x68e0bde4;
				r8d = 0;
				E00007FF67FF668E0E680(_t45, _t42, _t76 + 0x6c, _t42, _t68);
				 *_t45 =  *_t45 + 1;
				if (FindNextFileA(_t72) == 0) goto 0x68e0be30;
				E00007FF67FF668E0E710(E00007FF67FF668E0E7F0(_t42, _t42, _t76 + 0x28, _t42, __r9, _t76 + 0x6c), _t76 + 0x28);
				 *_t45 =  *_t45 + 1;
				if (FindNextFileA(??, ??) != 0) goto 0x68e0be00;
				FindClose(??);
				if (__r9 == 0) goto 0x68e0be4b;
				return E00007FF67FF668E9D970(E00007FF67FF668F16974(_t30, 0x104, _t45, _t76 + 0x180, _t76 + 0x40, _t42, _t42), 0x18,  *(_t76 + 0x290) ^ _t76);
			}















                                                0x7ff668e0bd50
                                                0x7ff668e0bd50
                                                0x7ff668e0bd58
                                                0x7ff668e0bd5f
                                                0x7ff668e0bd66
                                                0x7ff668e0bd69
                                                0x7ff668e0bd77
                                                0x7ff668e0bd7d
                                                0x7ff668e0bd8c
                                                0x7ff668e0bd95
                                                0x7ff668e0bd9c
                                                0x7ff668e0bda7
                                                0x7ff668e0bdb4
                                                0x7ff668e0bdb8
                                                0x7ff668e0bdc2
                                                0x7ff668e0bdc7
                                                0x7ff668e0bdcf
                                                0x7ff668e0bdd1
                                                0x7ff668e0bddc
                                                0x7ff668e0bde4
                                                0x7ff668e0bdf6
                                                0x7ff668e0be17
                                                0x7ff668e0be1c
                                                0x7ff668e0be2e
                                                0x7ff668e0be33
                                                0x7ff668e0be3c
                                                0x7ff668e0be70

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Find$File$Next$CloseFirst
                                                • String ID:
                                                • API String ID: 1884811643-0
                                                • Opcode ID: 942cc1dc5598d20bf6fb160958860c44c463004668bfee3d0857924a9c1606ed
                                                • Instruction ID: 51269bbfbb37d622b7237d649cbca741a3a3f2f07564e324a94a903988a26965
                                                • Opcode Fuzzy Hash: 942cc1dc5598d20bf6fb160958860c44c463004668bfee3d0857924a9c1606ed
                                                • Instruction Fuzzy Hash: 21317F32B08A4AD6EA20AB31E4503BA6370FFC5BD4F444931EA5D8B79ADF3CD5158B44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DDAD10 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 158memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E00007FF67FF668DDAD10(long long __rcx, void* __r8, void* __r9, long long _a8) {
				long long _v24;
				long long _v32;
				char _v36;
				void* _v40;
				long long _v48;
				long long _v56;
				void* _t61;
				void* _t81;
				void* _t89;
				long long _t134;
				long long _t135;
				void* _t178;

				_t178 = __r9;
				_t176 = __r8;
				_a8 = __rcx;
				if (0 == 1) goto 0x68ddafeb;
				r8d = 4;
				if ((E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x158) & 0x000000ff) != 0) goto 0x68ddad5e;
				_t61 = E00007FF67FF668DD7FE0(E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x158) & 0x000000ff, L"PipedIpcThread1: Failed reading value of message length\n", _a8 + 0x158, __r8, _t178);
				goto 0x68ddafeb;
				E00007FF67FF668DD7FE0(_t61, L"PipedIpcThread1: Starting a new message...\n", _a8 + 0x158, __r8, _t178);
				LocalAlloc(??, ??);
				 *((long long*)(_a8 + 0x150)) = _a8;
				if ( *((long long*)(_a8 + 0x150)) == 0) goto 0x68ddafe6;
				r8d = 4;
				if ((E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x14c) & 0x000000ff) != 0) goto 0x68ddaddc;
				E00007FF67FF668DD7FE0(E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x14c) & 0x000000ff, L"PipedIpcThread1: Failed reading value of counter\n", _a8 + 0x14c, __r8, _t178);
				goto 0x68ddafeb;
				r8d = 4;
				if ((E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)),  &_v40) & 0x000000ff) != 0) goto 0x68ddae0d;
				E00007FF67FF668DD7FE0(E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)),  &_v40) & 0x000000ff, L"PipedIpcThread1: Failed reading value of session\n",  &_v40, __r8, _t178);
				goto 0x68ddafeb;
				r8d = 4;
				if ((E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x170) & 0x000000ff) != 0) goto 0x68ddae47;
				E00007FF67FF668DD7FE0(E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)), _a8 + 0x170) & 0x000000ff, L"PipedIpcThread1: Failed reading value of answer length\n", _a8 + 0x170, __r8, _t178);
				goto 0x68ddafeb;
				r8d =  *((intOrPtr*)(_a8 + 0x158));
				if ((E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)),  *((intOrPtr*)(_a8 + 0x150))) & 0x000000ff) != 0) goto 0x68ddae85;
				E00007FF67FF668DD7FE0(E00007FF67FF668DDB100( *((intOrPtr*)(_a8 + 0x10)),  *((intOrPtr*)(_a8 + 0x150))) & 0x000000ff, L"PipedIpcThread1: Failed reading message buffer\n",  *((intOrPtr*)(_a8 + 0x150)), _t176, _t178);
				goto 0x68ddafeb;
				_v48 = _v40;
				_v56 = _a8 + 0x160;
				r9d = 0;
				r8d =  *((intOrPtr*)(_a8 + 0x14c));
				if ((E00007FF67FF668DD9B50(0, _a8 + 0x48) & 0x000000ff) == 0) goto 0x68ddafc8;
				E00007FF67FF668DD7FE0(E00007FF67FF668DD9B50(0, _a8 + 0x48) & 0x000000ff, L"PipedIpcThread1: InitIpcAnswer returned True\n", _a8 + 0x48, _t176, _t178);
				if ( *((intOrPtr*)(_a8 + 0x170)) == 0) goto 0x68ddaef6;
				SetEvent(??);
				_t134 = _a8;
				if ( *((intOrPtr*)(_t134 + 0x30)) - 1 <= 0) goto 0x68ddafbc;
				_t81 = LocalAlloc(??, ??);
				_v24 = _t134;
				r8d = 0x188;
				0x68ed0c80();
				E00007FF67FF668DD7FE0(_t81, L"PipedIpcThread1: Creating PipedIpcThread2\n", _a8, _t176, _t178);
				_t135 =  &_v36;
				_v48 = _t135;
				_v56 = 0;
				CreateThread(??, ??, ??, ??, ??, ??);
				_v32 = _t135;
				if (_v32 == 0) goto 0x68ddaf8a;
				SetThreadPriority(??, ??);
				CloseHandle(??);
				goto 0x68ddafba;
				LocalFree(??);
				LocalFree(??);
				E00007FF67FF668DDA390(_a8 + 0x160);
				goto 0x68ddafc6;
				_t89 = E00007FF67FF668DDB000(_a8, _a8, E00007FF67FF668DDB0D0, _v24);
				goto 0x68ddafe6;
				E00007FF67FF668DD7FE0(_t89, L"** PipedIpcThread1: InitIpcAnswer returned False\n", _a8, E00007FF67FF668DDB0D0, _v24);
				LocalFree(??);
				goto 0x68ddad19;
				LocalFree(??);
				return 0;
			}















                                                0x7ff668ddad10
                                                0x7ff668ddad10
                                                0x7ff668ddad10
                                                0x7ff668ddad1e
                                                0x7ff668ddad2f
                                                0x7ff668ddad4b
                                                0x7ff668ddad54
                                                0x7ff668ddad59
                                                0x7ff668ddad65
                                                0x7ff668ddad7d
                                                0x7ff668ddad88
                                                0x7ff668ddad9c
                                                0x7ff668ddadad
                                                0x7ff668ddadc9
                                                0x7ff668ddadd2
                                                0x7ff668ddadd7
                                                0x7ff668ddaddc
                                                0x7ff668ddadfa
                                                0x7ff668ddae03
                                                0x7ff668ddae08
                                                0x7ff668ddae18
                                                0x7ff668ddae34
                                                0x7ff668ddae3d
                                                0x7ff668ddae42
                                                0x7ff668ddae4c
                                                0x7ff668ddae72
                                                0x7ff668ddae7b
                                                0x7ff668ddae80
                                                0x7ff668ddae9d
                                                0x7ff668ddaea1
                                                0x7ff668ddaea6
                                                0x7ff668ddaeae
                                                0x7ff668ddaec4
                                                0x7ff668ddaed1
                                                0x7ff668ddaee2
                                                0x7ff668ddaef0
                                                0x7ff668ddaef6
                                                0x7ff668ddaeff
                                                0x7ff668ddaf0f
                                                0x7ff668ddaf15
                                                0x7ff668ddaf1a
                                                0x7ff668ddaf2a
                                                0x7ff668ddaf36
                                                0x7ff668ddaf3b
                                                0x7ff668ddaf40
                                                0x7ff668ddaf45
                                                0x7ff668ddaf5d
                                                0x7ff668ddaf63
                                                0x7ff668ddaf6e
                                                0x7ff668ddaf77
                                                0x7ff668ddaf82
                                                0x7ff668ddaf88
                                                0x7ff668ddaf8f
                                                0x7ff668ddafa1
                                                0x7ff668ddafb5
                                                0x7ff668ddafba
                                                0x7ff668ddafc1
                                                0x7ff668ddafc6
                                                0x7ff668ddafcf
                                                0x7ff668ddafe0
                                                0x7ff668ddafe6
                                                0x7ff668ddaff0
                                                0x7ff668ddaffc

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$AllocFileFreeRead
                                                • String ID: ** PipedIpcThread1: InitIpcAnswer returned False$PipedIpcThread1: Creating PipedIpcThread2$PipedIpcThread1: Failed reading message buffer$PipedIpcThread1: Failed reading value of answer length$PipedIpcThread1: Failed reading value of counter$PipedIpcThread1: Failed reading value of message length$PipedIpcThread1: Failed reading value of session$PipedIpcThread1: InitIpcAnswer returned True$PipedIpcThread1: Starting a new message...
                                                • API String ID: 3777291400-3069304445
                                                • Opcode ID: e51cef095409d24de24c4ef400a7a15601303e2ef7828b75146f5e017860e732
                                                • Instruction ID: cc45d509d1519bc678a91cc86cc2da889e7ceb9632bf19eb2474fff0a43e8cfa
                                                • Opcode Fuzzy Hash: e51cef095409d24de24c4ef400a7a15601303e2ef7828b75146f5e017860e732
                                                • Instruction Fuzzy Hash: 2481EC71A18B4AC2EA509B76E84437E6371FFC5B84F404176EA4DCB7A5DE3CE4098B18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DFDEC0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 172fileinjectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: FileHandleProcessView$CloseCurrentDuplicateErrorLastMemoryProtectUnmapVirtualWrite
                                                • String ID: %s$%x$2
                                                • API String ID: 2273813543-1294985516
                                                • Opcode ID: 6d242c733a80533d43cb646442074bb5c4288aeca4c2faecbc04d5310a9fcf53
                                                • Instruction ID: 2f1c26c17bfcf262225f23cef0b19ce60a9508699a953e043785d681238285c0
                                                • Opcode Fuzzy Hash: 6d242c733a80533d43cb646442074bb5c4288aeca4c2faecbc04d5310a9fcf53
                                                • Instruction Fuzzy Hash: 6AA1D332608AC5C6E7608B65E4447AAB7B0FBD8784F404136DA8D8BBA9DF3CD548DB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DFEC40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 187injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: MemoryProcess$Write$ProtectVirtual$Read
                                                • String ID: AP$AQ$P$Q$R
                                                • API String ID: 4096692964-3897567023
                                                • Opcode ID: fb5c8ce7b4a8dcef56a437c31b158c3a7594a8fd91d8b3cc9d3667c00e44f84f
                                                • Instruction ID: e165c6f5ee3797e3042fe5009d64d3eb80f033a37c98313a0dafc4c437efd693
                                                • Opcode Fuzzy Hash: fb5c8ce7b4a8dcef56a437c31b158c3a7594a8fd91d8b3cc9d3667c00e44f84f
                                                • Instruction Fuzzy Hash: CDB1E631619B81C5EB608B35E8543AAB7B0FF98794F500136DA8D8BBA9DF7CD144CB18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD2BE0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Current$Process$Handle$DuplicateThread$Close
                                                • String ID: @
                                                • API String ID: 1263286100-2766056989
                                                • Opcode ID: 43f306eb17b8c491c18241f5d76e1d5058c501905f0b3d94a432cda349303bb6
                                                • Instruction ID: 543e0d08080470be3ea7c9ff573683a81e947ee02f553c361c2560727bd3893d
                                                • Opcode Fuzzy Hash: 43f306eb17b8c491c18241f5d76e1d5058c501905f0b3d94a432cda349303bb6
                                                • Instruction Fuzzy Hash: 4C51F73290CA81C6E7209B75E84436AB7B0FBC9784F504135D68E8BA99DF7DE448CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DF6A10 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 472filememorylibraryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 26%
                                                			E00007FF67FF668DF6A10(signed int __edx, void* __edi, void* __esi, void* __esp, void* __rax, long long __rcx, long long __r8, long long __r9, signed int _a4, long long _a8, long long* _a12, signed int _a16, signed char* _a20, void* _a24, char* _a28, void* _a32) {
				long long _v4;
				signed char _v40;
				signed int _v48;
				signed char _v64;
				signed char _v68;
				char _v84;
				char _v124;
				void* _v132;
				void* _v140;
				long long _v148;
				char _v420;
				char _v436;
				long long _v444;
				char _v484;
				intOrPtr _v672;
				char _v888;
				long long _v1088;
				signed char _v1128;
				char _v1144;
				signed char _v1160;
				intOrPtr _v1360;
				char _v1576;
				intOrPtr _v1588;
				intOrPtr _v1592;
				long long _v1792;
				signed char _v1832;
				char _v1848;
				signed char _v1864;
				long long _v1872;
				signed char* _v1880;
				long long _v2088;
				signed int _v2108;
				intOrPtr _v2128;
				char _v2136;
				long long _v2152;
				signed char _v2352;
				char _v2568;
				char _v2584;
				signed char _v2588;
				signed char _v2592;
				long long _v2600;
				long long _v2612;
				long long _v2628;
				int _t321;
				void* _t424;
				long long _t454;
				long long _t455;
				intOrPtr _t463;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				_v2600 = 0;
				if ((_a16 & 0x00000002) != 0) goto 0x68df7044;
				E00007FF67FF668DDBCC0();
				if (__rax == 0) goto 0x68df6a94;
				E00007FF67FF668DDFBB0( &_v2568,  *((intOrPtr*)(_a8 + 0x78)));
				_v2592 = _v2352;
				_v2588 = E00007FF67FF668DE0000( &_v2568);
				E00007FF67FF668DDFFA0( &_v2568);
				goto 0x68df6bb9;
				_v2152 =  *((intOrPtr*)(_a8 + 0x78));
				if (0 == 1) goto 0x68df6b6e;
				E00007FF67FF668DF0770( &_v2136, _v2152);
				_v2152 = _v2088;
				if (_v2128 == 0) goto 0x68df6b4d;
				if (_v2152 -  *((intOrPtr*)(_a8 + 0x78)) - 6 >= 0) goto 0x68df6b4d;
				if ((_v2108 & 0x0000ffff) == 0xc2) goto 0x68df6b4d;
				if ((_v2108 & 0x0000ffff) == 0xc3) goto 0x68df6b4d;
				if ((_v2108 & 0x0000ffff) == 0xca) goto 0x68df6b4d;
				if ((_v2108 & 0x0000ffff) == 0xcb) goto 0x68df6b4d;
				if ((_v2108 & 0x0000ffff) != 0xcf) goto 0x68df6b5c;
				E00007FF67FF668DF0A60( &_v2136);
				goto 0x68df6b6e;
				E00007FF67FF668DF0A60( &_v2136);
				goto 0x68df6aa8;
				_t424 = _v2152 -  *((intOrPtr*)(_a8 + 0x78));
				if (_t424 - 6 < 0) goto 0x68df6b9b;
				_v40 = 1;
				goto 0x68df6ba6;
				_v40 = 0;
				_v2592 = _v40;
				_v2588 = _v2592;
				if (_v2592 == 0) goto 0x68df6c04;
				if (_v2588 == 0) goto 0x68df6c04;
				E00007FF67FF668DDBCC0();
				if (_t424 != 0) goto 0x68df7044;
				if (E00007FF67FF668DF7FA0( *((intOrPtr*)(_a8 + 0x68)),  *((intOrPtr*)(_a8 + 0x78)),  &_v2584) == 0) goto 0x68df7044;
				_a16 = _a16 | 0x00000002;
				if (_v2592 == 0) goto 0x68df6c23;
				if (_v2588 != 0) goto 0x68df6c25;
				goto 0x68df6c33;
				 *_a32 = 0x770004;
				if ((_a16 & 0x00000200) == 0) goto 0x68df7044;
				_v1880 =  *((intOrPtr*)(_a8 + 0x78));
				if (( *_v1880 & 0x000000ff) != 0x48) goto 0x68df6d0a;
				if ((_v1880[1] & 0x000000ff) != 0xc7) goto 0x68df6d0a;
				if ((_v1880[2] & 0x000000ff) != 0xc0) goto 0x68df6d0a;
				if ((_v1880[7] & 0x000000ff) != 0xff) goto 0x68df6cbf;
				if ((_v1880[8] & 0x000000ff) == 0xe0) goto 0x68df6ce3;
				if ((_v1880[7] & 0x000000ff) != 0x50) goto 0x68df6d0a;
				if ((_v1880[8] & 0x000000ff) != 0xc3) goto 0x68df6d0a;
				_v1864 = 1;
				_v1872 =  *((intOrPtr*)(_a8 + 0x78));
				goto 0x68df6de4;
				if (( *_v1880 & 0x000000ff) != 0x48) goto 0x68df6da0;
				if ((_v1880[1] & 0x000000ff) != 0xb8) goto 0x68df6da0;
				if ((_v1880[0xa] & 0x000000ff) != 0xff) goto 0x68df6d57;
				if ((_v1880[0xb] & 0x000000ff) == 0xe0) goto 0x68df6d7b;
				if ((_v1880[0xa] & 0x000000ff) != 0x50) goto 0x68df6da0;
				if ((_v1880[0xb] & 0x000000ff) != 0xc3) goto 0x68df6da0;
				_v1864 = 1;
				_v1872 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 0x78)) + 2));
				goto 0x68df6de4;
				E00007FF67FF668DF0770( &_v1848,  *((intOrPtr*)(_a8 + 0x78)));
				_v1864 = _v1832;
				_v1872 = _v1792;
				E00007FF67FF668DF0A60( &_v1848);
				if (_v1864 == 0) goto 0x68df7044;
				if (_v1872 == 0) goto 0x68df7044;
				E00007FF67FF668DDFBB0( &_v1576, _v1872);
				_v1588 = _v1360;
				_v1592 = E00007FF67FF668DE0000( &_v1576);
				E00007FF67FF668DDFFA0( &_v1576);
				_v1160 = 0;
				goto 0x68df6e63;
				_v1160 = _v1160 + 1;
				if (_v1160 - 0xa >= 0) goto 0x68df6f33;
				if (_v1588 == 0) goto 0x68df6f2c;
				if (_v1592 != 0) goto 0x68df6f2c;
				E00007FF67FF668DF0770( &_v1144, _v1872);
				_v1864 = _v1128;
				_v1872 = _v1088;
				E00007FF67FF668DF0A60( &_v1144);
				if (_v1864 == 0) goto 0x68df6f28;
				if (_v1872 == 0) goto 0x68df6f28;
				E00007FF67FF668DDFBB0( &_v888, _v1872);
				_v1588 = _v672;
				_v1592 = E00007FF67FF668DE0000( &_v888);
				E00007FF67FF668DDFFA0( &_v888);
				goto 0x68df6f2a;
				goto 0x68df6f33;
				goto 0x68df6f2e;
				goto 0x68df6f33;
				goto 0x68df6e52;
				if (_v1588 == 0) goto 0x68df7044;
				if (_v1592 == 0) goto 0x68df7044;
				 *_a24 = _v1872;
				_a16 = _a16 & 0xfffffffd;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				_t454 = _a24;
				E00007FF67FF668DE4950(0x1000, _t454,  *_t454);
				 *((long long*)(_a8 + 0x90)) = _t454;
				_t455 = _a8;
				E00007FF67FF668DE4950(0x4000, _t455,  *((intOrPtr*)(_t455 + 0x90)));
				 *((long long*)(_a8 + 0x50)) = _t455;
				 *((long long*)(_a8 + 0x58)) =  *((intOrPtr*)(_a8 + 0x50)) + 0x2000;
				memcpy(__edi, __esi, 0xe);
				 *((intOrPtr*)( *((intOrPtr*)(_v4 + 0x50)) + 2)) = 0x1ffa;
				if ((_a4 & 0x00000002) != 0) goto 0x68df7057;
				goto 0x68df7434;
				if ((_a4 & 0x00000010) != 0) goto 0x68df7422;
				_t463 = _v4;
				if ( *((long long*)(_t463 + 0x68)) == 0) goto 0x68df7422;
				r8d = 0x10;
				E00007FF67FF668DDD8D0("\"&g\nfg{199U",  &_v436);
				r8d = 0;
				E00007FF67FF668DDF640(E00007FF67FF668DDE210(0, 0,  &_v484, _t463,  &_v2584),  &_v484);
				GetModuleHandleW(??);
				if ( *((intOrPtr*)(_v4 + 0x68)) != _t463) goto 0x68df70da;
				_v48 = 1;
				goto 0x68df70e5;
				_v48 = 0;
				 *(_v4 + 0x74) = _v48 & 0x000000ff;
				_v444 = 0;
				if (( *(_v4 + 0x74) & 0x000000ff) == 0) goto 0x68df713d;
				if ((_a4 & 0x00000080) == 0) goto 0x68df713d;
				0x68de85b0();
				_v444 = _v4;
				if (( *(_v4 + 0x74) & 0x000000ff) == 0) goto 0x68df715c;
				if (_v444 == 0) goto 0x68df73e4;
				_v148 =  *((intOrPtr*)(_v4 + 0x90));
				 *((long long*)(_v4 + 0x90)) = 0;
				E00007FF67FF668DFF870( *(_v4 + 0x74) & 0x000000ff, _v148,  *((intOrPtr*)(_v4 + 0x78)));
				r8d = 0x20;
				VirtualProtect(??, ??, ??, ??);
				 *0x68fc5720 = 0x7ff668ddd7f0;
				E00007FF67FF668DE7240(0x7ff668ddd7f0, 0x68f61928, 0x68f618ec, _v148,  &_v420);
				E00007FF67FF668DE6F40(8,  &_v420);
				_v2612 = 0x7ff668ddd7f0;
				if (_v2612 == 0) goto 0x68df727d;
				_v2628 = 0;
				r9d = 0;
				r8d = 0;
				MapViewOfFile(??, ??, ??, ??, ??);
				_v132 = 0x7ff668ddd7f0;
				if (_v132 == 0) goto 0x68df7269;
				 *_v132 =  *((intOrPtr*)(_v4 + 0x78));
				UnmapViewOfFile(??);
				goto 0x68df727d;
				_t321 = CloseHandle(??);
				_v2612 = 0;
				if (_v2612 == 0) goto 0x68df7374;
				0x68de8910();
				if (_t321 == 0) goto 0x68df7374;
				 *((char*)(_v4 + 0x75)) = 1;
				if (( *(_v4 + 0x74) & 0x000000ff) == 0) goto 0x68df732b;
				r8d = 0x10;
				E00007FF67FF668DDD8D0("\"&g\nfg{199U",  &_v84);
				r8d = 0;
				E00007FF67FF668DDF640(E00007FF67FF668DDE210(_v48 & 0x000000ff, 0xf001f,  &_v124, _v4, _v148),  &_v124);
				LoadLibraryW(??);
				E00007FF67FF668DDE460( &_v124);
				E00007FF67FF668DE8DD0( *((intOrPtr*)(_v4 + 0x78)), _v148);
				goto 0x68df7346;
				 *_a12 = _v148;
				 *_a28 = 1;
				 *_a20 = 0;
				goto 0x68df73e2;
				if (_v2612 == 0) goto 0x68df7390;
				CloseHandle(??);
				_v2612 = 0;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				if ( *_a20 != 0) goto 0x68df73c1;
				 *_a20 = 0x770002;
				_v68 = 0;
				E00007FF67FF668DDE460( &_v484);
				goto 0x68df7439;
				goto 0x68df7413;
				 *_a20 = 0x770002;
				_v64 = 0;
				E00007FF67FF668DDE460( &_v484);
				goto 0x68df7439;
				E00007FF67FF668DDE460( &_v484);
				goto 0x68df7434;
				 *_a20 = 0x770002;
				goto 0x68df7439;
				return 1;
			}



















































                                                0x7ff668df6a10
                                                0x7ff668df6a15
                                                0x7ff668df6a1a
                                                0x7ff668df6a1e
                                                0x7ff668df6a2c
                                                0x7ff668df6a41
                                                0x7ff668df6a4c
                                                0x7ff668df6a54
                                                0x7ff668df6a67
                                                0x7ff668df6a73
                                                0x7ff668df6a81
                                                0x7ff668df6a8a
                                                0x7ff668df6a8f
                                                0x7ff668df6aa0
                                                0x7ff668df6aad
                                                0x7ff668df6ac3
                                                0x7ff668df6ad0
                                                0x7ff668df6ae0
                                                0x7ff668df6b00
                                                0x7ff668df6b0f
                                                0x7ff668df6b1e
                                                0x7ff668df6b2d
                                                0x7ff668df6b3c
                                                0x7ff668df6b4b
                                                0x7ff668df6b55
                                                0x7ff668df6b5a
                                                0x7ff668df6b64
                                                0x7ff668df6b69
                                                0x7ff668df6b85
                                                0x7ff668df6b8c
                                                0x7ff668df6b8e
                                                0x7ff668df6b99
                                                0x7ff668df6b9b
                                                0x7ff668df6bad
                                                0x7ff668df6bb5
                                                0x7ff668df6bbe
                                                0x7ff668df6bc5
                                                0x7ff668df6bcc
                                                0x7ff668df6bd4
                                                0x7ff668df6bfe
                                                0x7ff668df6c0e
                                                0x7ff668df6c1a
                                                0x7ff668df6c21
                                                0x7ff668df6c23
                                                0x7ff668df6c2d
                                                0x7ff668df6c41
                                                0x7ff668df6c53
                                                0x7ff668df6c69
                                                0x7ff668df6c80
                                                0x7ff668df6c97
                                                0x7ff668df6caa
                                                0x7ff668df6cbd
                                                0x7ff668df6cce
                                                0x7ff668df6ce1
                                                0x7ff668df6ce3
                                                0x7ff668df6cfd
                                                0x7ff668df6d05
                                                0x7ff668df6d18
                                                0x7ff668df6d2f
                                                0x7ff668df6d42
                                                0x7ff668df6d55
                                                0x7ff668df6d66
                                                0x7ff668df6d79
                                                0x7ff668df6d7b
                                                0x7ff668df6d96
                                                0x7ff668df6d9e
                                                0x7ff668df6db4
                                                0x7ff668df6dc0
                                                0x7ff668df6dcf
                                                0x7ff668df6ddf
                                                0x7ff668df6dec
                                                0x7ff668df6dfb
                                                0x7ff668df6e11
                                                0x7ff668df6e1d
                                                0x7ff668df6e31
                                                0x7ff668df6e40
                                                0x7ff668df6e45
                                                0x7ff668df6e50
                                                0x7ff668df6e5c
                                                0x7ff668df6e6b
                                                0x7ff668df6e79
                                                0x7ff668df6e87
                                                0x7ff668df6e9d
                                                0x7ff668df6ea9
                                                0x7ff668df6eb8
                                                0x7ff668df6ec8
                                                0x7ff668df6ed5
                                                0x7ff668df6ee0
                                                0x7ff668df6ef2
                                                0x7ff668df6efe
                                                0x7ff668df6f12
                                                0x7ff668df6f21
                                                0x7ff668df6f26
                                                0x7ff668df6f28
                                                0x7ff668df6f2a
                                                0x7ff668df6f2c
                                                0x7ff668df6f2e
                                                0x7ff668df6f3b
                                                0x7ff668df6f49
                                                0x7ff668df6f5f
                                                0x7ff668df6f6c
                                                0x7ff668df6f73
                                                0x7ff668df6f8a
                                                0x7ff668df6f90
                                                0x7ff668df6fa4
                                                0x7ff668df6faa
                                                0x7ff668df6fba
                                                0x7ff668df6fc7
                                                0x7ff668df6fce
                                                0x7ff668df6fe2
                                                0x7ff668df6fef
                                                0x7ff668df700d
                                                0x7ff668df702f
                                                0x7ff668df703d
                                                0x7ff668df7050
                                                0x7ff668df7052
                                                0x7ff668df7063
                                                0x7ff668df7069
                                                0x7ff668df7076
                                                0x7ff668df707c
                                                0x7ff668df7091
                                                0x7ff668df7096
                                                0x7ff668df70b1
                                                0x7ff668df70b9
                                                0x7ff668df70cb
                                                0x7ff668df70cd
                                                0x7ff668df70d8
                                                0x7ff668df70da
                                                0x7ff668df70f5
                                                0x7ff668df70f8
                                                0x7ff668df7112
                                                0x7ff668df7122
                                                0x7ff668df7130
                                                0x7ff668df7135
                                                0x7ff668df714b
                                                0x7ff668df7156
                                                0x7ff668df716b
                                                0x7ff668df717b
                                                0x7ff668df719a
                                                0x7ff668df71a7
                                                0x7ff668df71ba
                                                0x7ff668df71c7
                                                0x7ff668df71ec
                                                0x7ff668df71fe
                                                0x7ff668df7203
                                                0x7ff668df720e
                                                0x7ff668df7210
                                                0x7ff668df7219
                                                0x7ff668df721c
                                                0x7ff668df7229
                                                0x7ff668df722f
                                                0x7ff668df7240
                                                0x7ff668df7256
                                                0x7ff668df7261
                                                0x7ff668df7267
                                                0x7ff668df726e
                                                0x7ff668df7274
                                                0x7ff668df7283
                                                0x7ff668df72b1
                                                0x7ff668df72b8
                                                0x7ff668df72c6
                                                0x7ff668df72d8
                                                0x7ff668df72da
                                                0x7ff668df72ef
                                                0x7ff668df72f4
                                                0x7ff668df730f
                                                0x7ff668df7317
                                                0x7ff668df7325
                                                0x7ff668df733f
                                                0x7ff668df7344
                                                0x7ff668df7356
                                                0x7ff668df7361
                                                0x7ff668df736c
                                                0x7ff668df7372
                                                0x7ff668df737a
                                                0x7ff668df7381
                                                0x7ff668df7387
                                                0x7ff668df7390
                                                0x7ff668df73a0
                                                0x7ff668df73b1
                                                0x7ff668df73bb
                                                0x7ff668df73c1
                                                0x7ff668df73d4
                                                0x7ff668df73e0
                                                0x7ff668df73e2
                                                0x7ff668df73ec
                                                0x7ff668df73f2
                                                0x7ff668df7405
                                                0x7ff668df7411
                                                0x7ff668df741b
                                                0x7ff668df7420
                                                0x7ff668df742a
                                                0x7ff668df7432
                                                0x7ff668df7442

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeHandle$CloseFileView$LibraryLoadModuleProtectUnmap
                                                • String ID: "&gfg{199U
                                                • API String ID: 2445965988-1540094513
                                                • Opcode ID: c3ed494d274b2613799ec10fabc4c91299fd789bd447dc3254c9c5065bc862bf
                                                • Instruction ID: f8766993ad3199a19eb797ad55c6944f52f958cf9ae64b395d1c20395b4901a0
                                                • Opcode Fuzzy Hash: c3ed494d274b2613799ec10fabc4c91299fd789bd447dc3254c9c5065bc862bf
                                                • Instruction Fuzzy Hash: 4342E622608BC5C1EA709B25E4547AEB7B0FBD5780F444232DA8D8BB99DF3CD588DB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E06E40 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Message$DialogWindow$Param$CreateDispatchShowTranslate
                                                • String ID: In DoGdprDialog parms:
                                                • API String ID: 767074583-2792051274
                                                • Opcode ID: 0f57f2d1f33f8e6e50f95e0b24fb9d48555e051e86ef7122bc2f637d319ff42f
                                                • Instruction ID: b85b120d8e0af2b2aee4465e24549a751ef85bcaf13ef4b2912124ee3de236c7
                                                • Opcode Fuzzy Hash: 0f57f2d1f33f8e6e50f95e0b24fb9d48555e051e86ef7122bc2f637d319ff42f
                                                • Instruction Fuzzy Hash: C531F531A18A46C2FB108B70E85476967B0BF94B89F444436E94DCB6A6DF3CE499C358
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD3A80 Relevance: 18.1, APIs: 12, Instructions: 73memorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentErrorLastProcess$HandleHeapKernelObjectSecurity$AllocCloseDuplicateThread
                                                • String ID:
                                                • API String ID: 2493794345-0
                                                • Opcode ID: c45e12b5b1f0fd770187f633a19b43004ce41f43ad3487049510c4291f3ba162
                                                • Instruction ID: 2035bb5ed818272c98f013b10173c74158d783986f6324f21628b16c8b4b9046
                                                • Opcode Fuzzy Hash: c45e12b5b1f0fd770187f633a19b43004ce41f43ad3487049510c4291f3ba162
                                                • Instruction Fuzzy Hash: 0131B236608A81C6E7209BB5F44432EB7B0FBC5B94F500126EA8D87B69DFBDD448CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE49A0 Relevance: 16.9, APIs: 11, Instructions: 417memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 40%
                                                			E00007FF67FF668DE49A0(void* __ecx, void* __edx, long long __rax, long long __rcx, void* __r8, long long _a8) {
				signed long long _v24;
				signed char _v32;
				signed long long _v56;
				signed long long _v64;
				signed long long _v72;
				signed long long _v80;
				signed long long _v88;
				signed long long _v96;
				signed long long _v104;
				signed long long _v112;
				signed long long _v120;
				signed long long _v128;
				signed long long _v136;
				signed long long _v144;
				signed long long _v152;
				signed long long _v160;
				signed long long _v168;
				signed long long _v176;
				signed long long _v184;
				signed int _v188;
				long long _v224;
				long long _v232;
				intOrPtr _v240;
				signed long long _v248;
				signed long long _v256;
				signed int _v264;
				long long _v272;
				signed int _v276;
				signed int _v280;
				void* _v288;
				signed int _v296;
				char _v304;
				signed char _v308;
				signed int _v312;
				char _v320;
				long _v328;
				signed char _v336;
				signed char _v344;
				long long _v352;
				long long _v360;
				long long _v368;
				signed char _v376;
				intOrPtr _t250;
				void* _t254;
				void* _t255;
				void* _t256;
				intOrPtr _t271;
				void* _t281;
				void* _t285;
				void* _t289;
				intOrPtr* _t294;
				intOrPtr* _t296;
				intOrPtr* _t298;
				intOrPtr* _t303;
				void* _t312;
				void* _t313;
				void* _t314;
				void* _t316;
				void* _t317;

				_a8 = __rcx;
				if (E00007FF67FF668DD27D0(__ecx, __edx, __rax, __r8) != 0) goto 0x68de52f7;
				_v328 = GetLastError();
				if (_a8 == 0) goto 0x68de52eb;
				if ( *0x68fc57e0 == 0) goto 0x68de49f8;
				_t250 =  *0x68fc57e0; // 0x0
				if (E00007FF67FF668DFE370(_t250) - 0x32 > 0) goto 0x68de49f8;
				_v32 = 0;
				goto 0x68de4a03;
				_v32 = 1;
				_v296 = _v32 & 0x000000ff;
				_v288 = 0;
				if ((_v296 & 0x000000ff) != 0) goto 0x68de4a64;
				LocalAlloc(??, ??);
				_v288 = __rax;
				r8d = 0x104;
				if (GetModuleFileNameW(??, ??, ??) != 0) goto 0x68de4a5a;
				_v296 = 1;
				goto 0x68de4a64;
				E00007FF67FF668F1A6A0(__rax, _v288);
				if ((_v296 & 0x000000ff) == 0) goto 0x68de4a79;
				 *0x68fc57e0 = GetTickCount();
				_v320 = 0;
				_v312 = 0;
				_v308 = 0;
				_v304 = 0;
				EnterCriticalSection(??);
				_v276 = 0;
				_v276 = _v276 + 1;
				_t271 =  *0x68fc5798; // 0x2253dd5c6b0
				_v240 =  *((intOrPtr*)(_t271 + 8));
				if (_v276 - _v240 >= 0) goto 0x68de4c34;
				_t294 =  *0x68fc5798; // 0x2253dd5c6b0
				_v232 = _v276 * 0x248 +  *_t294;
				if (E00007FF67FF668F18910(0x40, 0x20a, _v232 + 0x10, 0x68f5e20e) == 0) goto 0x68de4c2f;
				_v272 = 0;
				if ((_v296 & 0x000000ff) != 0) goto 0x68de4bd0;
				_t296 =  *0x68fc5798; // 0x2253dd5c6b0
				_v224 = _v276 * 0x248 +  *_t296;
				_t281 = _v224 + 0x10;
				E00007FF67FF668F1A380(_v296 & 0x000000ff, _t281);
				LocalAlloc(??, ??);
				_v272 = _t281 + _t281 + 2;
				_t298 =  *0x68fc5798; // 0x2253dd5c6b0
				_t285 =  *_t298 + 0x10 + _v276 * 0x248;
				E00007FF67FF668DD5930(_t285, _v272);
				E00007FF67FF668F1A6A0(_t285, _v272);
				if ((_v296 & 0x000000ff) != 0) goto 0x68de4bf0;
				E00007FF67FF668ED3000(_v296 & 0x000000ff, 0x40, _t289, _v288, _v272, _t312, _t313, _t314, _t316, _t317);
				if (_t285 == 0) goto 0x68de4c16;
				_t303 =  *0x68fc5798; // 0x2253dd5c6b0
				E00007FF67FF668DE6370(_t254, _t255, _t256,  &_v320, _v276 * 0x248 +  *_t303);
				if (_v272 == 0) goto 0x68de4c2f;
				LocalFree(??);
				goto L1;
				__rcx = 0x68fc5768;
				LeaveCriticalSection(??);
				if (_v288 == 0) goto 0x68de4c54;
				__rcx = _v288;
				__eax = LocalFree(??);
				_v280 = 0;
				_v264 = 0;
				_v264 = _v264 + 1;
				_v264 = _v264 + 1;
				__eax = _v312;
				_v188 = _v312;
				__eax = _v188;
				if (_v264 - _v188 >= 0) goto 0x68de52d0;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v184 = _v320 + _v264 * 0x248;
				_v184 = _v184 + 0x10;
				__rdx = 0x68f5e20e;
				__rcx = _v184 + 0x10;
				if (E00007FF67FF668F18910(__ecx, __edx, _v184 + 0x10, 0x68f5e20e) == 0) goto 0x68de52cb;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x228 + _v264 * 0x248)) == 0) goto 0x68de4e01;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v176 = _v320 + _v264 * 0x248;
				__rax = _v176;
				__rax =  *((intOrPtr*)(_v176 + 0x228));
				__edx = 6;
				__rcx =  *((intOrPtr*)(__rax + 0x30));
				if (E00007FF67FF668DD54F0(__rax,  *((intOrPtr*)(__rax + 0x30)), 0x68f5e20e) != 0) goto 0x68de4e01;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v168 = _v320 + _v264 * 0x248;
				_v168 =  *(_v168 + 0x228);
				__rax =  *((intOrPtr*)( *(_v168 + 0x228) + 0x30));
				_v264 = _v264 * 0x248;
				__rdx = _v320;
				__rcx =  *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248));
				__ecx =  *(__rcx + 0x38);
				if ( *((intOrPtr*)( *((intOrPtr*)( *(_v168 + 0x228) + 0x30)))) !=  *(__rcx + 0x38)) goto 0x68de4e01;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v160 = _v320 + _v264 * 0x248;
				_v160 =  *(_v160 + 0x228);
				__rax =  *((intOrPtr*)( *(_v160 + 0x228) + 0x30));
				__eax =  *(__rax + 4) & 0x0000ffff;
				_v264 = _v264 * 0x248;
				__rdx = _v320;
				__rcx =  *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248));
				__ecx =  *(__rcx + 0x3c) & 0x0000ffff;
				if (( *(__rax + 4) & 0x0000ffff) == ( *(__rcx + 0x3c) & 0x0000ffff)) goto 0x68de52cb;
				__eax = _v280 & 0x000000ff;
				if ((_v280 & 0x000000ff) != 0) goto 0x68de4e1a;
				_v280 = 1;
				__eax = E00007FF67FF668DE7C30();
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v152 = _v320 + _v264 * 0x248;
				__rax = _v152;
				__rax = _v152 + 0x10;
				__rcx = __rax;
				__eax = GetModuleHandleA(??);
				_v248 = __rax;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((intOrPtr*)(_v320 + 0x218 + _v264 * 0x248)) == 0) goto 0x68de4ec6;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v144 = _v320 + _v264 * 0x248;
				__rax = _v144;
				__edx =  *(__rax + 0x218);
				__rcx = _v248;
				__eax = E00007FF67FF668DDC3C0( *(__rax + 0x218), __rax, _v248);
				__rcx = __rax;
				__eax = E00007FF67FF668DE8F60(__rax);
				_v256 = __rax;
				goto 0x68de4f1c;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v136 = _v320 + _v264 * 0x248;
				__rax = _v136;
				__rax = _v136 + 0x114;
				r8d = 1;
				__rdx = __rax;
				__rcx = _v248;
				0x68ddbfa0();
				__rcx = __rax;
				__eax = E00007FF67FF668DE8F60(__rax);
				_v256 = __rax;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x228 + _v264 * 0x248)) != 0) goto 0x68de4f46;
				if (_v248 != 0) goto 0x68de4f93;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + 0x228 + _v264 * 0x248)) == 0) goto 0x68de5178;
				_v264 = _v264 * 0x248;
				__rcx = _v320;
				__rdx = _v256;
				if ( *((intOrPtr*)(_v320 + 0x220 + _v264 * 0x248)) == _v256) goto 0x68de5178;
				_v264 = _v264 * 0x248;
				r8d = 1;
				__edx = 1;
				__rcx = _v320;
				__rcx =  *((intOrPtr*)(_v320 + 0x230 + _v264 * 0x248));
				__eax = E00007FF67FF668DE43F0(1,  *((intOrPtr*)(_v320 + 0x230 + _v264 * 0x248)));
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v128 = _v320 + _v264 * 0x248;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v120 = _v320 + _v264 * 0x248;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v112 = _v320 + _v264 * 0x248;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v104 = _v320 + _v264 * 0x248;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v96 = _v320 + _v264 * 0x248;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v88 = _v320 + _v264 * 0x248;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v80 = _v320 + _v264 * 0x248;
				_v88 = _v88 + 0x114;
				_v80 = _v80 + 0x10;
				_v264 = _v264 * 0x248;
				_v24 = _v264 * 0x248;
				__r8 = _v128;
				r8d =  *(_v128 + 0x244);
				_v336 = r8d;
				__r8 = _v120;
				r8d =  *(_v120 + 0x240);
				_v344 = r8d;
				_v112 =  *(_v112 + 0x230);
				_v352 =  *(_v112 + 0x230);
				_v104 =  *(_v104 + 0x238);
				_v360 =  *(_v104 + 0x238);
				__r8 = _v256;
				_v368 = _v256;
				__r8 = _v96;
				r8d =  *(_v96 + 0x218);
				_v376 = r8d;
				__r9 = _v88 + 0x114;
				__r8 = _v80 + 0x10;
				__rdx = _v248;
				__rax = _v320;
				__rcx = _v24;
				__rcx =  *((intOrPtr*)(__rax + _v24));
				__eax = E00007FF67FF668DE3D70(__rax,  *((intOrPtr*)(__rax + _v24)), __rdx, _v80 + 0x10, _v88 + 0x114);
				goto 0x68de52cb;
				__rax = _v264;
				__rax = _v264 * 0x248;
				__rcx = _v320;
				if ( *((long long*)(_v320 + __rax + 0x228)) == 0) goto 0x68de52cb;
				__ecx = 9;
				E00007FF67FF668DDBCC0();
				if (__rax != 0) goto 0x68de52aa;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v72 = _v320 + _v264 * 0x248;
				__rax = _v72;
				__rax =  *((intOrPtr*)(_v72 + 0x228));
				__edx = 6;
				__rcx =  *((intOrPtr*)(__rax + 0x30));
				if (E00007FF67FF668DD54F0(__rax,  *((intOrPtr*)(__rax + 0x30)), __rdx) != 0) goto 0x68de52cb;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v64 = _v320 + _v264 * 0x248;
				_v64 =  *(_v64 + 0x228);
				__rax =  *((intOrPtr*)( *(_v64 + 0x228) + 0x30));
				_v264 = _v264 * 0x248;
				__rdx = _v320;
				__rcx =  *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248));
				__ecx =  *(__rcx + 0x3e);
				if ( *((intOrPtr*)( *((intOrPtr*)( *(_v64 + 0x228) + 0x30)))) !=  *(__rcx + 0x3e)) goto 0x68de52cb;
				_v264 = _v264 * 0x248;
				_v320 = _v320 + _v264 * 0x248;
				__rax = _v320 + _v264 * 0x248;
				_v56 = _v320 + _v264 * 0x248;
				_v56 =  *(_v56 + 0x228);
				__rax =  *((intOrPtr*)( *(_v56 + 0x228) + 0x30));
				__eax =  *(__rax + 4) & 0x0000ffff;
				_v264 = _v264 * 0x248;
				__rdx = _v320;
				__rcx =  *((intOrPtr*)(_v320 + 0x228 + _v264 * 0x248));
				__ecx =  *(__rcx + 0x42) & 0x0000ffff;
				if (( *(__rax + 4) & 0x0000ffff) != ( *(__rcx + 0x42) & 0x0000ffff)) goto 0x68de52cb;
				__rax = _v264;
				__rax = _v264 * 0x248;
				__rcx = _v320;
				__rcx =  *((intOrPtr*)(_v320 + __rax + 0x230));
				__eax = E00007FF67FF668DE3B00(__rax,  *((intOrPtr*)(_v320 + __rax + 0x230)));
				goto L2;
				__eax = _v280 & 0x000000ff;
				if ((_v280 & 0x000000ff) == 0) goto 0x68de52e1;
				__eax = E00007FF67FF668DE7C50();
				__rcx =  &_v320;
				__eax = E00007FF67FF668DE65B0( &_v320);
				__ecx = _v328;
				SetLastError(??);
				goto 0x68de52f7;
				return __eax;
			}






























































                                                0x7ff668de49a0
                                                0x7ff668de49b3
                                                0x7ff668de49bf
                                                0x7ff668de49cc
                                                0x7ff668de49d9
                                                0x7ff668de49db
                                                0x7ff668de49e9
                                                0x7ff668de49eb
                                                0x7ff668de49f6
                                                0x7ff668de49f8
                                                0x7ff668de4a0b
                                                0x7ff668de4a0f
                                                0x7ff668de4a1f
                                                0x7ff668de4a2b
                                                0x7ff668de4a31
                                                0x7ff668de4a36
                                                0x7ff668de4a51
                                                0x7ff668de4a53
                                                0x7ff668de4a58
                                                0x7ff668de4a5f
                                                0x7ff668de4a6b
                                                0x7ff668de4a73
                                                0x7ff668de4a79
                                                0x7ff668de4a82
                                                0x7ff668de4a8a
                                                0x7ff668de4a92
                                                0x7ff668de4a9e
                                                0x7ff668de4aa5
                                                0x7ff668de4abc
                                                0x7ff668de4ac3
                                                0x7ff668de4acd
                                                0x7ff668de4ae2
                                                0x7ff668de4af7
                                                0x7ff668de4b01
                                                0x7ff668de4b26
                                                0x7ff668de4b2c
                                                0x7ff668de4b3f
                                                0x7ff668de4b54
                                                0x7ff668de4b5e
                                                0x7ff668de4b6e
                                                0x7ff668de4b75
                                                0x7ff668de4b87
                                                0x7ff668de4b8d
                                                0x7ff668de4ba4
                                                0x7ff668de4bae
                                                0x7ff668de4bbe
                                                0x7ff668de4bcb
                                                0x7ff668de4bd7
                                                0x7ff668de4be6
                                                0x7ff668de4bee
                                                0x7ff668de4bff
                                                0x7ff668de4c11
                                                0x7ff668de4c1f
                                                0x7ff668de4c29
                                                0x7ff668de4c2f
                                                0x7ff668de4c34
                                                0x7ff668de4c3b
                                                0x7ff668de4c47
                                                0x7ff668de4c49
                                                0x7ff668de4c4e
                                                0x7ff668de4c54
                                                0x7ff668de4c5c
                                                0x7ff668de4c70
                                                0x7ff668de4c73
                                                0x7ff668de4c7a
                                                0x7ff668de4c7e
                                                0x7ff668de4c85
                                                0x7ff668de4c93
                                                0x7ff668de4ca1
                                                0x7ff668de4cad
                                                0x7ff668de4cb0
                                                0x7ff668de4cb3
                                                0x7ff668de4cc3
                                                0x7ff668de4cc7
                                                0x7ff668de4cce
                                                0x7ff668de4cd8
                                                0x7ff668de4ce6
                                                0x7ff668de4ced
                                                0x7ff668de4cfb
                                                0x7ff668de4d09
                                                0x7ff668de4d15
                                                0x7ff668de4d18
                                                0x7ff668de4d1b
                                                0x7ff668de4d23
                                                0x7ff668de4d2b
                                                0x7ff668de4d32
                                                0x7ff668de4d37
                                                0x7ff668de4d42
                                                0x7ff668de4d50
                                                0x7ff668de4d5c
                                                0x7ff668de4d5f
                                                0x7ff668de4d62
                                                0x7ff668de4d72
                                                0x7ff668de4d79
                                                0x7ff668de4d85
                                                0x7ff668de4d8c
                                                0x7ff668de4d91
                                                0x7ff668de4d99
                                                0x7ff668de4d9e
                                                0x7ff668de4da8
                                                0x7ff668de4db4
                                                0x7ff668de4db7
                                                0x7ff668de4dba
                                                0x7ff668de4dca
                                                0x7ff668de4dd1
                                                0x7ff668de4dd5
                                                0x7ff668de4de1
                                                0x7ff668de4de8
                                                0x7ff668de4ded
                                                0x7ff668de4df5
                                                0x7ff668de4dfb
                                                0x7ff668de4e01
                                                0x7ff668de4e0b
                                                0x7ff668de4e0d
                                                0x7ff668de4e15
                                                0x7ff668de4e22
                                                0x7ff668de4e2e
                                                0x7ff668de4e31
                                                0x7ff668de4e34
                                                0x7ff668de4e3c
                                                0x7ff668de4e44
                                                0x7ff668de4e48
                                                0x7ff668de4e4b
                                                0x7ff668de4e51
                                                0x7ff668de4e61
                                                0x7ff668de4e68
                                                0x7ff668de4e75
                                                0x7ff668de4e7f
                                                0x7ff668de4e8b
                                                0x7ff668de4e8e
                                                0x7ff668de4e91
                                                0x7ff668de4e99
                                                0x7ff668de4ea1
                                                0x7ff668de4ea7
                                                0x7ff668de4eaf
                                                0x7ff668de4eb4
                                                0x7ff668de4eb7
                                                0x7ff668de4ebc
                                                0x7ff668de4ec4
                                                0x7ff668de4ece
                                                0x7ff668de4eda
                                                0x7ff668de4edd
                                                0x7ff668de4ee0
                                                0x7ff668de4ee8
                                                0x7ff668de4ef0
                                                0x7ff668de4ef6
                                                0x7ff668de4efc
                                                0x7ff668de4eff
                                                0x7ff668de4f07
                                                0x7ff668de4f0c
                                                0x7ff668de4f0f
                                                0x7ff668de4f14
                                                0x7ff668de4f24
                                                0x7ff668de4f2b
                                                0x7ff668de4f39
                                                0x7ff668de4f44
                                                0x7ff668de4f4e
                                                0x7ff668de4f55
                                                0x7ff668de4f63
                                                0x7ff668de4f71
                                                0x7ff668de4f78
                                                0x7ff668de4f7d
                                                0x7ff668de4f8d
                                                0x7ff668de4f9b
                                                0x7ff668de4fa2
                                                0x7ff668de4fa8
                                                0x7ff668de4fad
                                                0x7ff668de4fb2
                                                0x7ff668de4fba
                                                0x7ff668de4fc7
                                                0x7ff668de4fd3
                                                0x7ff668de4fd6
                                                0x7ff668de4fd9
                                                0x7ff668de4fe9
                                                0x7ff668de4ff5
                                                0x7ff668de4ff8
                                                0x7ff668de4ffb
                                                0x7ff668de500b
                                                0x7ff668de5017
                                                0x7ff668de501a
                                                0x7ff668de501d
                                                0x7ff668de502d
                                                0x7ff668de5039
                                                0x7ff668de503c
                                                0x7ff668de503f
                                                0x7ff668de504f
                                                0x7ff668de505b
                                                0x7ff668de505e
                                                0x7ff668de5061
                                                0x7ff668de5071
                                                0x7ff668de507d
                                                0x7ff668de5080
                                                0x7ff668de5083
                                                0x7ff668de5093
                                                0x7ff668de509f
                                                0x7ff668de50a2
                                                0x7ff668de50a5
                                                0x7ff668de50b5
                                                0x7ff668de50c3
                                                0x7ff668de50cf
                                                0x7ff668de50d6
                                                0x7ff668de50de
                                                0x7ff668de50e6
                                                0x7ff668de50ed
                                                0x7ff668de50f2
                                                0x7ff668de50fa
                                                0x7ff668de5101
                                                0x7ff668de510e
                                                0x7ff668de5115
                                                0x7ff668de5122
                                                0x7ff668de5129
                                                0x7ff668de512e
                                                0x7ff668de5136
                                                0x7ff668de513b
                                                0x7ff668de5143
                                                0x7ff668de514a
                                                0x7ff668de514f
                                                0x7ff668de5152
                                                0x7ff668de5155
                                                0x7ff668de515d
                                                0x7ff668de5162
                                                0x7ff668de516a
                                                0x7ff668de516e
                                                0x7ff668de5173
                                                0x7ff668de5178
                                                0x7ff668de5180
                                                0x7ff668de5187
                                                0x7ff668de5195
                                                0x7ff668de519b
                                                0x7ff668de51a0
                                                0x7ff668de51a8
                                                0x7ff668de51b6
                                                0x7ff668de51c2
                                                0x7ff668de51c5
                                                0x7ff668de51c8
                                                0x7ff668de51d0
                                                0x7ff668de51d8
                                                0x7ff668de51df
                                                0x7ff668de51e4
                                                0x7ff668de51ef
                                                0x7ff668de51fd
                                                0x7ff668de5209
                                                0x7ff668de520c
                                                0x7ff668de520f
                                                0x7ff668de521f
                                                0x7ff668de5226
                                                0x7ff668de5232
                                                0x7ff668de5239
                                                0x7ff668de523e
                                                0x7ff668de5246
                                                0x7ff668de524b
                                                0x7ff668de5255
                                                0x7ff668de5261
                                                0x7ff668de5264
                                                0x7ff668de5267
                                                0x7ff668de5277
                                                0x7ff668de527e
                                                0x7ff668de5282
                                                0x7ff668de528e
                                                0x7ff668de5295
                                                0x7ff668de529a
                                                0x7ff668de52a2
                                                0x7ff668de52a8
                                                0x7ff668de52aa
                                                0x7ff668de52b2
                                                0x7ff668de52b9
                                                0x7ff668de52be
                                                0x7ff668de52c6
                                                0x7ff668de52cb
                                                0x7ff668de52d0
                                                0x7ff668de52da
                                                0x7ff668de52dc
                                                0x7ff668de52e1
                                                0x7ff668de52e6
                                                0x7ff668de52eb
                                                0x7ff668de52ef
                                                0x7ff668de52f5
                                                0x7ff668de52fe

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$AllocCountErrorLastTick$CriticalCurrentEnterFileFreeModuleNameProcessSection
                                                • String ID:
                                                • API String ID: 1060730505-0
                                                • Opcode ID: b46b0dd7738f7db8a3552cd9957f7f4892da7fe869cf96abf135ad112df4d4ba
                                                • Instruction ID: c89ff9b78a98ef52297e0d117209bdd24da126076004544ff47a6507cdde7a0c
                                                • Opcode Fuzzy Hash: b46b0dd7738f7db8a3552cd9957f7f4892da7fe869cf96abf135ad112df4d4ba
                                                • Instruction Fuzzy Hash: AA32FA32609BC1C5EBB08B65E4953AEA7B0FBD4B94F404136DA8D8BBA5DF3CD0548B14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E0398E Relevance: 16.7, APIs: 1, Strings: 10, Instructions: 237COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 17%
                                                			E00007FF67FF668E0398E(void* __eax, void* __ebx, intOrPtr __esi, long long __rbx, long long __rdi, long long __rsi, void* __r9, void* __r12, long long __r13, void* __r15) {
				void* _t105;
				signed int _t118;
				signed int _t120;
				intOrPtr _t124;
				void* _t131;
				signed int _t132;
				intOrPtr _t142;
				void* _t147;
				signed char* _t172;
				long long _t178;
				void* _t185;
				void* _t196;
				void* _t205;
				void* _t209;
				void* _t212;
				void* _t226;
				signed short* _t232;
				signed short* _t234;
				void* _t241;
				long long _t243;
				void* _t245;
				signed long long _t247;
				void* _t249;
				void* _t262;
				void* _t269;
				long long _t271;
				void* _t273;

				_t271 = __r13;
				_t269 = __r12;
				_t262 = __r9;
				_t243 = __rsi;
				_t142 = __esi;
				_t131 = __ebx;
				if (__eax == 0) goto 0x68e039a4;
				E00007FF67FF668E19370( *((intOrPtr*)(_t247 + 0x40)), _t226);
				goto 0x68e03db4;
				 *((long long*)(_t247 + 0x3670)) = __rbx;
				 *((long long*)(_t247 + 0x3668)) = __rdi;
				r8d = 0x2328;
				_t185 =  ==  ? "moz_cookies" : "cookies";
				_t169 =  ==  ? "host" : "host_key";
				 *((long long*)(_t247 + 0x58)) =  ==  ? "host" : "host_key";
				_t241 =  ==  ? "expiry" : "expires_utc";
				E00007FF67FF668ED1330(__rsi + 7, 0, _t245 - 0x80, _t226, _t249);
				_t105 = E00007FF67FF668E003A0(__ebx, "expiry", _t245 + 0x2340, "SELECT tbl_name FROM sqlite_master WHERE type=\'table\' AND name=\'%s\';", _t185, _t262);
				r8d = 0xfff;
				E00007FF67FF668ED1330(_t105, 0, _t245 + 0x2550, "SELECT tbl_name FROM sqlite_master WHERE type=\'table\' AND name=\'%s\';", _t185);
				 *((long long*)(_t247 + 0x20)) = _t247 + 0x40;
				_t147 = E00007FF67FF668E18220( *((intOrPtr*)(_t247 + 0x48)), _t245 + 0x2340, __rsi, _t245, E00007FF67FF668E03DE0, _t245 + 0x2550, __r12, __r13, _t273);
				if (_t147 != 0) goto 0x68e03d8b;
				_t172 = _t245 + 0x2550;
				_t132 = _t172[_t185 - _t172] & 0x000000ff;
				if (_t147 != 0) goto 0x68e03a83;
				if (_t132 != 0) goto 0x68e03a70;
				if (( *_t172 & 0x000000ff) - _t132 != 0) goto 0x68e03d8b;
				 *((long long*)(_t247 + 0x30)) =  *((intOrPtr*)(_t247 + 0x58));
				 *((long long*)(_t247 + 0x28)) =  *((intOrPtr*)(_t247 + 0x68));
				 *((long long*)(_t247 + 0x20)) = _t271;
				E00007FF67FF668E02E00(( *_t172 & 0x000000ff) - _t132, _t245 + 0x2340, "length(encrypted_value)", _t185, _t269);
				_t196 = _t245 + 0x2340 - 1;
				asm("o16 nop [eax+eax]");
				if ( *((intOrPtr*)(_t196 + 1)) != sil) goto 0x68e03ad0;
				 *((short*)(_t196 + 1)) = ";" & 0x0000ffff;
				 *((long long*)(_t247 + 0x20)) = _t247 + 0x40;
				 *((intOrPtr*)(_t247 + 0x50)) = _t142;
				if (E00007FF67FF668E18220( *((intOrPtr*)(_t247 + 0x48)), _t245 + 0x2340, _t243, _t245, 0x7ff668e02fc0, _t247 + 0x50, _t269, _t271, _t273) == 0) goto 0x68e03b1f;
				E00007FF67FF668E19370( *((intOrPtr*)(_t247 + 0x40)), _t245 + 0x2340);
				goto 0x68e03b30;
				 *((intOrPtr*)(_t245 + 0x22a0)) =  *((intOrPtr*)(_t247 + 0x50));
				 *((char*)(_t245 + 0x129b)) = 1;
				 *((long long*)(_t247 + 0x30)) =  *((intOrPtr*)(_t247 + 0x58));
				_t178 =  *((intOrPtr*)(_t247 + 0x68));
				 *((long long*)(_t247 + 0x28)) = _t178;
				 *((long long*)(_t247 + 0x20)) = _t271;
				E00007FF67FF668EFA928(E00007FF67FF668E02E00(E00007FF67FF668E18220( *((intOrPtr*)(_t247 + 0x48)), _t245 + 0x2340, _t243, _t245, 0x7ff668e02fc0, _t247 + 0x50, _t269, _t271, _t273), _t245 + 0x2340, "*", _t185, _t269), _t245 + 0x2340, "*");
				 *((long long*)(_t247 + 0x78)) = _t178;
				E00007FF67FF668EFA584(E00007FF67FF668EF9D3C(_t178, _t185, _t247 + 0x78, _t243), _t178, "*");
				if (r14d != 3) goto 0x68e03be2;
				r9d = _t131;
				_t232 = " AND %s>%ld";
				E00007FF67FF668E003A0(_t131, _t178, _t245 + 0x22b0, _t232, _t241, _t269);
				_t205 = _t245 + 0x2340 - 1;
				if ( *((intOrPtr*)(_t205 + 1)) != sil) goto 0x68e03bb0;
				asm("o16 nop [eax+eax]");
				_t118 =  *(_t245 + 0x22b0 + _t232) & 0x000000ff;
				 *(_t205 + 1 + _t232) = _t118;
				if (_t118 != 0) goto 0x68e03bd0;
				goto 0x68e03c50;
				if (r14d != 5) goto 0x68e03c50;
				if ( *((intOrPtr*)(_t245 + 0x129b)) != sil) goto 0x68e03c50;
				r9d = _t131;
				_t234 = " AND (%s/1000000)>%llu";
				E00007FF67FF668E003A0(_t131, 0xb6109100, _t245 + 0x22b0, _t234, _t241, _t269 + 0xb6109100);
				_t209 = _t245 + 0x2340 - 1;
				if ( *((intOrPtr*)(_t209 + 1)) != sil) goto 0x68e03c21;
				_t120 =  *(_t245 + 0x22b0 + _t234) & 0x000000ff;
				 *(_t209 + 1 + _t234) = _t120;
				if (_t120 != 0) goto 0x68e03c40;
				_t212 = _t245 + 0x2340 - 1;
				asm("o16 nop [eax+eax]");
				if ( *((intOrPtr*)(_t212 + 1)) != sil) goto 0x68e03c60;
				 *((short*)(_t212 + 1)) = ";" & 0x0000ffff;
				 *((long long*)(_t247 + 0x20)) = _t247 + 0x40;
				if (E00007FF67FF668E18220( *((intOrPtr*)(_t247 + 0x48)), _t245 + 0x2340, _t243, _t245, 0x7ff668e03560, _t245 - 0x80, _t269, _t271, _t273) == 0) goto 0x68e03cb2;
				E00007FF67FF668E19370( *((intOrPtr*)(_t247 + 0x40)), _t245 + 0x2340);
				goto 0x68e03d73;
				if ( *((intOrPtr*)(_t245 + 0x22a4)) == sil) goto 0x68e03cda;
				if ( *((intOrPtr*)(_t245 + 0x129b)) == sil) goto 0x68e03d4e;
				if ( *((intOrPtr*)(_t245 + 0x129c)) == sil) goto 0x68e03ce4;
				if ( *((intOrPtr*)(_t245 + 0x1288)) - _t178 > 0) goto 0x68e03ce4;
				goto 0x68e03d73;
				_t124 =  *((intOrPtr*)(_t245 + 0x22a0));
				 *((intOrPtr*)(_t247 + 0x68)) = _t124;
				r9d = 0;
				r8d = 0;
				 *((long long*)(_t247 + 0x70)) = _t245 + 0x129e;
				 *((long long*)(_t247 + 0x30)) = _t247 + 0x58;
				 *((intOrPtr*)(_t247 + 0x28)) = 4;
				 *((long long*)(_t247 + 0x20)) = _t243;
				0x68e99a97();
				if (_t124 == 0) goto 0x68e03cda;
				r8d =  *((intOrPtr*)(_t247 + 0x58));
				0x68ed0c80();
				 *((intOrPtr*)(_t245 + _t241 + 0x80)) = sil;
				LocalFree(??);
				r8d = 0x2328;
				0x68ed0c80();
				 *((intOrPtr*)(__r15 + 0x3320)) = r14d;
				 *((char*)(__r15 + 0x200a)) = 1;
				E00007FF67FF668E19370( *((intOrPtr*)(_t247 + 0x40)), _t245 - 0x80);
				0x68e18200();
				goto 0x68e03da4;
				E00007FF67FF668E19370( *((intOrPtr*)(_t247 + 0x40)), _t245 - 0x80);
				0x68e18200();
				return E00007FF67FF668E9D970(0xb, 0,  *(_t245 + 0x3550) ^ _t247);
			}






























                                                0x7ff668e0398e
                                                0x7ff668e0398e
                                                0x7ff668e0398e
                                                0x7ff668e0398e
                                                0x7ff668e0398e
                                                0x7ff668e0398e
                                                0x7ff668e03990
                                                0x7ff668e03997
                                                0x7ff668e0399f
                                                0x7ff668e039a4
                                                0x7ff668e039b7
                                                0x7ff668e039c6
                                                0x7ff668e039d3
                                                0x7ff668e039e5
                                                0x7ff668e039ed
                                                0x7ff668e039f9
                                                0x7ff668e039ff
                                                0x7ff668e03a15
                                                0x7ff668e03a23
                                                0x7ff668e03a29
                                                0x7ff668e03a3f
                                                0x7ff668e03a57
                                                0x7ff668e03a59
                                                0x7ff668e03a5f
                                                0x7ff668e03a73
                                                0x7ff668e03a7a
                                                0x7ff668e03a81
                                                0x7ff668e03a85
                                                0x7ff668e03a97
                                                0x7ff668e03aab
                                                0x7ff668e03ab3
                                                0x7ff668e03ab8
                                                0x7ff668e03ac4
                                                0x7ff668e03ac7
                                                0x7ff668e03ad8
                                                0x7ff668e03ae6
                                                0x7ff668e03b01
                                                0x7ff668e03b06
                                                0x7ff668e03b11
                                                0x7ff668e03b18
                                                0x7ff668e03b1d
                                                0x7ff668e03b23
                                                0x7ff668e03b29
                                                0x7ff668e03b3c
                                                0x7ff668e03b48
                                                0x7ff668e03b50
                                                0x7ff668e03b58
                                                0x7ff668e03b64
                                                0x7ff668e03b6e
                                                0x7ff668e03b7b
                                                0x7ff668e03b87
                                                0x7ff668e03b89
                                                0x7ff668e03b8c
                                                0x7ff668e03b9d
                                                0x7ff668e03ba9
                                                0x7ff668e03bb8
                                                0x7ff668e03bc7
                                                0x7ff668e03bd0
                                                0x7ff668e03bd5
                                                0x7ff668e03bde
                                                0x7ff668e03be0
                                                0x7ff668e03be6
                                                0x7ff668e03bef
                                                0x7ff668e03bfb
                                                0x7ff668e03c01
                                                0x7ff668e03c12
                                                0x7ff668e03c1e
                                                0x7ff668e03c29
                                                0x7ff668e03c40
                                                0x7ff668e03c45
                                                0x7ff668e03c4e
                                                0x7ff668e03c57
                                                0x7ff668e03c5a
                                                0x7ff668e03c68
                                                0x7ff668e03c75
                                                0x7ff668e03c90
                                                0x7ff668e03c9c
                                                0x7ff668e03ca3
                                                0x7ff668e03cad
                                                0x7ff668e03cb9
                                                0x7ff668e03cc2
                                                0x7ff668e03ccf
                                                0x7ff668e03cd8
                                                0x7ff668e03cdf
                                                0x7ff668e03ce4
                                                0x7ff668e03cef
                                                0x7ff668e03cf3
                                                0x7ff668e03cfd
                                                0x7ff668e03d00
                                                0x7ff668e03d0c
                                                0x7ff668e03d11
                                                0x7ff668e03d15
                                                0x7ff668e03d1a
                                                0x7ff668e03d21
                                                0x7ff668e03d33
                                                0x7ff668e03d36
                                                0x7ff668e03d40
                                                0x7ff668e03d48
                                                0x7ff668e03d55
                                                0x7ff668e03d5f
                                                0x7ff668e03d64
                                                0x7ff668e03d6b
                                                0x7ff668e03d78
                                                0x7ff668e03d82
                                                0x7ff668e03d89
                                                0x7ff668e03d90
                                                0x7ff668e03d9a
                                                0x7ff668e03dd4

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AND %s>%ld$ AND (%s/1000000)>%llu$SELECT tbl_name FROM sqlite_master WHERE type='table' AND name='%s';$cookies$expires_utc$expiry$host$host_key$length(encrypted_value)$moz_cookies
                                                • API String ID: 0-2568350271
                                                • Opcode ID: af0899d9441ef024f70a8ee88a98aca3d564a571c2b7fd9a695c4cd3f5fe2d6e
                                                • Instruction ID: e4051c8044fee0a41ff87ff45ad234c8e29110563886e357461307336f55c3e8
                                                • Opcode Fuzzy Hash: af0899d9441ef024f70a8ee88a98aca3d564a571c2b7fd9a695c4cd3f5fe2d6e
                                                • Instruction Fuzzy Hash: 2DC14D26608A82D5EB21DB35E4405FA7770FF85788F844032EA8D8BA65EF3CD219C754
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD29D0 Relevance: 16.6, APIs: 11, Instructions: 97COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentProcess$Handle$Duplicate$Close
                                                • String ID:
                                                • API String ID: 2460367780-0
                                                • Opcode ID: b5d292041eca0bee1ce46d0c2a42f9fe54d896c12bfaf88fea5dff9cfbc56abf
                                                • Instruction ID: 58481cfbfec040aca24b1493e11404531c793377cf276166d7421ab4b91e9d33
                                                • Opcode Fuzzy Hash: b5d292041eca0bee1ce46d0c2a42f9fe54d896c12bfaf88fea5dff9cfbc56abf
                                                • Instruction Fuzzy Hash: 1051B632508A81C6E7209B75E4543AAB7B0FBC8794F504135DA8E8BA59DF7DD448CF14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD3C80 Relevance: 15.3, APIs: 10, Instructions: 289memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 89110c00e7cd7367e13821fb7d7f2099c5ead7e34f59d31d175945a8154086b1
                                                • Instruction ID: 5a32be2d295ab14705f4c855020c348a2c15503b8defa45aa7011e8f041dd669
                                                • Opcode Fuzzy Hash: 89110c00e7cd7367e13821fb7d7f2099c5ead7e34f59d31d175945a8154086b1
                                                • Instruction Fuzzy Hash: 28F1E672609BC1C5EB718B25E4903AAA770FBD8B80F400136DA8E9BBA5DF3CD545CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD4A20 Relevance: 15.1, APIs: 10, Instructions: 114synchronizationthreadinjectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$Process$MemoryVirtual$AllocCloseCodeCurrentExitHandleLocalObjectProtectQueryReadSingleThreadWaitWrite
                                                • String ID:
                                                • API String ID: 2977805236-0
                                                • Opcode ID: 213d4f35a3f4505a2870d8b51e55cb94ae49629f6694fca02e96142a9040f9fa
                                                • Instruction ID: 64feb8c44502acd2cb98c8e4129786dd7e4ff684de73c2593b7659e7a7654a12
                                                • Opcode Fuzzy Hash: 213d4f35a3f4505a2870d8b51e55cb94ae49629f6694fca02e96142a9040f9fa
                                                • Instruction Fuzzy Hash: A451143260CA85C6E6709B75E4447AEB3B1FB85794F504225EA8D87AA9CF7CD448CF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE6AE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 111stringmemoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentProcessVirtuallstrlen$AllocDuplicateFreeHandle
                                                • String ID: Section
                                                • API String ID: 3115487881-3805168499
                                                • Opcode ID: 90e375918e7aa71b43895f2c80f54c8eb48982dd9c9817460e3dd9ec42d4be76
                                                • Instruction ID: 6be21625df619fdff8b6ae3c9bf4b12ede530d73806514be814f2a402f2ca43a
                                                • Opcode Fuzzy Hash: 90e375918e7aa71b43895f2c80f54c8eb48982dd9c9817460e3dd9ec42d4be76
                                                • Instruction Fuzzy Hash: 5351B47160CAC1C6E7709B35F8483AAA7B0FB89B84F404535DA8D8BA99DF7DD448CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DFAB52 Relevance: 13.9, APIs: 9, Instructions: 382memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 15%
                                                			E00007FF67FF668DFAB52(void* __ebx, void* __ecx, intOrPtr* __rax, void* __rbx, intOrPtr* __rdi) {
				signed char _t329;
				void* _t334;
				void* _t359;
				void* _t369;
				void* _t384;
				void* _t388;
				void* _t389;
				void* _t396;
				void* _t406;
				int _t411;
				void* _t414;
				long _t445;
				long long _t558;
				intOrPtr* _t570;
				signed int _t572;
				signed long long _t582;
				signed long long _t583;
				intOrPtr* _t585;
				signed long long _t641;
				void* _t693;
				void* _t694;
				signed long long _t698;

				_t570 = __rax;
				0x8d643458();
				_t329 =  *0x83000001 & 0x000000a0;
				 *__rax =  *__rax + _t329;
				 *((intOrPtr*)(__rbx + 0x1a024bc)) =  *((intOrPtr*)(__rbx + 0x1a024bc)) + _t329;
				 *__rax =  *__rax + _t329;
				 *__rdi =  *__rdi + __ecx;
				 *((intOrPtr*)(_t693 + 8)) = gs;
				 *__rax =  *__rax + _t329;
				 *(_t694 + 0x1a4) = 1;
				if (( *(_t694 + 0x1a4) & 0x000000ff) == 0) goto 0x68dfac1d;
				if ( *((long long*)(_t694 + 0x88)) == 0) goto 0x68dfac1d;
				 *(_t694 + 0x1a8) = 0;
				goto 0x68dfabbd;
				 *(_t694 + 0x1a8) =  *(_t694 + 0x1a8) + 1;
				if ( *(_t694 + 0x1a8) - E00007FF67FF668DD69F0( *((intOrPtr*)(_t694 + 0x88))) >= 0) goto 0x68dfac1d;
				_t334 = E00007FF67FF668DD6A10(_t333,  *(_t694 + 0x1a8),  *((intOrPtr*)(_t694 + 0x88)));
				 *((long long*)(_t694 + 0x280)) = _t570;
				E00007FF67FF668DD6A10(_t334,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				if ( *((intOrPtr*)( *((intOrPtr*)(_t694 + 0x280)))) !=  *_t570) goto 0x68dfac1b;
				 *(_t694 + 0x1a4) = 0;
				goto 0x68dfac1d;
				goto 0x68dfabac;
				if ( *((long long*)(_t694 + 0x328)) == 0) goto 0x68dfacb9;
				 *(_t694 + 0x1ac) = 0;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t694 + 0x328)) +  *(_t694 + 0x1ac) * 4)) == 0) goto 0x68dfac9b;
				_t572 =  *(_t694 + 0x1ac);
				 *(_t694 + 0x288) = _t572;
				E00007FF67FF668DD6A10( *_t570,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				if ( *((intOrPtr*)( *((intOrPtr*)(_t694 + 0x328)) +  *(_t694 + 0x288) * 4)) ==  *_t572) goto 0x68dfac9b;
				 *(_t694 + 0x1ac) =  *(_t694 + 0x1ac) + 1;
				goto 0x68dfac37;
				_t573 =  *(_t694 + 0x1ac);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t694 + 0x328)) +  *(_t694 + 0x1ac) * 4)) == 0) goto 0x68dfacb9;
				 *(_t694 + 0x1a4) = 0;
				if (( *(_t694 + 0x1a4) & 0x000000ff) == 0) goto 0x68dfb3e4;
				E00007FF67FF668DD6A10( *(_t694 + 0x1a4) & 0x000000ff,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				E00007FF67FF668DD6A10(E00007FF67FF668F1A6A0( *(_t694 + 0x1ac),  *((intOrPtr*)( *(_t694 + 0x1ac) + 8))),  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				 *(_t694 + 0x20) = _t694 + 0x1b8;
				if ((E00007FF67FF668DFA200( *((intOrPtr*)( *(_t694 + 0x1ac) + 8)), _t694 + 0x1b0, _t694 + 0x1c0, _t694 + 0x1bc) & 0x000000ff) != 0) goto 0x68dfada6;
				if (( *(_t694 + 0xb0) & 0x000000ff) == 0) goto 0x68dfada6;
				E00007FF67FF668DD6A10( *(_t694 + 0xb0) & 0x000000ff,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				r8w = 0x8000;
				if (E00007FF67FF668DD6190( *( *(_t694 + 0x1ac)),  *((intOrPtr*)(_t694 + 0xe8))) == 0) goto 0x68dfada6;
				E00007FF67FF668F1A6A0(_t573,  *((intOrPtr*)(_t694 + 0xe8)));
				 *(_t694 + 0x20) = _t694 + 0x1b8;
				E00007FF67FF668DFA200( *((intOrPtr*)(_t694 + 0xe8)), _t694 + 0x1b0, _t694 + 0x1c0, _t694 + 0x1bc);
				if ( *(_t694 + 0x118) == 0) goto 0x68dfae1f;
				 *((long long*)(_t694 + 0x40)) =  *((intOrPtr*)(_t694 + 0xd8));
				 *((long long*)(_t694 + 0x38)) =  *((intOrPtr*)(_t694 + 0x160));
				 *((long long*)(_t694 + 0x30)) =  *((intOrPtr*)(_t694 + 0x130));
				 *(_t694 + 0x28) =  *((intOrPtr*)(_t694 + 0x158));
				 *(_t694 + 0x20) =  *(_t694 + 0x118);
				r9d =  *((intOrPtr*)(_t694 + 0x1b8));
				r8d =  *(_t694 + 0x1bc);
				if ((E00007FF67FF668DFA4E0( *((intOrPtr*)(_t694 + 0x1b0)),  *((intOrPtr*)(_t694 + 0x1c0))) & 0x000000ff) == 0) goto 0x68dfb3e4;
				 *((long long*)(_t694 + 0x40)) =  *((intOrPtr*)(_t694 + 0xa0));
				 *((long long*)(_t694 + 0x38)) =  *((intOrPtr*)(_t694 + 0xa8));
				 *((long long*)(_t694 + 0x30)) =  *((intOrPtr*)(_t694 + 0xe0));
				_t582 =  *((intOrPtr*)(_t694 + 0x100));
				 *(_t694 + 0x28) = _t582;
				 *(_t694 + 0x20) =  *(_t694 + 0x90);
				r9d =  *((intOrPtr*)(_t694 + 0x1b8));
				r8d =  *(_t694 + 0x1bc);
				if ((E00007FF67FF668DFA4E0( *((intOrPtr*)(_t694 + 0x1b0)),  *((intOrPtr*)(_t694 + 0x1c0))) & 0x000000ff) != 0) goto 0x68dfb3e4;
				 *(_t694 + 0x10c) = 0;
				E00007FF67FF668DD6A10(E00007FF67FF668DFA4E0( *((intOrPtr*)(_t694 + 0x1b0)),  *((intOrPtr*)(_t694 + 0x1c0))) & 0x000000ff,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				r8d =  *_t582;
				_t359 = OpenProcess(??, ??, ??);
				 *(_t694 + 0x1c8) = _t582;
				if ( *(_t694 + 0x1c8) == 0) goto 0x68dfb3a4;
				0x68dd5470();
				 *(_t694 + 0x1d0) = _t359;
				if ( *((intOrPtr*)(_t694 + 0x50)) !=  *(_t694 + 0x1d0)) goto 0x68dfb394;
				if (E00007FF67FF668DD25F0( *(_t694 + 0x1c8)) == 0) goto 0x68dfaf14;
				 *(_t694 + 0x290) = 1;
				goto 0x68dfaf1f;
				 *(_t694 + 0x290) = 0;
				 *(_t694 + 0x1d4) =  *(_t694 + 0x290) & 0x000000ff;
				if (( *(_t694 + 0x310) & 0x00000001) != 0) goto 0x68dfaf4c;
				if (( *(_t694 + 0x1d4) & 0x000000ff) != 0) goto 0x68dfb394;
				if (( *(_t694 + 0x310) & 0x00000004) != 0) goto 0x68dfaf6f;
				if (E00007FF67FF668DD28F0(_t582,  *(_t694 + 0x1c8)) != 0) goto 0x68dfb394;
				if ( *(_t694 + 0x308) == 0xffffffff) goto 0x68dfafc7;
				_t369 = E00007FF67FF668DD6A10(_t368,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				if ( *((intOrPtr*)(_t582 + 0x10)) ==  *(_t694 + 0x308)) goto 0x68dfafc7;
				E00007FF67FF668DD6A10(_t369,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				if ( *((intOrPtr*)(_t582 + 0x10)) != 0) goto 0x68dfb394;
				if (( *(_t694 + 0x1d4) & 0x000000ff) == 0) goto 0x68dfb394;
				 *(_t694 + 0x1d5) = 1;
				if ( *((long long*)(_t694 + 0x330)) == 0) goto 0x68dfb1e2;
				 *(_t694 + 0x1e8) = 0;
				if ( *((intOrPtr*)(_t694 + 0x50)) == 0) goto 0x68dfb001;
				 *(_t694 + 0x1e8) =  *(_t694 + 0x1e8) | 0x00000001;
				if (( *(_t694 + 0x1d4) & 0x000000ff) == 0) goto 0x68dfb01e;
				 *(_t694 + 0x1e8) =  *(_t694 + 0x1e8) | 0x00000002;
				if (E00007FF67FF668DD31A0( *(_t694 + 0x1c8)) == 0) goto 0x68dfb040;
				 *(_t694 + 0x1e8) =  *(_t694 + 0x1e8) | 0x00000004;
				if (E00007FF67FF668DD2810(_t582,  *(_t694 + 0x1c8)) == 0) goto 0x68dfb062;
				 *(_t694 + 0x1e8) =  *(_t694 + 0x1e8) | 0x00000008;
				LocalAlloc(??, ??);
				 *(_t694 + 0x1d8) = _t582;
				_t384 = LocalAlloc(??, ??);
				 *(_t694 + 0x1e0) = _t582;
				if ( *(_t694 + 0x1d8) == 0) goto 0x68dfb0c5;
				E00007FF67FF668DD6A10(_t384,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				r8w = 0x8000;
				E00007FF67FF668DD6190( *_t582,  *(_t694 + 0x1d8));
				if ( *(_t694 + 0x1e0) == 0) goto 0x68dfb0eb;
				r8d = 0x8000;
				_t388 = E00007FF67FF668DD6A10(E00007FF67FF668DD6250( *_t582,  *((intOrPtr*)(_t694 + 0x1a0)),  *(_t694 + 0x1c8),  *(_t694 + 0x1e0), _t694 + 0x1c0),  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				 *(_t694 + 0x298) = _t582;
				_t389 = E00007FF67FF668DD6A10(_t388,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				 *(_t694 + 0x2a0) = _t582;
				E00007FF67FF668DD6A10(_t389,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				 *((long long*)(_t694 + 0x30)) =  *(_t694 + 0x1e0);
				 *(_t694 + 0x28) =  *(_t694 + 0x1d8);
				 *(_t694 + 0x20) =  *(_t694 + 0x1e8);
				r9d =  *((intOrPtr*)( *(_t694 + 0x298) + 0x10));
				r8d =  *( *(_t694 + 0x2a0) + 4);
				if ( *((intOrPtr*)(_t694 + 0x330))() == 0) goto 0x68dfb196;
				 *(_t694 + 0x2a8) = 1;
				goto 0x68dfb1a1;
				 *(_t694 + 0x2a8) = 0;
				 *(_t694 + 0x1d5) =  *(_t694 + 0x2a8) & 0x000000ff;
				if ( *(_t694 + 0x1d8) == 0) goto 0x68dfb1c9;
				LocalFree(??);
				if ( *(_t694 + 0x1e0) == 0) goto 0x68dfb1e2;
				LocalFree(??);
				if (( *(_t694 + 0x1d5) & 0x000000ff) == 0) goto 0x68dfb394;
				_t396 = E00007FF67FF668DD6A10( *(_t694 + 0x1d5) & 0x000000ff,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				 *(_t694 + 0x2b0) = _t582;
				E00007FF67FF668DDF640(_t396, _t694 + 0x58);
				 *((char*)(_t694 + 0x38)) =  *(_t694 + 0x358) & 0x000000ff;
				 *((char*)(_t694 + 0x30)) =  *(_t694 + 0x350) & 0x000000ff;
				 *(_t694 + 0x28) =  *(_t694 + 0x348) & 0x000000ff;
				 *(_t694 + 0x20) = _t694 + 0x1f0;
				r8d =  *( *(_t694 + 0x2b0));
				if ((E00007FF67FF668DFD440(_t582,  *(_t694 + 0x1c8), _t694 + 0x1c0,  *((intOrPtr*)(_t694 + 0x360))) & 0x000000ff) == 0) goto 0x68dfb374;
				if ( *((long long*)(_t694 + 0x330)) == 0) goto 0x68dfb374;
				if ( *(_t694 + 0x94) !=  *((intOrPtr*)(_t694 + 0x168))) goto 0x68dfb330;
				 *((intOrPtr*)(_t694 + 0x168)) =  *((intOrPtr*)(_t694 + 0x168)) + 0x100;
				_t583 = _t582 << 2;
				LocalAlloc(??, ??);
				 *(_t694 + 0x1f8) = _t583;
				if ( *(_t694 + 0x1f8) == 0) goto 0x68dfb307;
				if ( *((long long*)(_t694 + 0x170)) == 0) goto 0x68dfb307;
				_t698 = _t583 << 2;
				0x68ed0c80();
				if ( *((long long*)(_t694 + 0x170)) == 0) goto 0x68dfb320;
				_t406 = LocalFree(??);
				_t585 =  *(_t694 + 0x1f8);
				 *((long long*)(_t694 + 0x170)) = _t585;
				if ( *((long long*)(_t694 + 0x170)) == 0) goto 0x68dfb374;
				_t641 =  *((intOrPtr*)(_t694 + 0x190));
				E00007FF67FF668DD6A10(_t406,  *((intOrPtr*)(_t694 + 0x1a0)), _t641);
				 *((intOrPtr*)( *((intOrPtr*)(_t694 + 0x170)) + _t641 * 4)) =  *_t585;
				 *(_t694 + 0x94) =  *(_t694 + 0x94) + 1;
				if ( *((long long*)(_t694 + 0x1f0)) == 0) goto 0x68dfb394;
				0x68dff6e0();
				_t411 = CloseHandle(??);
				goto 0x68dfb3e4;
				E00007FF67FF668DD6A10(_t411,  *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				if ( *_t585 == 0) goto 0x68dfb3e4;
				if (GetLastError() == 5) goto 0x68dfb3e4;
				_t414 = E00007FF67FF668DD6AE0( *((intOrPtr*)(_t694 + 0x1a0)),  *((intOrPtr*)(_t694 + 0x190)));
				 *((char*)(_t694 + 0x16c)) = 1;
				goto 0x68dfab5d;
				if ( *((long long*)(_t694 + 0x300)) == 0) goto 0x68dfb459;
				if ( *((long long*)(_t694 + 0x170)) == 0) goto 0x68dfb459;
				E00007FF67FF668DDF640(_t414, _t694 + 0x58);
				 *((long long*)(_t694 + 0x38)) =  *((intOrPtr*)(_t694 + 0x320));
				 *((long long*)(_t694 + 0x30)) =  *((intOrPtr*)(_t694 + 0x318));
				 *(_t694 + 0x28) =  *(_t694 + 0x310);
				 *(_t694 + 0x20) =  *(_t694 + 0x308);
				r8d =  *(_t694 + 0x94);
				E00007FF67FF668DEEBC0(_t585,  *((intOrPtr*)(_t694 + 0x300)),  *((intOrPtr*)(_t694 + 0x170)), _t585);
				if ( *(_t694 + 0x108) != 0) goto 0x68dfb470;
				 *(_t694 + 0x108) = GetTickCount();
				 *(_t694 + 0x200) = 0;
				goto 0x68dfb48e;
				 *(_t694 + 0x200) =  *(_t694 + 0x200) + 1;
				 *((intOrPtr*)(_t694 + 0x26c)) =  *((intOrPtr*)(_t694 + 0x180));
				if ( *(_t694 + 0x200) -  *((intOrPtr*)(_t694 + 0x26c)) >= 0) goto 0x68dfb4ed;
				if ( *((long long*)( *((intOrPtr*)(_t694 + 0x178)) +  *(_t694 + 0x200) * 8)) == 0) goto 0x68dfb4eb;
				r8d =  *(_t694 + 0x108);
				E00007FF67FF668DFE290( *((intOrPtr*)(_t694 + 0x340)),  *((intOrPtr*)( *((intOrPtr*)(_t694 + 0x178)) +  *(_t694 + 0x200) * 8)));
				goto 0x68dfb47d;
				if ( *((long long*)(_t694 + 0x88)) == 0) goto 0x68dfb567;
				 *((long long*)(_t694 + 0x230)) =  *((intOrPtr*)(_t694 + 0x88));
				 *((long long*)(_t694 + 0x228)) =  *((intOrPtr*)(_t694 + 0x230));
				if ( *((long long*)(_t694 + 0x228)) == 0) goto 0x68dfb55b;
				E00007FF67FF668DD6970( *((intOrPtr*)(_t694 + 0x228)));
				if (1 == 0) goto 0x68dfb549;
				0x68e9e5d8();
				 *((long long*)(_t694 + 0x2b8)) =  *((intOrPtr*)(_t694 + 0x228));
				goto 0x68dfb567;
				 *((long long*)(_t694 + 0x2b8)) = 0;
				 *((long long*)(_t694 + 0x88)) =  *((intOrPtr*)(_t694 + 0x190));
				 *((long long*)(_t694 + 0x190)) = 0;
				 *((intOrPtr*)(_t694 + 0x98)) =  *((intOrPtr*)(_t694 + 0x98)) + 1;
				if (( *(_t694 + 0x10c) & 0x000000ff) != 0) goto 0x68dfb5ae;
				if ( *((intOrPtr*)(_t694 + 0x98)) != 5) goto 0x68dfaab3;
				if ( *((long long*)(_t694 + 0x170)) == 0) goto 0x68dfb5c7;
				LocalFree(??);
				_t558 =  *((long long*)(_t694 + 0xe8));
				0x68dfb5d0();
				if (_t558 == 0) goto 0x68dfb5e0;
				LocalFree(??);
				if ( *((long long*)(_t694 + 0x198)) == 0) goto 0x68dfb5f9;
				LocalFree(??);
				if ( *((long long*)(_t694 + 0x110)) == 0) goto 0x68dfb612;
				LocalFree(??);
				if ( *(_t694 + 0x118) == 0) goto 0x68dfb654;
				LocalFree(??);
				LocalFree(??);
				LocalFree(??);
				LocalFree(??);
				if ( *(_t694 + 0x90) == 0) goto 0x68dfb696;
				LocalFree(??);
				LocalFree(??);
				LocalFree(??);
				LocalFree(??);
				 *((long long*)(_t694 + 0x240)) =  *((intOrPtr*)(_t694 + 0x88));
				 *((long long*)(_t694 + 0x238)) =  *((intOrPtr*)(_t694 + 0x240));
				if ( *((long long*)(_t694 + 0x238)) == 0) goto 0x68dfb6f9;
				E00007FF67FF668DD6970( *((intOrPtr*)(_t694 + 0x238)));
				if (1 == 0) goto 0x68dfb6e7;
				0x68e9e5d8();
				 *((long long*)(_t694 + 0x2c0)) =  *((intOrPtr*)(_t694 + 0x238));
				goto 0x68dfb705;
				 *((long long*)(_t694 + 0x2c0)) = 0;
				E00007FF67FF668DFF800(_t694 + 0x178);
				goto 0x68dfb7e9;
				_t445 = E00007FF67FF668DD29D0( *((intOrPtr*)(_t694 + 0x238)),  *((intOrPtr*)(_t694 + 0x2f8)));
				 *(_t694 + 0x210) = _t445;
				0x68dd5470();
				 *(_t694 + 0x204) = _t445;
				if ( *((intOrPtr*)(_t694 + 0x50)) !=  *(_t694 + 0x204)) goto 0x68dfb7e9;
				E00007FF67FF668DDF640( *(_t694 + 0x204), _t694 + 0x58);
				 *((char*)(_t694 + 0x38)) =  *(_t694 + 0x358) & 0x000000ff;
				 *((char*)(_t694 + 0x30)) =  *(_t694 + 0x350) & 0x000000ff;
				 *(_t694 + 0x28) =  *(_t694 + 0x348) & 0x000000ff;
				 *(_t694 + 0x20) = _t694 + 0x208;
				r8d =  *(_t694 + 0x210);
				if ((E00007FF67FF668DFD440( *((intOrPtr*)(_t694 + 0x238)),  *((intOrPtr*)(_t694 + 0x2f8)), _t698,  *((intOrPtr*)(_t694 + 0x360))) & 0x000000ff) == 0) goto 0x68dfb7e9;
				if ( *((long long*)(_t694 + 0x208)) == 0) goto 0x68dfb7e1;
				r8d = GetTickCount();
				if ((E00007FF67FF668DFE290( *((intOrPtr*)(_t694 + 0x340)),  *((intOrPtr*)(_t694 + 0x208))) & 0x000000ff) == 0) goto 0x68dfb7e9;
				 *(_t694 + 0x80) = 1;
				 *((char*)(_t694 + 0x248)) =  *(_t694 + 0x80) & 0x000000ff;
				E00007FF67FF668DDE460(_t694 + 0x58);
			}

























                                                0x7ff668dfab52
                                                0x7ff668dfab52
                                                0x7ff668dfab69
                                                0x7ff668dfab6b
                                                0x7ff668dfab6d
                                                0x7ff668dfab73
                                                0x7ff668dfab75
                                                0x7ff668dfab77
                                                0x7ff668dfab7a
                                                0x7ff668dfab7c
                                                0x7ff668dfab8e
                                                0x7ff668dfab9d
                                                0x7ff668dfab9f
                                                0x7ff668dfabaa
                                                0x7ff668dfabb6
                                                0x7ff668dfabd1
                                                0x7ff668dfabe2
                                                0x7ff668dfabe7
                                                0x7ff668dfabfe
                                                0x7ff668dfac0f
                                                0x7ff668dfac11
                                                0x7ff668dfac19
                                                0x7ff668dfac1b
                                                0x7ff668dfac26
                                                0x7ff668dfac2c
                                                0x7ff668dfac4b
                                                0x7ff668dfac4d
                                                0x7ff668dfac55
                                                0x7ff668dfac6c
                                                0x7ff668dfac86
                                                0x7ff668dfac92
                                                0x7ff668dfac99
                                                0x7ff668dfac9b
                                                0x7ff668dfacaf
                                                0x7ff668dfacb1
                                                0x7ff668dfacc3
                                                0x7ff668dfacd8
                                                0x7ff668dfacf5
                                                0x7ff668dfad02
                                                0x7ff668dfad2d
                                                0x7ff668dfad39
                                                0x7ff668dfad4a
                                                0x7ff668dfad4f
                                                0x7ff668dfad65
                                                0x7ff668dfad6f
                                                0x7ff668dfad7c
                                                0x7ff668dfada1
                                                0x7ff668dfadae
                                                0x7ff668dfadb8
                                                0x7ff668dfadc5
                                                0x7ff668dfadd2
                                                0x7ff668dfaddf
                                                0x7ff668dfadeb
                                                0x7ff668dfadef
                                                0x7ff668dfadf7
                                                0x7ff668dfae19
                                                0x7ff668dfae27
                                                0x7ff668dfae34
                                                0x7ff668dfae41
                                                0x7ff668dfae46
                                                0x7ff668dfae4e
                                                0x7ff668dfae5a
                                                0x7ff668dfae5e
                                                0x7ff668dfae66
                                                0x7ff668dfae88
                                                0x7ff668dfae8e
                                                0x7ff668dfaea5
                                                0x7ff668dfaeaa
                                                0x7ff668dfaeb4
                                                0x7ff668dfaeba
                                                0x7ff668dfaecb
                                                0x7ff668dfaed9
                                                0x7ff668dfaede
                                                0x7ff668dfaef0
                                                0x7ff668dfaf05
                                                0x7ff668dfaf07
                                                0x7ff668dfaf12
                                                0x7ff668dfaf14
                                                0x7ff668dfaf27
                                                0x7ff668dfaf3a
                                                0x7ff668dfaf46
                                                0x7ff668dfaf58
                                                0x7ff668dfaf69
                                                0x7ff668dfaf77
                                                0x7ff668dfaf88
                                                0x7ff668dfaf97
                                                0x7ff668dfafa8
                                                0x7ff668dfafb1
                                                0x7ff668dfafc1
                                                0x7ff668dfafc7
                                                0x7ff668dfafd8
                                                0x7ff668dfafde
                                                0x7ff668dfafee
                                                0x7ff668dfaffa
                                                0x7ff668dfb00b
                                                0x7ff668dfb017
                                                0x7ff668dfb02d
                                                0x7ff668dfb039
                                                0x7ff668dfb04f
                                                0x7ff668dfb05b
                                                0x7ff668dfb06c
                                                0x7ff668dfb072
                                                0x7ff668dfb084
                                                0x7ff668dfb08a
                                                0x7ff668dfb09b
                                                0x7ff668dfb0ac
                                                0x7ff668dfb0b1
                                                0x7ff668dfb0c0
                                                0x7ff668dfb0ce
                                                0x7ff668dfb0d0
                                                0x7ff668dfb0fa
                                                0x7ff668dfb0ff
                                                0x7ff668dfb116
                                                0x7ff668dfb11b
                                                0x7ff668dfb132
                                                0x7ff668dfb13f
                                                0x7ff668dfb14c
                                                0x7ff668dfb158
                                                0x7ff668dfb164
                                                0x7ff668dfb170
                                                0x7ff668dfb187
                                                0x7ff668dfb189
                                                0x7ff668dfb194
                                                0x7ff668dfb196
                                                0x7ff668dfb1a9
                                                0x7ff668dfb1b9
                                                0x7ff668dfb1c3
                                                0x7ff668dfb1d2
                                                0x7ff668dfb1dc
                                                0x7ff668dfb1ec
                                                0x7ff668dfb201
                                                0x7ff668dfb206
                                                0x7ff668dfb213
                                                0x7ff668dfb220
                                                0x7ff668dfb22c
                                                0x7ff668dfb238
                                                0x7ff668dfb244
                                                0x7ff668dfb259
                                                0x7ff668dfb271
                                                0x7ff668dfb280
                                                0x7ff668dfb294
                                                0x7ff668dfb2a6
                                                0x7ff668dfb2b4
                                                0x7ff668dfb2c0
                                                0x7ff668dfb2c6
                                                0x7ff668dfb2d7
                                                0x7ff668dfb2e2
                                                0x7ff668dfb2ef
                                                0x7ff668dfb302
                                                0x7ff668dfb310
                                                0x7ff668dfb31a
                                                0x7ff668dfb320
                                                0x7ff668dfb328
                                                0x7ff668dfb339
                                                0x7ff668dfb342
                                                0x7ff668dfb34a
                                                0x7ff668dfb360
                                                0x7ff668dfb36d
                                                0x7ff668dfb37d
                                                0x7ff668dfb38f
                                                0x7ff668dfb39c
                                                0x7ff668dfb3a2
                                                0x7ff668dfb3b3
                                                0x7ff668dfb3bb
                                                0x7ff668dfb3c6
                                                0x7ff668dfb3d7
                                                0x7ff668dfb3dc
                                                0x7ff668dfb3e4
                                                0x7ff668dfb3f2
                                                0x7ff668dfb3fd
                                                0x7ff668dfb404
                                                0x7ff668dfb411
                                                0x7ff668dfb41e
                                                0x7ff668dfb42a
                                                0x7ff668dfb435
                                                0x7ff668dfb43c
                                                0x7ff668dfb454
                                                0x7ff668dfb461
                                                0x7ff668dfb469
                                                0x7ff668dfb470
                                                0x7ff668dfb47b
                                                0x7ff668dfb487
                                                0x7ff668dfb495
                                                0x7ff668dfb4aa
                                                0x7ff668dfb4c1
                                                0x7ff668dfb4cb
                                                0x7ff668dfb4e6
                                                0x7ff668dfb4eb
                                                0x7ff668dfb4f6
                                                0x7ff668dfb500
                                                0x7ff668dfb510
                                                0x7ff668dfb521
                                                0x7ff668dfb52b
                                                0x7ff668dfb53a
                                                0x7ff668dfb544
                                                0x7ff668dfb551
                                                0x7ff668dfb559
                                                0x7ff668dfb55b
                                                0x7ff668dfb56f
                                                0x7ff668dfb577
                                                0x7ff668dfb58d
                                                0x7ff668dfb59e
                                                0x7ff668dfb5a8
                                                0x7ff668dfb5b7
                                                0x7ff668dfb5c1
                                                0x7ff668dfb5c7
                                                0x7ff668dfb5cb
                                                0x7ff668dfb5d0
                                                0x7ff668dfb5da
                                                0x7ff668dfb5e9
                                                0x7ff668dfb5f3
                                                0x7ff668dfb602
                                                0x7ff668dfb60c
                                                0x7ff668dfb61a
                                                0x7ff668dfb624
                                                0x7ff668dfb632
                                                0x7ff668dfb640
                                                0x7ff668dfb64e
                                                0x7ff668dfb65c
                                                0x7ff668dfb666
                                                0x7ff668dfb674
                                                0x7ff668dfb682
                                                0x7ff668dfb690
                                                0x7ff668dfb69e
                                                0x7ff668dfb6ae
                                                0x7ff668dfb6bf
                                                0x7ff668dfb6c9
                                                0x7ff668dfb6d8
                                                0x7ff668dfb6e2
                                                0x7ff668dfb6ef
                                                0x7ff668dfb6f7
                                                0x7ff668dfb6f9
                                                0x7ff668dfb70d
                                                0x7ff668dfb712
                                                0x7ff668dfb71f
                                                0x7ff668dfb724
                                                0x7ff668dfb733
                                                0x7ff668dfb738
                                                0x7ff668dfb74a
                                                0x7ff668dfb755
                                                0x7ff668dfb762
                                                0x7ff668dfb76e
                                                0x7ff668dfb77a
                                                0x7ff668dfb786
                                                0x7ff668dfb793
                                                0x7ff668dfb7b0
                                                0x7ff668dfb7bb
                                                0x7ff668dfb7c3
                                                0x7ff668dfb7df
                                                0x7ff668dfb7e1
                                                0x7ff668dfb7f1
                                                0x7ff668dfb7fd

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$Free$Alloc$CloseErrorHandleLastOpenProcess
                                                • String ID:
                                                • API String ID: 2528235600-0
                                                • Opcode ID: 76a52c46778d9902f42986141f77489b3ffed2649cefafc0cf63a7af19c8a266
                                                • Instruction ID: c5973ea3835adf0eddfe6661043d141899b1ff361de5d6f42cf5fc82fa25dc9d
                                                • Opcode Fuzzy Hash: 76a52c46778d9902f42986141f77489b3ffed2649cefafc0cf63a7af19c8a266
                                                • Instruction Fuzzy Hash: CD22B33660C6C1CAE6719B25E4907EEB7A0EBC9784F004126DACD8BA99DF3CD448DF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE0020 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 42%
                                                			E00007FF67FF668DE0020(void* __ecx, void* __edx, long long __rcx, long long __rdx, long long __r8, void* __r9, void* _a8, long long _a16, long long _a24, intOrPtr _a32, signed int _a40) {
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				char _v72;
				char _v344;
				char _v360;
				intOrPtr _v376;
				long long _v400;
				void* _v408;
				signed long long _v416;
				char _v456;
				signed int _v472;
				void* _t105;
				void* _t110;
				void* _t111;
				void* _t112;

				_t188 = __r9;
				_t105 = __ecx;
				_a32 = r9d;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				E00007FF67FF668DDE730(_a8 + 0x130, L"<Invalid>");
				if ( *((intOrPtr*)(_a8 + 0xd8)) == 0) goto 0x68de0308;
				E00007FF67FF668DDF460(E00007FF67FF668DDE080(E00007FF67FF668DDF410(_a8 + 0x130),  &_v456),  &_v456);
				r8d = 0x30;
				VirtualQuery(??, ??, ??);
				if (_a8 != 0x30) goto 0x68de0107;
				if (_v376 != 0x1000) goto 0x68de0107;
				if (_v400 == 0) goto 0x68de0107;
				r9d = 0x104;
				if (E00007FF67FF668DDCB10(_a8, _v400,  *_a8,  &_v344) == 0) goto 0x68de0107;
				E00007FF67FF668DDE8C0(_t105, __edx,  &_v456,  &_v344,  &_v344);
				if ((E00007FF67FF668DDF300( &_v456) & 0x000000ff) == 0) goto 0x68de0136;
				E00007FF67FF668DDF490( &_v456, L"sub_%0X",  *_a8, __r9);
				goto 0x68de0176;
				E00007FF67FF668DDF640(E00007FF67FF668DDE360( &_v72,  &_v456),  &_v72);
				E00007FF67FF668DDF490( &_v456, L"public %s", _a8, _t188);
				E00007FF67FF668DDE460( &_v72);
				_v28 =  *((intOrPtr*)(_a8 + 0x160));
				LocalAlloc(??, ??);
				_v416 = _v28 << 2;
				_v360 = 0xffffffff;
				_v32 = 0;
				goto 0x68de01d3;
				_v32 = _v32 + 1;
				_v24 =  *((intOrPtr*)(_a8 + 0x160));
				if (_v32 - _v24 >= 0) goto 0x68de0255;
				E00007FF67FF668DE0340(_a8,  &_v360);
				if (_v360 != 0xffffffff) goto 0x68de0239;
				E00007FF67FF668DDE730(_a8 + 0x130, L"Internal error while composing the disassembling string");
				goto 0x68de02f3;
				 *((intOrPtr*)(_v416 + _v32 * 4)) = _v360;
				goto 0x68de01c2;
				 *((intOrPtr*)(_a8 + 0xbc)) = 0;
				 *((intOrPtr*)(_a8 + 0xc0)) = _a32;
				 *((long long*)(_a8 + 0xc8)) = _a24;
				if ( *((intOrPtr*)(_a8 + 0xc0)) <= 0) goto 0x68de02cd;
				_v472 = _a40 & 0x000000ff;
				r9d = 1;
				E00007FF67FF668DE0690(_v360, _t110, _t111, _t112, _a8,  &_v456, _v416, _t188);
				_v472 = _a40 & 0x000000ff;
				r9d = 0;
				E00007FF67FF668DE0690(_v360, _t110, _t111, _t112, _a8,  &_v456, _v416, _t188);
				LocalFree(??);
				E00007FF67FF668DDE460( &_v456);
				return E00007FF67FF668DDE360(_a16, _a8 + 0x130);
			}



















                                                0x7ff668de0020
                                                0x7ff668de0020
                                                0x7ff668de0020
                                                0x7ff668de0025
                                                0x7ff668de002a
                                                0x7ff668de002f
                                                0x7ff668de0053
                                                0x7ff668de0067
                                                0x7ff668de0092
                                                0x7ff668de0097
                                                0x7ff668de00ad
                                                0x7ff668de00b7
                                                0x7ff668de00c4
                                                0x7ff668de00cc
                                                0x7ff668de00ce
                                                0x7ff668de00f3
                                                0x7ff668de0102
                                                0x7ff668de0116
                                                0x7ff668de012f
                                                0x7ff668de0134
                                                0x7ff668de0150
                                                0x7ff668de0164
                                                0x7ff668de0171
                                                0x7ff668de0184
                                                0x7ff668de019f
                                                0x7ff668de01a5
                                                0x7ff668de01aa
                                                0x7ff668de01b5
                                                0x7ff668de01c0
                                                0x7ff668de01cc
                                                0x7ff668de01e1
                                                0x7ff668de01f6
                                                0x7ff668de0208
                                                0x7ff668de0215
                                                0x7ff668de022f
                                                0x7ff668de0234
                                                0x7ff668de024d
                                                0x7ff668de0250
                                                0x7ff668de025d
                                                0x7ff668de0276
                                                0x7ff668de028c
                                                0x7ff668de02a2
                                                0x7ff668de02ac
                                                0x7ff668de02b0
                                                0x7ff668de02c8
                                                0x7ff668de02d5
                                                0x7ff668de02d9
                                                0x7ff668de02ee
                                                0x7ff668de02f8
                                                0x7ff668de0303
                                                0x7ff668de0335

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$AllocFreeQueryVirtual
                                                • String ID: <Invalid>$Internal error while composing the disassembling string$public %s$sub_%0X
                                                • API String ID: 2627483936-4009540495
                                                • Opcode ID: df26d8efb0c62f39a8e71a390eb8af7c979bcedbb9f7d391f8a5a335a5cb59fe
                                                • Instruction ID: 4fea168b939aad6ef3c633055fee35e512191b226f3950b488f68baccd38f063
                                                • Opcode Fuzzy Hash: df26d8efb0c62f39a8e71a390eb8af7c979bcedbb9f7d391f8a5a335a5cb59fe
                                                • Instruction Fuzzy Hash: B2712A726187C6C5EA60DB25E4843EAA3B0FF84784F404136DA9D8BB9ACF3CD508CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE6B43 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 95stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentProcesslstrlen$DuplicateFreeHandleVirtual
                                                • String ID: Section
                                                • API String ID: 1334103914-3805168499
                                                • Opcode ID: 2ae8da1e8ea17dd9cdfd8ed3f51b70f72bd6c27905ad1bc18276c332bcc32333
                                                • Instruction ID: 753aeda9a84ab1318c8c708e305cdbd27c4ba538e78041257933967c03ce7166
                                                • Opcode Fuzzy Hash: 2ae8da1e8ea17dd9cdfd8ed3f51b70f72bd6c27905ad1bc18276c332bcc32333
                                                • Instruction Fuzzy Hash: 8751A47260CAC1C6E7709B75E8483EAA7B0FB88B84F404525DA8D8BB59DF7DD448CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD4CE0 Relevance: 12.2, APIs: 8, Instructions: 163memorythreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Local$AllocCurrentFree$ErrorLastProcessThreadVersion
                                                • String ID:
                                                • API String ID: 3183500424-0
                                                • Opcode ID: 2ba8b6bbafd655492218274a297a51db14536a4ee82ad6e692107a849596ad29
                                                • Instruction ID: 08ac67faa65fd21cead842442194a91fc160e26a21b4cde767b90752261742b3
                                                • Opcode Fuzzy Hash: 2ba8b6bbafd655492218274a297a51db14536a4ee82ad6e692107a849596ad29
                                                • Instruction Fuzzy Hash: C681E532608A81C6E7608B75E44436AB7B1FBC5794F104535E78E8BAA8DF7DD8888F14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DDBE90 Relevance: 12.1, APIs: 8, Instructions: 53filememoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleLocal$AllocFreeMappingModuleNameView
                                                • String ID:
                                                • API String ID: 2797480782-0
                                                • Opcode ID: 2299c7ebbf57d1159752a015cdeaa5c9cca875696fb2a82c0b204ad8e1615387
                                                • Instruction ID: fcfe599657f605133b73c330a9b72316a56797dbe64bb0d760c740b25c89a28c
                                                • Opcode Fuzzy Hash: 2299c7ebbf57d1159752a015cdeaa5c9cca875696fb2a82c0b204ad8e1615387
                                                • Instruction Fuzzy Hash: A321F932608A81C2E7608B71F95872EA770FBC4798F104635EA8D8BAA9CF7DC4458B04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD1A00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID: H
                                                • API String ID: 1726664587-2852464175
                                                • Opcode ID: 77968d6addcf3628164648d49fa359c6976293d5a614ca3cc27c137797ac478e
                                                • Instruction ID: edb81fffb5301318b91ee73cb44c8c552785964b50c2c56a4c429c41a9aceeb2
                                                • Opcode Fuzzy Hash: 77968d6addcf3628164648d49fa359c6976293d5a614ca3cc27c137797ac478e
                                                • Instruction Fuzzy Hash: 2441FD32A0CB81C5DA608B76E58476BA3B5FBC5780F500276EACD86A58DF3CE448CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DEEE90 Relevance: 10.6, APIs: 7, Instructions: 60fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleView$MappingSizeUnmap
                                                • String ID:
                                                • API String ID: 1223616889-0
                                                • Opcode ID: 3959e7b2035600d240f498490fd8fd1d577b07ce4a1d90d4780ef4ae7930bba7
                                                • Instruction ID: 3aa16fccace8e58c8df1f026b31f2ca7fb8fed718dc3907f3be8a130a9006e7a
                                                • Opcode Fuzzy Hash: 3959e7b2035600d240f498490fd8fd1d577b07ce4a1d90d4780ef4ae7930bba7
                                                • Instruction Fuzzy Hash: 4131D232508AC1C6E360DB75F45871EB7B0FBC4798F104625EA898BAA9CFBDD4498B04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668EA897C Relevance: 9.2, APIs: 6, Instructions: 203COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ByteCharMultiStringWide
                                                • String ID:
                                                • API String ID: 2829165498-0
                                                • Opcode ID: e9e5e239448062e9fd03542be55c1a2e296970ee23b607eb762b0078c159ad59
                                                • Instruction ID: 153a256724d68cf02757f0f309d00aaf58024c3f22d95be4b44df18f38fa9cdf
                                                • Opcode Fuzzy Hash: e9e5e239448062e9fd03542be55c1a2e296970ee23b607eb762b0078c159ad59
                                                • Instruction Fuzzy Hash: 31816B32A4979587EB608F719440379A6B1FF84BE8F140635EA5D9BBC9EF3CE4058708
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DDCD10 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CriticalErrorLastQuerySectionVirtual$EnterLeave
                                                • String ID:
                                                • API String ID: 884135157-0
                                                • Opcode ID: d8edd8fc9f15a89d4ce5fa155f29cd2b491c38c833ad1feefd9e9794face5c40
                                                • Instruction ID: 96a733e97702182a1421a097bb368eed8835a00ca5d1e0a19145b76d5fd61d49
                                                • Opcode Fuzzy Hash: d8edd8fc9f15a89d4ce5fa155f29cd2b491c38c833ad1feefd9e9794face5c40
                                                • Instruction Fuzzy Hash: 9171FC32619B45C5EB608B35E48037A67B0FBC9B84F505136DA8D8BBA4DF3CD584CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DF8DC0 Relevance: 9.1, APIs: 6, Instructions: 127filesynchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: lstrcat$CloseFileHandleView$CurrentMutexObjectProcessReleaseSingleUnmapWaitlstrcpy
                                                • String ID:
                                                • API String ID: 658288151-0
                                                • Opcode ID: c05dad7072a926baa099e07d581f4766ba8faddf770fa1c6c6dd536e8b812cc3
                                                • Instruction ID: 1884aa2e2bfe4cfd301941c9fe0189726036d5f7f3fcb0441598e5a563ea0b2e
                                                • Opcode Fuzzy Hash: c05dad7072a926baa099e07d581f4766ba8faddf770fa1c6c6dd536e8b812cc3
                                                • Instruction Fuzzy Hash: 5F71B722A0CAC6C5E6719B35E4887AA77B4FFD5784F000235D68D8AAA9CF3CD448DB15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DDC940 Relevance: 9.1, APIs: 6, Instructions: 95fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleView$MappingUnmap
                                                • String ID:
                                                • API String ID: 3514913828-0
                                                • Opcode ID: 511c5cb842c3c925c1a9856b719b090b3e05f4e4d0f608e3ebf8e2a7e4deb62b
                                                • Instruction ID: a9637bc95c619b052015c941f12096bed107e1b8727e511f0fccef559f6f581a
                                                • Opcode Fuzzy Hash: 511c5cb842c3c925c1a9856b719b090b3e05f4e4d0f608e3ebf8e2a7e4deb62b
                                                • Instruction Fuzzy Hash: AB51A632A08A85C6E750CB6AE44432AB7B0FBC4794F105225EA9D87BA8DF7DD484CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DEFCA0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 92memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: AllocLocal$FreeVirtual$CreateCurrentFileThread
                                                • String ID: @
                                                • API String ID: 2880960719-2766056989
                                                • Opcode ID: 7078e41aecca64cfa5e6f362d2d442e8e8f1e5e81b1233ef67af4a62b97df3cc
                                                • Instruction ID: a537999261001c3ff003df7933af72c81dc434d0b914e1e516674fef0280dbba
                                                • Opcode Fuzzy Hash: 7078e41aecca64cfa5e6f362d2d442e8e8f1e5e81b1233ef67af4a62b97df3cc
                                                • Instruction Fuzzy Hash: A641C676629B84C6D790CF25E08476AB7B1FBC4B84F005026EA8E8BB69DF7CD444CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DF9CE0 Relevance: 9.1, APIs: 7, Instructions: 319memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: AllocLocal$lstrlen
                                                • String ID:
                                                • API String ID: 508594189-0
                                                • Opcode ID: 74eafa85a108c6f75cb74a4677c98a954cdd7804a331c2bd96e807c7d096d080
                                                • Instruction ID: 53b5c55dee3bf623a84318b5a01371231dd85c586836cc763e5493d12dfa2e2c
                                                • Opcode Fuzzy Hash: 74eafa85a108c6f75cb74a4677c98a954cdd7804a331c2bd96e807c7d096d080
                                                • Instruction Fuzzy Hash: ACF18476608A45C6DB60CF29E49032AB7B0FBC8B99F104226EA8D87768CF3DD555DB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE6C3C Relevance: 9.1, APIs: 6, Instructions: 53stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentProcesslstrlen$DuplicateFreeHandleVirtual
                                                • String ID:
                                                • API String ID: 1334103914-0
                                                • Opcode ID: 77ee8728d421159598eaad82232b019693a66f143fd72c6ab5d35fb880066ee0
                                                • Instruction ID: afe636160e1d08a87cc4d48ee626afe36a3bccf581d976a2e2ca653c30d213fe
                                                • Opcode Fuzzy Hash: 77ee8728d421159598eaad82232b019693a66f143fd72c6ab5d35fb880066ee0
                                                • Instruction Fuzzy Hash: 8721C37660C681C6E7708B75E8583EEA3B0FBC8B84F804126DA8D87A59DF3CD448CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DE3D70 Relevance: 7.8, APIs: 6, Instructions: 253COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CriticalEnterFreeSectionVirtual
                                                • String ID:
                                                • API String ID: 1835248585-0
                                                • Opcode ID: 272cde46edadcdf6a546fa1980a1ea739a7d95dd6d88e42ab77634b7405f03b6
                                                • Instruction ID: b5caf5b30cbdcbbe28d1e4156ff8d8e9aa6092595333eecd04f6686103bca143
                                                • Opcode Fuzzy Hash: 272cde46edadcdf6a546fa1980a1ea739a7d95dd6d88e42ab77634b7405f03b6
                                                • Instruction Fuzzy Hash: 01F1B47650DBC5C5E7B08B25E0883AAB7B4EB84784F500139DB8D87B99DF7DD4848B18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DF8C29 Relevance: 7.6, APIs: 5, Instructions: 50sleepthreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CountTick$CloseContextHandleSleepThread
                                                • String ID:
                                                • API String ID: 109937778-0
                                                • Opcode ID: 9718fa60625f86c664490d62526b871ed3d5f0d3745930a75227f1b8a7c8cda2
                                                • Instruction ID: ee21844f9a5cff92e15ff339c598dacdad8165d003065a53e5dc3c7ce470fa2c
                                                • Opcode Fuzzy Hash: 9718fa60625f86c664490d62526b871ed3d5f0d3745930a75227f1b8a7c8cda2
                                                • Instruction Fuzzy Hash: 77212B36A0DA85C6EA709B35E4843A9A371FFD4740F100632C64E8BB98CF3DE4549B19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD1BF0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 138memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 29%
                                                			E00007FF67FF668DD1BF0(void* __edx, long long __rax, long long __rcx, long long _a8) {
				signed char _v16;
				signed char _v20;
				signed int _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				char _v120;
				char _v648;
				long long _v664;
				intOrPtr _v680;
				signed char _t79;
				long long _t92;
				void* _t137;

				_t92 = __rax;
				_a8 = __rcx;
				if (( *0x68fc5328 & 0x000000ff) != 0) goto 0x68dd1f2d;
				E00007FF67FF668DD17A0(__edx, __rax, _a8, L"kernel32.dll",  &_v648);
				_v664 = _t92;
				if (_v664 == 0) goto 0x68dd1ef3;
				_v24 = 0;
				goto 0x68dd1c53;
				_v24 = _v24 + 1;
				if (_v24 - 0xc >= 0) goto 0x68dd1c7f;
				LocalAlloc(??, ??);
				 *((long long*)(_t137 + 0x250 + _v24 * 8)) = _t92;
				goto 0x68dd1c42;
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c988, _v120);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c8e8, _v112);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c978, _v104);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c930, _v96);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c8d8, _v88);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c940, _v80);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c9c0, _v72);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c8f8, _v64);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c910, _v56);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c920, _v48);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c998, _v40);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c8c8, _v32);
				_v680 = 0xc;
				if (E00007FF67FF668DDC4C0(_t92,  &_v648, _v664,  &_v120, 0x68fc52b0) == 0) goto 0x68dd1ea8;
				E00007FF67FF668DD17A0(0x19, _t92, _a8, L"ntdll.dll",  &_v648);
				_v664 = _t92;
				if (_v664 == 0) goto 0x68dd1e9b;
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c880, _v120);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c898, _v112);
				r8d = 0x19;
				E00007FF67FF668DDD8D0(0x68f5c868, _v104);
				_v680 = 3;
				if (E00007FF67FF668DDC4C0(0x7ff668fc5310,  &_v648, _v664,  &_v120, 0x68fc52b0) != 0) goto 0x68dd1e99;
				 *0x68fc52b0 = 0;
				goto 0x68dd1ea6;
				 *0x68fc52b0 = 0;
				goto 0x68dd1eb3;
				 *0x68fc52b0 = 0;
				_v20 = 0;
				goto 0x68dd1ed1;
				_v20 = _v20 + 1;
				if (_v20 - 0xc >= 0) goto 0x68dd1ef3;
				LocalFree(??);
				goto 0x68dd1ec0;
				if ( *0x68fc52b0 == 0) goto 0x68dd1f14;
				if ( *0x68fc5310 == 0) goto 0x68dd1f14;
				_v16 = 1;
				goto 0x68dd1f1f;
				_v16 = 0;
				 *0x68fc5328 = _v16 & 0x000000ff;
				_t79 =  *0x68fc5328; // 0x0
				return _t79;
			}
























                                                0x7ff668dd1bf0
                                                0x7ff668dd1bf0
                                                0x7ff668dd1c05
                                                0x7ff668dd1c1f
                                                0x7ff668dd1c24
                                                0x7ff668dd1c2f
                                                0x7ff668dd1c35
                                                0x7ff668dd1c40
                                                0x7ff668dd1c4c
                                                0x7ff668dd1c5b
                                                0x7ff668dd1c67
                                                0x7ff668dd1c75
                                                0x7ff668dd1c7d
                                                0x7ff668dd1c7f
                                                0x7ff668dd1c94
                                                0x7ff668dd1c99
                                                0x7ff668dd1cae
                                                0x7ff668dd1cb3
                                                0x7ff668dd1cc8
                                                0x7ff668dd1ccd
                                                0x7ff668dd1ce2
                                                0x7ff668dd1ce7
                                                0x7ff668dd1cfc
                                                0x7ff668dd1d01
                                                0x7ff668dd1d16
                                                0x7ff668dd1d1b
                                                0x7ff668dd1d30
                                                0x7ff668dd1d35
                                                0x7ff668dd1d4a
                                                0x7ff668dd1d4f
                                                0x7ff668dd1d64
                                                0x7ff668dd1d69
                                                0x7ff668dd1d7e
                                                0x7ff668dd1d83
                                                0x7ff668dd1d98
                                                0x7ff668dd1d9d
                                                0x7ff668dd1db2
                                                0x7ff668dd1db7
                                                0x7ff668dd1ddf
                                                0x7ff668dd1df9
                                                0x7ff668dd1dfe
                                                0x7ff668dd1e09
                                                0x7ff668dd1e0f
                                                0x7ff668dd1e24
                                                0x7ff668dd1e29
                                                0x7ff668dd1e3e
                                                0x7ff668dd1e43
                                                0x7ff668dd1e58
                                                0x7ff668dd1e68
                                                0x7ff668dd1e8c
                                                0x7ff668dd1e8e
                                                0x7ff668dd1e99
                                                0x7ff668dd1e9b
                                                0x7ff668dd1ea6
                                                0x7ff668dd1ea8
                                                0x7ff668dd1eb3
                                                0x7ff668dd1ebe
                                                0x7ff668dd1eca
                                                0x7ff668dd1ed9
                                                0x7ff668dd1eeb
                                                0x7ff668dd1ef1
                                                0x7ff668dd1efb
                                                0x7ff668dd1f05
                                                0x7ff668dd1f07
                                                0x7ff668dd1f12
                                                0x7ff668dd1f14
                                                0x7ff668dd1f27
                                                0x7ff668dd1f2d
                                                0x7ff668dd1f3a

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead$Local$AllocFree
                                                • String ID: kernel32.dll$ntdll.dll
                                                • API String ID: 717885523-3159745453
                                                • Opcode ID: 998cc24c448d6d7a9d033fd16c886eeed0027b4876a95e5abcfe6c7839b516bb
                                                • Instruction ID: b402f1738790725b4ea0ed7967b10586010349572a688813df8d5bf306897e34
                                                • Opcode Fuzzy Hash: 998cc24c448d6d7a9d033fd16c886eeed0027b4876a95e5abcfe6c7839b516bb
                                                • Instruction Fuzzy Hash: 76812971A1CA86D5EA209B31E8943FAA370FF90784F404232D54D8B6A6CF7DE149CF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DF89AF Relevance: 6.0, APIs: 4, Instructions: 49sleepthreadCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 26%
                                                			E00007FF67FF668DF89AF(signed int __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __esp, signed int* __rax, intOrPtr* __rcx, intOrPtr* __rdi, void* __rbp, void* __r9, long long _a32, void* _a40, intOrPtr _a44, char _a48, int _a56, long long _a64, intOrPtr _a72, char _a88, char _a376, char _a400, signed int _a424, signed int _a428, signed int _a432, void* _a448, intOrPtr _a496, intOrPtr _a696, long long _a1656, signed int _a1664, char _a1672, signed int _a1680, signed int _a1684, char _a1688, char _a1696, signed int _a1704, signed int _a1708, char _a1712, signed int _a1720, long _a1724, long _a1728, void* _a1736, intOrPtr _a1784, signed int _a1984, intOrPtr _a2992, long long _a3000, void* _a3028, void* _a3040, long long _a3064) {
				signed int _t107;
				intOrPtr _t126;
				long _t127;
				long long _t193;
				signed int _t195;

				_t107 = __eax & 0x000000b0 |  *__rax;
				 *__rcx =  *__rcx + __ebx;
				 *__rax =  *__rax + _t107;
				 *__rdi =  *__rdi + __ecx;
				asm("invalid");
				 *__rax =  *__rax + _t107;
				asm("adc eax, 0x1527b9");
				_a428 = _t107;
				E00007FF67FF668DDBCC0();
				_a432 = _t107;
				if (_a432 == 0) goto 0x68df8a03;
				if (GetTickCount() - _a428 - _a432 >= 0) goto 0x68df8a83;
				_a496 = 0x100001;
				_a3000 = _a376 + _a424 * 8;
				if (GetThreadContext(??, ??) == 0) goto 0x68df8a71;
				if (_a696 -  *((intOrPtr*)(_a56 + 0x10)) <= 0) goto 0x68df8a71;
				if (_a696 -  *((intOrPtr*)(_a56 + 0x10)) + 5 < 0) goto 0x68df8a73;
				goto 0x68df8a83;
				Sleep(??);
				goto 0x68df89df;
				CloseHandle(??);
				goto 0x68df898e;
				E00007FF67FF668DD58C0( &_a376);
				E00007FF67FF668DD5730( &_a400);
				r8d = 6;
				if (E00007FF67FF668DF9C70(_a56 + 0x1e,  *((intOrPtr*)(_a56 + 0x10))) != 0) goto 0x68df8b19;
				memcpy(__edi, __esi, 6);
				_t193 =  *((intOrPtr*)(_a44 + 0x10));
				memcpy(__esi + 0xc, __esi, 6);
				GetCurrentProcess();
				r8d = 6;
				FlushInstructionCache(??, ??, ??);
				if (_a72 == 0) goto 0x68df8d5c;
				E00007FF67FF668DDDB30(0, _t193, 0x68f618b0);
				_a1656 = _t193;
				_t195 = _a1656 + _a1656 + 0xe;
				_a1664 = _t195;
				_a1696 = 0;
				_a1704 = 0;
				_a1708 = 0;
				_a1712 = 0;
				_a1672 = 0;
				_a1680 = 0;
				_a1684 = 0;
				_a1688 = 0;
				if ((E00007FF67FF668DD4CE0(1, __esi + 0xc, __esi, __esp + 0x18, _t195,  &_a1696,  &_a1672) & 0x000000ff) == 0) goto 0x68df8d42;
				_a1720 = 0;
				goto 0x68df8c0c;
				_a1720 = _a1720 + 1;
				_a2992 = _a1680;
				_t126 = _a2992;
				if (_a1720 - _t126 >= 0) goto 0x68df8d42;
				 *_t195 =  *_t195 + _t126;
				_t127 = GetTickCount();
				_a1724 = _t127;
				E00007FF67FF668DDBCC0();
				_a1728 = _t127;
				if (_a1728 == 0) goto 0x68df8c70;
				if (GetTickCount() - _a1724 - _a1728 >= 0) goto 0x68df8d23;
				_a1784 = 0x100001;
				_a3000 = _a1672 + _a1720 * 8;
				if (GetThreadContext(??, ??) == 0) goto 0x68df8d11;
				if (_a1984 ==  *((intOrPtr*)(_a32 + 0x10))) goto 0x68df8d13;
				if (_a1984 - _a1656 < 0) goto 0x68df8cef;
				if (_a1984 - _a1656 + 0xa <= 0) goto 0x68df8d13;
				if ((_a1984 & 0xffff0000) == (_a1664 & 0xffff0000)) goto 0x68df8d13;
				goto 0x68df8d23;
				Sleep(??);
				goto 0x68df8c4c;
				CloseHandle(??);
				goto 0x68df8bfb;
				E00007FF67FF668DD58C0( &_a1672);
				E00007FF67FF668DD5730( &_a1696);
				r8d = _a56;
				VirtualProtect(??, ??, ??, ??);
				if (_a72 == 0) goto 0x68df8d98;
				E00007FF67FF668DF8690(_a32, _a3064,  &_a48, _a64);
				return E00007FF67FF668DF0A60( &_a88);
			}








                                                0x7ff668df89b1
                                                0x7ff668df89b3
                                                0x7ff668df89b8
                                                0x7ff668df89ba
                                                0x7ff668df89bc
                                                0x7ff668df89be
                                                0x7ff668df89c2
                                                0x7ff668df89c7
                                                0x7ff668df89d3
                                                0x7ff668df89d8
                                                0x7ff668df89e7
                                                0x7ff668df89fd
                                                0x7ff668df8a03
                                                0x7ff668df8a22
                                                0x7ff668df8a45
                                                0x7ff668df8a58
                                                0x7ff668df8a6f
                                                0x7ff668df8a71
                                                0x7ff668df8a78
                                                0x7ff668df8a7e
                                                0x7ff668df8a97
                                                0x7ff668df8a9d
                                                0x7ff668df8aaa
                                                0x7ff668df8ab7
                                                0x7ff668df8ac5
                                                0x7ff668df8ade
                                                0x7ff668df8af9
                                                0x7ff668df8b00
                                                0x7ff668df8b17
                                                0x7ff668df8b19
                                                0x7ff668df8b1f
                                                0x7ff668df8b31
                                                0x7ff668df8b3c
                                                0x7ff668df8b4b
                                                0x7ff668df8b50
                                                0x7ff668df8b6b
                                                0x7ff668df8b70
                                                0x7ff668df8b78
                                                0x7ff668df8b84
                                                0x7ff668df8b8f
                                                0x7ff668df8b9a
                                                0x7ff668df8ba2
                                                0x7ff668df8bae
                                                0x7ff668df8bb9
                                                0x7ff668df8bc4
                                                0x7ff668df8be8
                                                0x7ff668df8bee
                                                0x7ff668df8bf9
                                                0x7ff668df8c05
                                                0x7ff668df8c13
                                                0x7ff668df8c1a
                                                0x7ff668df8c28
                                                0x7ff668df8c2c
                                                0x7ff668df8c2e
                                                0x7ff668df8c34
                                                0x7ff668df8c40
                                                0x7ff668df8c45
                                                0x7ff668df8c54
                                                0x7ff668df8c6a
                                                0x7ff668df8c70
                                                0x7ff668df8c8f
                                                0x7ff668df8cb2
                                                0x7ff668df8cc5
                                                0x7ff668df8cd7
                                                0x7ff668df8ced
                                                0x7ff668df8d0f
                                                0x7ff668df8d11
                                                0x7ff668df8d18
                                                0x7ff668df8d1e
                                                0x7ff668df8d37
                                                0x7ff668df8d3d
                                                0x7ff668df8d4a
                                                0x7ff668df8d57
                                                0x7ff668df8d61
                                                0x7ff668df8d74
                                                0x7ff668df8d7f
                                                0x7ff668df8d93
                                                0x7ff668df8db0

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CloseContextCountHandleSleepThreadTick
                                                • String ID:
                                                • API String ID: 45847640-0
                                                • Opcode ID: bb295f9b9d7d93b3ab35d885043c7da7387ed547e0c5bd6d01c7d2637d89d4e4
                                                • Instruction ID: 6959975b502f26b61577b106edeaa9adde55a31ab809865018126685c61e2beb
                                                • Opcode Fuzzy Hash: bb295f9b9d7d93b3ab35d885043c7da7387ed547e0c5bd6d01c7d2637d89d4e4
                                                • Instruction Fuzzy Hash: 7521EA32A4DBC5C6E7618B36E0842AE77B0EBD4B44F140536CA8E877A5CF3CD4459B16
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DF7C30 Relevance: 6.0, APIs: 4, Instructions: 40fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CloseFileHandleView$Unmap
                                                • String ID:
                                                • API String ID: 1018311036-0
                                                • Opcode ID: 4c7f45d36708ee3553738f09a00311d785f08d26b38b6e6e1b066e11d3094809
                                                • Instruction ID: 1a8534cc3c3e4a3d7316786a56963e725695f7504fd8c0ca5834deb60c36de38
                                                • Opcode Fuzzy Hash: 4c7f45d36708ee3553738f09a00311d785f08d26b38b6e6e1b066e11d3094809
                                                • Instruction Fuzzy Hash: E611C332618B89C1E7509F65E48432EB7B0FBC0B94F405121EA8E8BB65CF7CD888CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E9ECBC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00007FF67FF668E9ECBC(long long __rbx, long long _a32) {

				_a32 = __rbx;
			}



                                                0x7ff668e9ecbc

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                • String ID:
                                                • API String ID: 2933794660-0
                                                • Opcode ID: 77af2ee4facdfc8b74acc23840eb45991fbd9a2df6892ac059ff0ac9f6ad0322
                                                • Instruction ID: 0cdc900d6fa49a45460d9fb04977b41585769d2c1b54b7d797c796a365ada508
                                                • Opcode Fuzzy Hash: 77af2ee4facdfc8b74acc23840eb45991fbd9a2df6892ac059ff0ac9f6ad0322
                                                • Instruction Fuzzy Hash: 0D110A32A04B41CAEB109F71E8542B833B4FF597A8F041A31EA5D8B799DF7CD1948344
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DEEAA0 Relevance: 6.0, APIs: 4, Instructions: 28synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CriticalSection$EnterEventLeaveObjectSingleWait
                                                • String ID:
                                                • API String ID: 4060455350-0
                                                • Opcode ID: 0e4ff42b7b49c3680ffb6f9d93574a404551065e93a2882892b17a3a309b5670
                                                • Instruction ID: 7f69edc29ddf7cf9a1a02a647c28853485b2623d855622dba8ce27112cb58c42
                                                • Opcode Fuzzy Hash: 0e4ff42b7b49c3680ffb6f9d93574a404551065e93a2882892b17a3a309b5670
                                                • Instruction Fuzzy Hash: 2901CC3190C682C6E7209B36E94412E77B0FF99749F900175D58D8B766CF3CEA45DB18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668E11F10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 56%
                                                			E00007FF67FF668E11F10(void* __esi, void* __rcx, signed char* __rdx, long long __rdi, intOrPtr* __r8, intOrPtr* __r9, void* __r11) {
				void* __r15;
				signed int _t37;
				signed int _t39;
				signed int _t40;
				char _t42;
				intOrPtr _t44;
				signed int _t48;
				signed int _t58;
				signed long long _t70;
				signed char* _t72;
				signed char* _t75;
				intOrPtr* _t76;
				signed char* _t82;
				void* _t85;
				void* _t95;
				void* _t98;
				intOrPtr* _t99;
				intOrPtr* _t103;
				signed long long _t105;
				intOrPtr* _t113;
				intOrPtr* _t114;
				long long _t115;

				_t70 =  *0x68faa518; // 0x6f377a770bdc
				 *(_t105 + 0x460) = _t70 ^ _t105;
				_t115 =  *((intOrPtr*)(_t105 + 0x4d0));
				_t103 = __r9;
				_t113 =  *((intOrPtr*)(_t105 + 0x4d8));
				_t114 = __r8;
				_t75 = __rdx;
				_t104 = __rcx;
				if (__rdx != 0) goto 0x68e11f5c;
				goto 0x68e120a2;
				 *((long long*)(_t105 + 0x470)) = __rdi;
				_t37 =  *__rdx & 0x000000ff;
				 *(_t105 + 0x60 - __rdx + __rdx) = _t37;
				_t58 = _t37;
				if (_t58 != 0) goto 0x68e11f70;
				E00007FF67FF668E00FF0(_t37, _t105 + 0x60);
				_t72 = _t75;
				_t48 = _t72[_t105 + 0x60 - _t75] & 0x000000ff;
				if (_t58 != 0) goto 0x68e11fa6;
				if (_t48 != 0) goto 0x68e11f93;
				if (( *_t72 & 0x000000ff) - _t48 != 0) goto 0x68e12030;
				_t12 = _t104 + 0x410; // 0x412
				_t82 = _t12;
				_t95 = _t105 + 0x60 - _t82;
				_t39 =  *_t82 & 0x000000ff;
				 *(_t95 + _t82) = _t39;
				if (_t39 != 0) goto 0x68e11fc0;
				_t85 = _t105 + 0x60 - 1;
				if ( *((char*)(_t85 + 1)) != 0) goto 0x68e11fd6;
				asm("o16 nop [eax+eax]");
				_t40 = _t75[_t95] & 0x000000ff;
				 *(_t85 + 1 + _t95) = _t40;
				if (_t40 != 0) goto 0x68e11ff0;
				E00007FF67FF668E00FA0(_t40, _t75);
				if ( &(_t72[1]) != 0) goto 0x68e12030;
				_t98 = _t105 + 0x60 - 1;
				_t99 = _t98 + 1;
				if ( *((char*)(_t98 + 1)) != 0) goto 0x68e12014;
				_t42 = ".lcd"; // 0x64636c2e
				 *_t99 = _t42;
				 *((char*)(_t99 + 4)) =  *0x68f4e704 & 0x000000ff;
				 *((long long*)(_t105 + 0x30)) = _t113;
				 *_t115 = __rdi;
				 *((long long*)(_t105 + 0x28)) = _t115;
				 *_t113 = 0;
				 *((long long*)(_t105 + 0x20)) = _t105 + 0x40;
				_t44 = E00007FF67FF668E11180(0, __esi, __rcx, _t105 + 0x60, __rdi, __r8, __r9, __r11, _t115);
				if (_t44 != 1) goto 0x68e12095;
				_t76 =  *_t114;
				if ( *_t103 <= 0) goto 0x68e1208e;
				0x68e99a31();
				 *_t76 = _t44;
				0x68e99a31();
				 *((intOrPtr*)(_t76 + 4)) = _t44;
				if (1 -  *_t103 < 0) goto 0x68e12070;
				goto 0x68e1209a;
				return E00007FF67FF668E9D970(2,  *((intOrPtr*)(_t76 + 4)),  *(_t105 + 0x460) ^ _t105);
			}

























                                                0x7ff668e11f21
                                                0x7ff668e11f2b
                                                0x7ff668e11f33
                                                0x7ff668e11f3b
                                                0x7ff668e11f3e
                                                0x7ff668e11f46
                                                0x7ff668e11f49
                                                0x7ff668e11f4c
                                                0x7ff668e11f52
                                                0x7ff668e11f57
                                                0x7ff668e11f61
                                                0x7ff668e11f70
                                                0x7ff668e11f73
                                                0x7ff668e11f7a
                                                0x7ff668e11f7c
                                                0x7ff668e11f83
                                                0x7ff668e11f8d
                                                0x7ff668e11f96
                                                0x7ff668e11f9d
                                                0x7ff668e11fa4
                                                0x7ff668e11fa8
                                                0x7ff668e11fae
                                                0x7ff668e11fae
                                                0x7ff668e11fba
                                                0x7ff668e11fc0
                                                0x7ff668e11fc3
                                                0x7ff668e11fcc
                                                0x7ff668e11fd3
                                                0x7ff668e11fde
                                                0x7ff668e11fe6
                                                0x7ff668e11ff0
                                                0x7ff668e11ff4
                                                0x7ff668e11ffd
                                                0x7ff668e12002
                                                0x7ff668e1200a
                                                0x7ff668e12011
                                                0x7ff668e12018
                                                0x7ff668e1201c
                                                0x7ff668e1201e
                                                0x7ff668e12024
                                                0x7ff668e1202d
                                                0x7ff668e12032
                                                0x7ff668e1203c
                                                0x7ff668e1203f
                                                0x7ff668e1204c
                                                0x7ff668e12053
                                                0x7ff668e1205b
                                                0x7ff668e12063
                                                0x7ff668e12065
                                                0x7ff668e1206a
                                                0x7ff668e12072
                                                0x7ff668e1207a
                                                0x7ff668e1207c
                                                0x7ff668e12081
                                                0x7ff668e1208c
                                                0x7ff668e12093
                                                0x7ff668e120c2

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: htonl
                                                • String ID: .lcd
                                                • API String ID: 2009864989-611035248
                                                • Opcode ID: d2cfb138443e79d6c7008d5357f52a24bce9252dc91767551e6012dc186c3a05
                                                • Instruction ID: 50933bc8f8a698bdf78d04e2b067bdc1abc69e9515f2a13ed2b517a7f2623bcf
                                                • Opcode Fuzzy Hash: d2cfb138443e79d6c7008d5357f52a24bce9252dc91767551e6012dc186c3a05
                                                • Instruction Fuzzy Hash: 9F5159B261C785C5DB11CF35A4002B9B7A1FFAAB84F488132EA898B285DF3CE545C704
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668F33BE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 29%
                                                			E00007FF67FF668F33BE0(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, void* __r10, void* __r11, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF67FF668E9DD50(0x1470, __rax, __r10, __r11);
				_t62 =  *0x68faa518; // 0x6f377a770bdc
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0x68fc7330 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0x68f33d21;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0x68f33c8a;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0x68f33c76;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0x68f33c58;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FF67FF668F2E7C8();
				if (0 == 0) goto 0x68f33d19;
				if (0 == 0) goto 0x68f33d09;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x68f33d19;
				if (0 + _a24 < 0) goto 0x68f33cd6;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0x68f33c4d;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF67FF668E9D970(_t39, 0, _a5176 ^ _t91 - __rax);
			}












                                                0x7ff668f33be0
                                                0x7ff668f33be5
                                                0x7ff668f33bf7
                                                0x7ff668f33bff
                                                0x7ff668f33c09
                                                0x7ff668f33c1a
                                                0x7ff668f33c28
                                                0x7ff668f33c2c
                                                0x7ff668f33c44
                                                0x7ff668f33c4a
                                                0x7ff668f33c4d
                                                0x7ff668f33c53
                                                0x7ff668f33c5b
                                                0x7ff668f33c5d
                                                0x7ff668f33c68
                                                0x7ff668f33c6f
                                                0x7ff668f33c72
                                                0x7ff668f33c76
                                                0x7ff668f33c88
                                                0x7ff668f33c8a
                                                0x7ff668f33c95
                                                0x7ff668f33ca3
                                                0x7ff668f33cb6
                                                0x7ff668f33cbb
                                                0x7ff668f33cc5
                                                0x7ff668f33cce
                                                0x7ff668f33cd4
                                                0x7ff668f33cd6
                                                0x7ff668f33ceb
                                                0x7ff668f33cf4
                                                0x7ff668f33cff
                                                0x7ff668f33d07
                                                0x7ff668f33d0e
                                                0x7ff668f33d14
                                                0x7ff668f33d1f
                                                0x7ff668f33d4f

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorFileLastWrite
                                                • String ID: U
                                                • API String ID: 442123175-4171548499
                                                • Opcode ID: 5181fe9c76dc07c8090f7fa04b2dafe8ddda54c55065a05983861e02f3945e8b
                                                • Instruction ID: 0fe162c6e12f088f15a408c19889705fb3dcebfe3475df1b531fc6f0b386c032
                                                • Opcode Fuzzy Hash: 5181fe9c76dc07c8090f7fa04b2dafe8ddda54c55065a05983861e02f3945e8b
                                                • Instruction Fuzzy Hash: 1C418D72A18A85C6EB20DB35E4443AA67A0FB887D4F904031EA4ECB798DF7CD941C784
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DFFCB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF668DFF9FE), ref: 00007FF668DFFD53
                                                • VirtualFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF668DFF9FE), ref: 00007FF668DFFDA7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeProtect
                                                • String ID: (
                                                • API String ID: 2581862158-3887548279
                                                • Opcode ID: 244e426cc79385bdc3ffd5eac976e40456a9445cdf21a815c0edf1cada952a33
                                                • Instruction ID: 96d705bcf33d2e40441b204ef7e14216bfe6c61316355c5af4667542d499bd38
                                                • Opcode Fuzzy Hash: 244e426cc79385bdc3ffd5eac976e40456a9445cdf21a815c0edf1cada952a33
                                                • Instruction Fuzzy Hash: 5941B476619B44CACB90CF5AE49021EB7B0F7C8B90F015026EE8E97B68DFB8C445CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DD8A66 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59synchronizationCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00007FF67FF668DD8A66(intOrPtr _a60, signed int _a80, void* _a152, void* _a160, void* _a168, void* _a176, long long _a184, intOrPtr _a208) {
				void* _t92;
				void* _t95;
				void* _t96;

				_a80 = _a80 - 1;
				if (_a80 < 0) goto 0x68dd8baf;
				if (_a80 > 0) goto 0x68dd8a8e;
				if (_a60 - 1 <= 0) goto 0x68dd8baa;
				_a152 =  *((intOrPtr*)(_a208 + 0x80));
				if ( *((long long*)( *((intOrPtr*)( *_a152 + _a80 * 8)) + 0x18)) != 0) goto 0x68dd8baa;
				_a160 =  *((intOrPtr*)(_a208 + 0x80));
				_a168 =  *_a160 + _a80 * 8;
				if (GetTickCount() -  *((intOrPtr*)( *_a168 + 0x20)) - 0x64 <= 0) goto 0x68dd8baa;
				E00007FF67FF668DD7FE0(GetTickCount() -  *((intOrPtr*)( *_a168 + 0x20)), L"Dispatch thread: Removing idle thread from worker pool\n", _t92, _t95, _t96);
				_a176 =  *((intOrPtr*)(_a208 + 0x80));
				 *((intOrPtr*)( *((intOrPtr*)( *_a176 + _a80 * 8)) + 0x24)) = 1;
				_a184 =  *((intOrPtr*)(_a208 + 0x80));
				SetEvent(??);
				_a60 = _a60 - 1;
				E00007FF67FF668DDB7E0(_a80,  *((intOrPtr*)(_a208 + 0x80)));
				goto E00007FF67FF668DD8A66;
				goto 0x68dd875d;
				return 0;
			}






                                                0x7ff668dd8a6d
                                                0x7ff668dd8a76
                                                0x7ff668dd8a81
                                                0x7ff668dd8a88
                                                0x7ff668dd8a9d
                                                0x7ff668dd8abe
                                                0x7ff668dd8ad3
                                                0x7ff668dd8aef
                                                0x7ff668dd8b0e
                                                0x7ff668dd8b1b
                                                0x7ff668dd8b2f
                                                0x7ff668dd8b4b
                                                0x7ff668dd8b61
                                                0x7ff668dd8b81
                                                0x7ff668dd8b8e
                                                0x7ff668dd8ba5
                                                0x7ff668dd8baa
                                                0x7ff668dd8baf
                                                0x7ff668dd8bbd

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: CountEventObjectSingleTickWait
                                                • String ID: Dispatch thread: Removing idle thread from worker pool
                                                • API String ID: 3443438707-3158692423
                                                • Opcode ID: 41be7355ebdc905bceea3064fb23f8db78a0d746a99581492f07a1226178dbf6
                                                • Instruction ID: 61cae0d39374251ead02dcc513fed8987903803a0c8fe20dc8cb57b461729923
                                                • Opcode Fuzzy Hash: 41be7355ebdc905bceea3064fb23f8db78a0d746a99581492f07a1226178dbf6
                                                • Instruction Fuzzy Hash: A131B836608B89C9DB60CB69E48436EB770FBC8B44F115526DE8D87B68CF79D048CB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00007FF668DEEBC0 Relevance: 5.2, APIs: 4, Instructions: 151memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 39%
                                                			E00007FF67FF668DEEBC0(signed long long __rax, long long __rcx, long long __rdx, long long __r9, long long _a8, long long _a16, intOrPtr _a24, long long _a32, signed int _a40, intOrPtr _a48, long long _a56, long long _a64) {
				signed int _v20;
				signed int _v24;
				signed int _v28;
				long _v32;
				signed int* _v40;
				void* _v48;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				signed int* _v72;
				intOrPtr _v88;
				signed int _t111;
				signed long long _t149;
				signed long long _t153;
				signed long long _t154;
				signed int* _t158;
				signed int* _t159;
				long long _t173;

				_t149 = __rax;
				_a32 = __r9;
				_a24 = r8d;
				_a16 = __rdx;
				_a8 = __rcx;
				if (_a56 == 0) goto 0x68deebf6;
				_v24 = E00007FF67FF668F19C38(__rax, _a56, __r9);
				goto 0x68deebfe;
				_v24 = 0;
				_v60 = _v24;
				if (_a64 == 0) goto 0x68deec24;
				_t173 = _a64;
				_v20 = E00007FF67FF668F19C38(_t149, _t173, __r9);
				goto 0x68deec2c;
				_v20 = 0;
				_v56 = _v20;
				_v64 = _a24;
				LocalAlloc(??, ??);
				_v48 = _t173 + 0x2b6 + _t149 * 4 + _t173 + 4;
				if (_v48 == 0) goto 0x68deee7e;
				_v28 = 0;
				 *_v48 = _v64;
				_t153 = _v48;
				 *((intOrPtr*)(_t153 + 0x18)) = _a24;
				_t154 = _t153 << 2;
				0x68ed0c80();
				_t41 = _t154 * 4; // 0x1c
				_v72 = _v48 + _t41 + 0x1c;
				 *_v72 = _v60 << 1;
				_v72[0xb] = _a40;
				_t158 = _v72;
				 *((intOrPtr*)(_t158 + 0x30)) = _a48;
				E00007FF67FF668DDBCC0();
				if (_t158 != 0) goto 0x68deed3c;
				_t159 = _v72;
				_v72[0xc] =  *(_t159 + 0x30) | 0x10000000;
				E00007FF67FF668DDBCC0();
				if (_t159 == 0) goto 0x68deed60;
				_t111 = _v72[0xc] | 0x20000000;
				_v72[0xc] = _t111;
				E00007FF67FF668DDBCC0();
				_v72[0xd] = _t111 + 0x10000;
				E00007FF67FF668F1A118( &(_v72[0x22]), _a32);
				_v72[0xa4] = _v60;
				_v72[0xa5] = _v56;
				_v40 =  &(_v72[0xa6]);
				if (_a56 == 0) goto 0x68deeddf;
				E00007FF67FF668F1A118(_v40, _a56);
				goto 0x68deede9;
				 *_v40 = 0;
				_v40 = _v72 +  &(_v72[0xa6]);
				if (_a64 == 0) goto 0x68deee29;
				E00007FF67FF668F1A118(_v40, _a64);
				goto 0x68deee33;
				 *_v40 = 0;
				_v88 = 0;
				r9d = 0;
				_v28 = E00007FF67FF668DED7D0(0x22e018, _v40, _a8, _v48, __r9);
				_v32 = GetLastError();
				LocalFree(??);
				SetLastError(??);
				goto 0x68deee80;
				return 0;
			}





















                                                0x7ff668deebc0
                                                0x7ff668deebc0
                                                0x7ff668deebc5
                                                0x7ff668deebca
                                                0x7ff668deebcf
                                                0x7ff668deebe1
                                                0x7ff668deebf0
                                                0x7ff668deebf4
                                                0x7ff668deebf6
                                                0x7ff668deec02
                                                0x7ff668deec0f
                                                0x7ff668deec11
                                                0x7ff668deec1e
                                                0x7ff668deec22
                                                0x7ff668deec24
                                                0x7ff668deec30
                                                0x7ff668deec58
                                                0x7ff668deec68
                                                0x7ff668deec6e
                                                0x7ff668deec79
                                                0x7ff668deec7f
                                                0x7ff668deec90
                                                0x7ff668deec92
                                                0x7ff668deec9e
                                                0x7ff668deeca8
                                                0x7ff668deecc0
                                                0x7ff668deecd1
                                                0x7ff668deecd6
                                                0x7ff668deecf8
                                                0x7ff668deed06
                                                0x7ff668deed09
                                                0x7ff668deed15
                                                0x7ff668deed1d
                                                0x7ff668deed25
                                                0x7ff668deed27
                                                0x7ff668deed39
                                                0x7ff668deed41
                                                0x7ff668deed49
                                                0x7ff668deed53
                                                0x7ff668deed5d
                                                0x7ff668deed65
                                                0x7ff668deed74
                                                0x7ff668deed8d
                                                0x7ff668deed9b
                                                0x7ff668deedaa
                                                0x7ff668deedbb
                                                0x7ff668deedc9
                                                0x7ff668deedd8
                                                0x7ff668deeddd
                                                0x7ff668deede4
                                                0x7ff668deee05
                                                0x7ff668deee13
                                                0x7ff668deee22
                                                0x7ff668deee27
                                                0x7ff668deee2e
                                                0x7ff668deee33
                                                0x7ff668deee3b
                                                0x7ff668deee55
                                                0x7ff668deee5f
                                                0x7ff668deee68
                                                0x7ff668deee72
                                                0x7ff668deee7c
                                                0x7ff668deee84

                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000D.00000002.3721276167.00007FF668DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF668DD0000, based on PE: true
                                                • Associated: 0000000D.00000002.3721240026.00007FF668DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723165095.00007FF668F4B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723582019.00007FF668F99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723611563.00007FF668F9A000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723659863.00007FF668FA2000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FAA000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FBC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723730796.00007FF668FC5000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                • Associated: 0000000D.00000002.3723850988.00007FF668FC8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_13_2_7ff668dd0000_FileOpenBroker64.jbxd
                                                Similarity
                                                • API ID: ErrorLastLocal$AllocFree
                                                • String ID:
                                                • API String ID: 1353762364-0
                                                • Opcode ID: 155372afdabd6726051a2013cb0283edf9a33c57e4916a9d9a3ca47a15569d45
                                                • Instruction ID: 25398b05b7e20be3450cda3e93e73d3ed399c3dca65b29d7957b769802c6ee14
                                                • Opcode Fuzzy Hash: 155372afdabd6726051a2013cb0283edf9a33c57e4916a9d9a3ca47a15569d45
                                                • Instruction Fuzzy Hash: 5881F576618785CAD764DB29E09476EB7B0FBC8784F005129EA8E87BA9CF3CD405CB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%